diff options
author | djm@openbsd.org <djm@openbsd.org> | 2022-08-11 01:56:51 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2022-08-11 12:00:49 +1000 |
commit | ec1ddb72a146fd66d18df9cd423517453a5d8044 (patch) | |
tree | e719fdf106901824ed54e315a7ec0777140b49b4 /misc.c | |
parent | 4df246ec75751da7eb925e1880498300d8bda187 (diff) | |
download | openssh-git-ec1ddb72a146fd66d18df9cd423517453a5d8044.tar.gz |
upstream: allow certificate validity intervals, sshsig verification
times and authorized_keys expiry-time options to accept dates in the UTC time
zone in addition to the default of interpreting them in the system time zone.
YYYYMMDD and YYMMDDHHMM[SS] dates/times will be interpreted as UTC if
suffixed with a 'Z' character.
Also allow certificate validity intervals to be specified in raw
seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This
is intended for use by regress tests and other tools that call
ssh-keygen as part of a CA workflow.
bz3468 ok dtucker
OpenBSD-Commit-ID: 454db1cdffa9fa346aea5211223a2ce0588dfe13
Diffstat (limited to 'misc.c')
-rw-r--r-- | misc.c | 26 |
1 files changed, 21 insertions, 5 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.176 2022/06/03 04:30:47 djm Exp $ */ +/* $OpenBSD: misc.c,v 1.177 2022/08/11 01:56:51 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005-2020 Damien Miller. All rights reserved. @@ -2399,15 +2399,26 @@ parse_absolute_time(const char *s, uint64_t *tp) struct tm tm; time_t tt; char buf[32], *fmt; + const char *cp; + size_t l; + int is_utc = 0; *tp = 0; + l = strlen(s); + if (l > 1 && strcasecmp(s + l - 1, "Z") == 0) { + is_utc = 1; + l--; + } else if (l > 3 && strcasecmp(s + l - 3, "UTC") == 0) { + is_utc = 1; + l -= 3; + } /* * POSIX strptime says "The application shall ensure that there * is white-space or other non-alphanumeric characters between * any two conversion specifications" so arrange things this way. */ - switch (strlen(s)) { + switch (l) { case 8: /* YYYYMMDD */ fmt = "%Y-%m-%d"; snprintf(buf, sizeof(buf), "%.4s-%.2s-%.2s", s, s + 4, s + 6); @@ -2427,10 +2438,15 @@ parse_absolute_time(const char *s, uint64_t *tp) } memset(&tm, 0, sizeof(tm)); - if (strptime(buf, fmt, &tm) == NULL) - return SSH_ERR_INVALID_FORMAT; - if ((tt = mktime(&tm)) < 0) + if ((cp = strptime(buf, fmt, &tm)) == NULL || *cp != '\0') return SSH_ERR_INVALID_FORMAT; + if (is_utc) { + if ((tt = timegm(&tm)) < 0) + return SSH_ERR_INVALID_FORMAT; + } else { + if ((tt = mktime(&tm)) < 0) + return SSH_ERR_INVALID_FORMAT; + } /* success */ *tp = (uint64_t)tt; return 0; |