To avoid possible time_t overflow use X509_time_adj_ex()

Reviewed-by: N Viktor Dukhovni <viktor@openssl.org>

To avoid possible time_t overflow use X509_time_adj_ex()
Reviewed-by: N Viktor Dukhovni <viktor@openssl.org>
9aa00b18 · Dr. Stephen Henson · b098dcae · 9aa00b18 · 9aa00b18
显示空白变更内容
内联并排

Showing with 2 addition and 3 deletion

apps/ocsp.c apps/ocsp.c +1 -1

apps/x509.c apps/x509.c +1 -2

未找到文件。
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -914,7 +914,7 @@ static void make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req,
    bs = OCSP_BASICRESP_new();
    thisupd = X509_gmtime_adj(NULL, 0);
    if (ndays != -1)
-        nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24);
+        nextupd = X509_time_adj_ex(NULL, ndays, nmin * 60, NULL);

    /* Examine each certificate id in the request */
    for (i = 0; i < id_count; i++) {

--- a/apps/x509.c
+++ b/apps/x509.c
@@ -1101,8 +1101,7 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
    if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL)
        goto err;

-    if (X509_gmtime_adj(X509_get_notAfter(x), (long)60 * 60 * 24 * days) ==
-        NULL)
+    if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL)
        goto err;

    if (!X509_set_pubkey(x, pkey))