From: Dr. Stephen Henson Date: Thu, 14 Jan 2016 00:25:25 +0000 (+0000) Subject: To avoid possible time_t overflow use X509_time_adj_ex() X-Git-Tag: OpenSSL_1_0_2f~16 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=e254d12c439c3e50dfccc98e3414c3e1849792f5;p=oweals%2Fopenssl.git To avoid possible time_t overflow use X509_time_adj_ex() Reviewed-by: Viktor Dukhovni (cherry picked from commit 9aa00b187a65b1f30789d6274ec31ea86efe7973) Conflicts: apps/x509.c --- diff --git a/apps/ocsp.c b/apps/ocsp.c index 6ed255d4b5..5da51df514 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -1041,7 +1041,7 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, bs = OCSP_BASICRESP_new(); thisupd = X509_gmtime_adj(NULL, 0); if (ndays != -1) - nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24); + nextupd = X509_time_adj_ex(NULL, ndays, nmin * 60, NULL); /* Examine each certificate id in the request */ for (i = 0; i < id_count; i++) { diff --git a/apps/x509.c b/apps/x509.c index 864a60dda2..7c215bced0 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -1226,12 +1226,7 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL) goto err; - /* Lets just make it 12:00am GMT, Jan 1 1970 */ - /* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */ - /* 28 days to be certified */ - - if (X509_gmtime_adj(X509_get_notAfter(x), (long)60 * 60 * 24 * days) == - NULL) + if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL) goto err; if (!X509_set_pubkey(x, pkey))