From 00cebd11317344989aeb9025202c2536b1490856 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 14 Jan 2016 00:25:25 +0000 Subject: [PATCH] To avoid possible time_t overflow use X509_time_adj_ex() Reviewed-by: Viktor Dukhovni (cherry picked from commit 9aa00b187a65b1f30789d6274ec31ea86efe7973) Conflicts: apps/x509.c --- apps/ocsp.c | 2 +- apps/x509.c | 7 +------ 2 files changed, 2 insertions(+), 7 deletions(-) diff --git a/apps/ocsp.c b/apps/ocsp.c index 9fd9568825..bb420c2ecd 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -1003,7 +1003,7 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, bs = OCSP_BASICRESP_new(); thisupd = X509_gmtime_adj(NULL, 0); if (ndays != -1) - nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24); + nextupd = X509_time_adj_ex(NULL, ndays, nmin * 60, NULL); /* Examine each certificate id in the request */ for (i = 0; i < id_count; i++) { diff --git a/apps/x509.c b/apps/x509.c index 929359b0da..e5fe61087a 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -1170,12 +1170,7 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL) goto err; - /* Lets just make it 12:00am GMT, Jan 1 1970 */ - /* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */ - /* 28 days to be certified */ - - if (X509_gmtime_adj(X509_get_notAfter(x), (long)60 * 60 * 24 * days) == - NULL) + if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL) goto err; if (!X509_set_pubkey(x, pkey)) -- 2.25.1