From 7a77b6d9906232321156a21ccde2d05fd505536e Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Tue, 6 Oct 2020 23:51:06 -0500 Subject: [PATCH] rename wolfSSL_get_ocsp_producedDate(WOLFSSL *, struct tm *) to wolfSSL_get_ocsp_producedDate_tm(), and add wolfSSL_get_ocsp_producedDate() accessing the raw ASN.1 producedDate; fix location of prototypes in ssl.h to obtain proper conditionalization; omit frivolous nullness test on ssl->ocspProducedDate (always true). --- examples/client/client.c | 2 +- src/ssl.c | 35 +++++++++++++++++++++++++++++------ wolfssl/ssl.h | 14 ++++++++++---- 3 files changed, 40 insertions(+), 11 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index 362f4c8e5..e5463a04c 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -3011,7 +3011,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) { struct tm tm; char date[32]; - ret = wolfSSL_get_ocsp_producedDate(ssl, &tm); + ret = wolfSSL_get_ocsp_producedDate_tm(ssl, &tm); if ((ret == 0) && (strftime(date, sizeof date, "%Y-%m-%d %H:%M:%S %z",&tm) > 0)) printf("OCSP response timestamp: %s\n",date); } diff --git a/src/ssl.c b/src/ssl.c index e394c8879..dcfb92849 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -44135,16 +44135,39 @@ int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url) #endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ #ifdef HAVE_OCSP -int wolfSSL_get_ocsp_producedDate(WOLFSSL *ssl, struct tm *producedTime) { - int idx = 0; - - if ((producedTime == NULL) || (ssl->ocspProducedDate == NULL)) - return BAD_FUNC_ARG; +int wolfSSL_get_ocsp_producedDate( + WOLFSSL *ssl, + byte *producedDate, + size_t producedDate_space, + int *producedDateFormat) +{ if ((ssl->ocspProducedDateFormat != ASN_UTC_TIME) && (ssl->ocspProducedDateFormat != ASN_GENERALIZED_TIME)) return BAD_FUNC_ARG; - if (ExtractDate(ssl->ocspProducedDate, ssl->ocspProducedDateFormat, producedTime, &idx)) + if ((producedDate == NULL) || (producedDateFormat == NULL)) + return BAD_FUNC_ARG; + + if (XSTRLEN((char *)ssl->ocspProducedDate) >= producedDate_space) + return BUFFER_E; + + XSTRNCPY((char *)producedDate, (const char *)ssl->ocspProducedDate, producedDate_space); + *producedDateFormat = ssl->ocspProducedDateFormat; + + return 0; +} + +int wolfSSL_get_ocsp_producedDate_tm(WOLFSSL *ssl, struct tm *produced_tm) { + int idx = 0; + + if ((ssl->ocspProducedDateFormat != ASN_UTC_TIME) && + (ssl->ocspProducedDateFormat != ASN_GENERALIZED_TIME)) + return BAD_FUNC_ARG; + + if (produced_tm == NULL) + return BAD_FUNC_ARG; + + if (ExtractDate(ssl->ocspProducedDate, ssl->ocspProducedDateFormat, produced_tm, &idx)) return 0; else return ASN_PARSE_E; diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 2eb91ec85..358875604 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -3735,6 +3735,16 @@ WOLFSSL_API void *wolfSSL_OPENSSL_memdup(const void *data, WOLFSSL_API void wolfSSL_ERR_load_BIO_strings(void); #endif +#ifdef HAVE_OCSP + WOLFSSL_API int wolfSSL_get_ocsp_producedDate( + WOLFSSL *ssl, + byte *producedDate, + size_t producedDate_space, + int *producedDateFormat); + WOLFSSL_API int wolfSSL_get_ocsp_producedDate_tm(WOLFSSL *ssl, + struct tm *produced_tm); +#endif + #if defined(OPENSSL_ALL) \ || defined(WOLFSSL_NGINX) \ || defined(WOLFSSL_HAPROXY) \ @@ -3791,10 +3801,6 @@ WOLFSSL_API int wolfSSL_CTX_set_tlsext_ticket_key_cb(WOLFSSL_CTX *, int (*)( WOLFSSL_EVP_CIPHER_CTX *ectx, WOLFSSL_HMAC_CTX *hctx, int enc)); #endif -#ifdef HAVE_OCSP - WOLFSSL_API int wolfSSL_get_ocsp_producedDate(WOLFSSL *ssl, struct tm *producedTime); -#endif - #if defined(HAVE_OCSP) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \ defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) WOLFSSL_API int wolfSSL_CTX_get_extra_chain_certs(WOLFSSL_CTX* ctx,