Bug in crypto/x509/x509_vfy.c:X509_cmp_time() ?

Fri, 16 Sep 2011 06:57:40 -0700 

Hello,

might have found a little bug in X509_cmp_time().

According to X.680 (section 43.3, 07/2002 issue), the following UTCTime 
representations refer to the same point in time:

    8201021200Z

    8201020700-0500

(namely, 12 noon UTC on 2nd January 1982)

That very same point in time is "378820800 seconds since the epoch":

$ date -u -r 378820800
Sat Jan  2 12:00:00 UTC 1982

So I tried the following code snippet:

-----[cut]-----
int secs_since_epoch;


ASN1_TIME *test_time_UTC   = ASN1_TIME_new();
ASN1_TIME *test_time_local = ASN1_TIME_new();

ASN1_UTCTIME_set_string(test_time_UTC,   "8201021200Z");
ASN1_UTCTIME_set_string(test_time_local, "8201020700-0500");

secs_since_epoch = 378820800;

printf("test result UTC:                  %d\n", X509_cmp_time(test_time_UTC, 
&secs_since_epoch));
secs_since_epoch--;
printf("test result UTC (minus one sec.): %d\n\n", X509_cmp_time(test_time_UTC, 
&secs_since_epoch));


secs_since_epoch = 378820800;

printf("test result local:                  %d\n", 
X509_cmp_time(test_time_local, &secs_since_epoch));
secs_since_epoch--;
printf("test result local (minus one sec.): %d\n", 
X509_cmp_time(test_time_local, &secs_since_epoch));

-----[cut again]-----

Results:

test result UTC:                  -1
test result UTC (minus one sec.): 1

test result local:                  -1
test result local (minus one sec.): -1

So one sees that in the first case, X509_cmp_time() regards "8201021200Z" and 
"378820800 secs" as identical. (X509_cmp_time() will never return "0" for 
"identical", so by changing one of the operands by one second, one can see the 
change from "smaller than" to "larger than", so that's good enough in terms of 
"identical".)

Interestingly, "8201020700-0500", which is the very same point in time, is not 
regarded as identical to "378820800 secs". So something's obviously going wrong.


The following change to x509/x509_vfy.c (line numbers according to released 
0.9.8r) ... 

--- x509_vfy_orig.c
+++ x509_vfy.c
@@ -1097,7 +1097,7 @@
        atm.length=sizeof(buff2);
        atm.data=(unsigned char *)buff2;
 
-       if (X509_time_adj(&atm,-offset*60, cmp_time) == NULL)
+       if (X509_time_adj(&atm,offset*60, cmp_time) == NULL)
                return 0;
 
        if (ctm->type == V_ASN1_UTCTIME)


... seems to fix the problem. It makes sure the time string built for later 
comparison gets corrected in the other direction.


Umm, actually really seems like a bug to me. What to do now? (I'm new to this 
list. :-))


Thanks, best regards,

  Christoph

-- 
 [email protected]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [email protected]
Automated List Manager                           [email protected]

Reply via email to