summaryrefslogtreecommitdiff
path: root/crypto/asymmetric_keys/x509_parser.h
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2015-07-29 18:58:32 +0300
committerDavid Howells <dhowells@redhat.com>2015-08-12 19:01:01 +0300
commitfd19a3d195be23e8d9d0d66576b96ea25eea8323 (patch)
tree6286e4d04f00f846fd7f1c409aa118b12756ea26 /crypto/asymmetric_keys/x509_parser.h
parent770f2b98760ef0500183d7206724aac762433e2d (diff)
downloadlinux-fd19a3d195be23e8d9d0d66576b96ea25eea8323.tar.xz
PKCS#7: Improve and export the X.509 ASN.1 time object decoder
Make the X.509 ASN.1 time object decoder fill in a time64_t rather than a struct tm to make comparison easier (unfortunately, this makes readable display less easy) and export it so that it can be used by the PKCS#7 code too. Further, tighten up its parsing to reject invalid dates (eg. weird characters, non-existent hour numbers) and unsupported dates (eg. timezones other than 'Z' or dates earlier than 1970). Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: David Woodhouse <David.Woodhouse@intel.com>
Diffstat (limited to 'crypto/asymmetric_keys/x509_parser.h')
-rw-r--r--crypto/asymmetric_keys/x509_parser.h7
1 files changed, 5 insertions, 2 deletions
diff --git a/crypto/asymmetric_keys/x509_parser.h b/crypto/asymmetric_keys/x509_parser.h
index dcdb5c94f514..1de01eaec884 100644
--- a/crypto/asymmetric_keys/x509_parser.h
+++ b/crypto/asymmetric_keys/x509_parser.h
@@ -23,8 +23,8 @@ struct x509_certificate {
struct asymmetric_key_id *skid; /* Subject + subjectKeyId (optional) */
struct asymmetric_key_id *akid_id; /* CA AuthKeyId matching ->id (optional) */
struct asymmetric_key_id *akid_skid; /* CA AuthKeyId matching ->skid (optional) */
- struct tm valid_from;
- struct tm valid_to;
+ time64_t valid_from;
+ time64_t valid_to;
const void *tbs; /* Signed data */
unsigned tbs_size; /* Size of signed data */
unsigned raw_sig_size; /* Size of sigature */
@@ -49,6 +49,9 @@ struct x509_certificate {
*/
extern void x509_free_certificate(struct x509_certificate *cert);
extern struct x509_certificate *x509_cert_parse(const void *data, size_t datalen);
+extern int x509_decode_time(time64_t *_t, size_t hdrlen,
+ unsigned char tag,
+ const unsigned char *value, size_t vlen);
/*
* x509_public_key.c