[crypto] Accept UTCTime/GeneralizedTime with no "seconds" field

Signed-off-by: Michael Brown <mcb30@ipxe.org>
author: Michael Brown 2012-05-22 00:20:03 +0200
committer: Michael Brown 2012-05-22 00:21:36 +0200
commit: f20c3742e713092ee04cdfd1aa65d5d640be6a77 (patch)
tree: 4e15d5f178ff974456f8ed79e98832a9ea973f4a /src/crypto
parent: [test] Add self-tests for base64 (diff)
download: ipxe-f20c3742e713092ee04cdfd1aa65d5d640be6a77.tar.gz
ipxe-f20c3742e713092ee04cdfd1aa65d5d640be6a77.tar.xz
ipxe-f20c3742e713092ee04cdfd1aa65d5d640be6a77.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/src/crypto/asn1.c b/src/crypto/asn1.c
index 5fc37849..462885f3 100644
--- a/src/crypto/asn1.c
+++ b/src/crypto/asn1.c
@@ -655,10 +655,16 @@ int asn1_generalized_time ( const struct asn1_cursor *cursor, time_t *time ) {
 	}
 
 	/* Parse digit string a pair at a time */
+	memset ( &pairs, 0, sizeof ( pairs ) );
 	data = contents.data;
 	remaining = contents.len;
 	for ( i = ( have_century ? 0 : 1 ) ; i < sizeof ( pairs.raw ) ; i++ ) {
 		if ( remaining < 2 ) {
+			/* Some certificates violate the X.509 RFC by
+			 * omitting the "seconds" value.
+			 */
+			if ( i == ( sizeof ( pairs.raw ) - 1 ) )
+				break;
 			DBGC ( cursor, "ASN1 %p invalid time:\n", cursor );
 			DBGC_HDA ( cursor, 0, cursor->data, cursor->len );
 			return -EINVAL_ASN1_TIME;
author	Michael Brown	2012-05-22 00:20:03 +0200
committer	Michael Brown	2012-05-22 00:21:36 +0200
commit	f20c3742e713092ee04cdfd1aa65d5d640be6a77 (patch)
tree	4e15d5f178ff974456f8ed79e98832a9ea973f4a /src/crypto
parent	[test] Add self-tests for base64 (diff)
download	ipxe-f20c3742e713092ee04cdfd1aa65d5d640be6a77.tar.gz ipxe-f20c3742e713092ee04cdfd1aa65d5d640be6a77.tar.xz ipxe-f20c3742e713092ee04cdfd1aa65d5d640be6a77.zip