Skip to content

Commit 7bca5d7

Browse files
HoneyryderChuckHoneyryderChuck
committed
utctime and gentime: inline formats, constrain input data
* utctime should not take dates into account with a year below 1950 and above 2049 * gentime year must be 4 digits
1 parent dead363 commit 7bca5d7

File tree

1 file changed

+12
-8
lines changed

1 file changed

+12
-8
lines changed

lib/openssl/asn1.rb

Lines changed: 12 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -376,25 +376,26 @@ def der_value
376376
end
377377

378378
class UTCTime < Primitive
379-
FORMAT = "%y%m%d%H%M%SZ".freeze
380-
381379
private
382380

381+
YEAR_RANGE = 1950..2049
382+
private_constant :YEAR_RANGE
383+
383384
# :nodoc:
384385
def der_value
385386
value = if @value.is_a?(Time)
386387
@value
387388
else
388389
Time.at(Integer(@value))
389-
end
390+
end.utc
391+
392+
raise OpenSSL::ASN1::ASN1Error unless YEAR_RANGE.include?(value.year)
390393

391-
value.utc.strftime(FORMAT)
394+
value.strftime("%y%m%d%H%M%SZ")
392395
end
393396
end
394397

395398
class GeneralizedTime < Primitive
396-
FORMAT = "%Y%m%d%H%M%SZ".freeze
397-
398399
private
399400

400401
# :nodoc:
@@ -403,9 +404,12 @@ def der_value
403404
@value
404405
else
405406
Time.at(Integer(@value))
406-
end
407+
end.utc
408+
409+
# per In X.680 (02/2021) section 46: the year has to be exactly 4 digits for GeneralizedTime.
410+
raise OpenSSL::ASN1::ASN1Error unless value.year < 10_000
407411

408-
value.utc.strftime(FORMAT)
412+
value.strftime("%Y%m%d%H%M%SZ")
409413
end
410414
end
411415

0 commit comments

Comments
 (0)