CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2025/07/27 01:11:36
Modified files:
lib/libcrypto/pkcs7: pk7_attr.c
Log message:
Fix PKCS7_add0_attrib_signing_time()
If the caller passes in NULL, helpfully a new ASN1_TIME is allocated
with X509_gmtime_adj() and leaked if PKCS7_add0_attrib_signing_time()
fails afterward. Fix this. Also don't blindly set the signing time to
a UTCTime. Validate the usual RFC 5280 format before setting it, as
that's what RFC 5652, section 11.3 mandates.
ok kenjiro
