diff options
| author | deraadt <> | 2014-05-27 21:29:43 +0000 |
|---|---|---|
| committer | deraadt <> | 2014-05-27 21:29:43 +0000 |
| commit | 1c862900728cf1edc28b0ebf785abff750f14c40 (patch) | |
| tree | 9a5f8c41ac7aa5540ccc275fed226bd22d7adda7 | |
| parent | 52dcdcda442818978d7256363f514c3f60a8ec67 (diff) | |
| download | openbsd-1c862900728cf1edc28b0ebf785abff750f14c40.tar.gz openbsd-1c862900728cf1edc28b0ebf785abff750f14c40.tar.bz2 openbsd-1c862900728cf1edc28b0ebf785abff750f14c40.zip | |
Fix a Y2038 problem, by conversion of long to time_t.
The TS_RESP_CTX_set_time_cb() API gets removed. Nothing in the greater
ecosystem ever calls it. This API needs to be removed, because if
anyone ever calls on a BE 32 system assuming long rather than time_t,
it will be dangerously incompatible.
ok miod guenther
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libcrypto/ts/ts.h | 5 | ||||
| -rw-r--r-- | src/lib/libcrypto/ts/ts_rsp_sign.c | 21 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/ts/ts.h | 5 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/ts/ts_rsp_sign.c | 21 |
4 files changed, 16 insertions, 36 deletions
diff --git a/src/lib/libcrypto/ts/ts.h b/src/lib/libcrypto/ts/ts.h index 085e062b96..eb160b0e4d 100644 --- a/src/lib/libcrypto/ts/ts.h +++ b/src/lib/libcrypto/ts/ts.h | |||
| @@ -473,7 +473,7 @@ typedef ASN1_INTEGER *(*TS_serial_cb)(struct TS_resp_ctx *, void *); | |||
| 473 | /* This must return the seconds and microseconds since Jan 1, 1970 in | 473 | /* This must return the seconds and microseconds since Jan 1, 1970 in |
| 474 | the sec and usec variables allocated by the caller. | 474 | the sec and usec variables allocated by the caller. |
| 475 | Return non-zero for success and zero for failure. */ | 475 | Return non-zero for success and zero for failure. */ |
| 476 | typedef int (*TS_time_cb)(struct TS_resp_ctx *, void *, long *sec, long *usec); | 476 | typedef int (*TS_time_cb)(struct TS_resp_ctx *, void *, time_t *sec, long *usec); |
| 477 | 477 | ||
| 478 | /* This must process the given extension. | 478 | /* This must process the given extension. |
| 479 | * It can modify the TS_TST_INFO object of the context. | 479 | * It can modify the TS_TST_INFO object of the context. |
| @@ -556,9 +556,6 @@ void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags); | |||
| 556 | /* Default callback always returns a constant. */ | 556 | /* Default callback always returns a constant. */ |
| 557 | void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data); | 557 | void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data); |
| 558 | 558 | ||
| 559 | /* Default callback uses the gettimeofday() and gmtime() system calls. */ | ||
| 560 | void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data); | ||
| 561 | |||
| 562 | /* Default callback rejects all extensions. The extension callback is called | 559 | /* Default callback rejects all extensions. The extension callback is called |
| 563 | * when the TS_TST_INFO object is already set up and not signed yet. */ | 560 | * when the TS_TST_INFO object is already set up and not signed yet. */ |
| 564 | /* FIXME: extension handling is not tested yet. */ | 561 | /* FIXME: extension handling is not tested yet. */ |
diff --git a/src/lib/libcrypto/ts/ts_rsp_sign.c b/src/lib/libcrypto/ts/ts_rsp_sign.c index a81d4eedf0..39d2efd3db 100644 --- a/src/lib/libcrypto/ts/ts_rsp_sign.c +++ b/src/lib/libcrypto/ts/ts_rsp_sign.c | |||
| @@ -67,7 +67,7 @@ | |||
| 67 | /* Private function declarations. */ | 67 | /* Private function declarations. */ |
| 68 | 68 | ||
| 69 | static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *, void *); | 69 | static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *, void *); |
| 70 | static int def_time_cb(struct TS_resp_ctx *, void *, long *sec, long *usec); | 70 | static int def_time_cb(struct TS_resp_ctx *, void *, time_t *sec, long *usec); |
| 71 | static int def_extension_cb(struct TS_resp_ctx *, X509_EXTENSION *, void *); | 71 | static int def_extension_cb(struct TS_resp_ctx *, X509_EXTENSION *, void *); |
| 72 | 72 | ||
| 73 | static void TS_RESP_CTX_init(TS_RESP_CTX *ctx); | 73 | static void TS_RESP_CTX_init(TS_RESP_CTX *ctx); |
| @@ -86,7 +86,7 @@ static int TS_TST_INFO_content_new(PKCS7 *p7); | |||
| 86 | static int ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc); | 86 | static int ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc); |
| 87 | 87 | ||
| 88 | static ASN1_GENERALIZEDTIME *TS_RESP_set_genTime_with_precision( | 88 | static ASN1_GENERALIZEDTIME *TS_RESP_set_genTime_with_precision( |
| 89 | ASN1_GENERALIZEDTIME *, long, long, unsigned); | 89 | ASN1_GENERALIZEDTIME *, time_t, long, unsigned); |
| 90 | 90 | ||
| 91 | /* Default callbacks for response generation. */ | 91 | /* Default callbacks for response generation. */ |
| 92 | 92 | ||
| @@ -110,7 +110,7 @@ err: | |||
| 110 | 110 | ||
| 111 | /* Use the gettimeofday function call. */ | 111 | /* Use the gettimeofday function call. */ |
| 112 | static int | 112 | static int |
| 113 | def_time_cb(struct TS_resp_ctx *ctx, void *data, long *sec, long *usec) | 113 | def_time_cb(struct TS_resp_ctx *ctx, void *data, time_t *sec, long *usec) |
| 114 | { | 114 | { |
| 115 | struct timeval tv; | 115 | struct timeval tv; |
| 116 | 116 | ||
| @@ -321,13 +321,6 @@ TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data) | |||
| 321 | } | 321 | } |
| 322 | 322 | ||
| 323 | void | 323 | void |
| 324 | TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data) | ||
| 325 | { | ||
| 326 | ctx->time_cb = cb; | ||
| 327 | ctx->time_cb_data = data; | ||
| 328 | } | ||
| 329 | |||
| 330 | void | ||
| 331 | TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx, TS_extension_cb cb, void *data) | 324 | TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx, TS_extension_cb cb, void *data) |
| 332 | { | 325 | { |
| 333 | ctx->extension_cb = cb; | 326 | ctx->extension_cb = cb; |
| @@ -607,7 +600,8 @@ TS_RESP_create_tst_info(TS_RESP_CTX *ctx, ASN1_OBJECT *policy) | |||
| 607 | TS_TST_INFO *tst_info = NULL; | 600 | TS_TST_INFO *tst_info = NULL; |
| 608 | ASN1_INTEGER *serial = NULL; | 601 | ASN1_INTEGER *serial = NULL; |
| 609 | ASN1_GENERALIZEDTIME *asn1_time = NULL; | 602 | ASN1_GENERALIZEDTIME *asn1_time = NULL; |
| 610 | long sec, usec; | 603 | time_t sec; |
| 604 | long usec; | ||
| 611 | TS_ACCURACY *accuracy = NULL; | 605 | TS_ACCURACY *accuracy = NULL; |
| 612 | const ASN1_INTEGER *nonce; | 606 | const ASN1_INTEGER *nonce; |
| 613 | GENERAL_NAME *tsa_name = NULL; | 607 | GENERAL_NAME *tsa_name = NULL; |
| @@ -959,9 +953,8 @@ err: | |||
| 959 | 953 | ||
| 960 | static ASN1_GENERALIZEDTIME * | 954 | static ASN1_GENERALIZEDTIME * |
| 961 | TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time, | 955 | TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time, |
| 962 | long sec, long usec, unsigned precision) | 956 | time_t sec, long usec, unsigned precision) |
| 963 | { | 957 | { |
| 964 | time_t time_sec = (time_t) sec; | ||
| 965 | struct tm *tm = NULL; | 958 | struct tm *tm = NULL; |
| 966 | char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS]; | 959 | char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS]; |
| 967 | char usecstr[TS_MAX_CLOCK_PRECISION_DIGITS + 2]; | 960 | char usecstr[TS_MAX_CLOCK_PRECISION_DIGITS + 2]; |
| @@ -971,7 +964,7 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time, | |||
| 971 | if (precision > TS_MAX_CLOCK_PRECISION_DIGITS) | 964 | if (precision > TS_MAX_CLOCK_PRECISION_DIGITS) |
| 972 | goto err; | 965 | goto err; |
| 973 | 966 | ||
| 974 | if (!(tm = gmtime(&time_sec))) | 967 | if (!(tm = gmtime(&sec))) |
| 975 | goto err; | 968 | goto err; |
| 976 | 969 | ||
| 977 | /* | 970 | /* |
diff --git a/src/lib/libssl/src/crypto/ts/ts.h b/src/lib/libssl/src/crypto/ts/ts.h index 085e062b96..eb160b0e4d 100644 --- a/src/lib/libssl/src/crypto/ts/ts.h +++ b/src/lib/libssl/src/crypto/ts/ts.h | |||
| @@ -473,7 +473,7 @@ typedef ASN1_INTEGER *(*TS_serial_cb)(struct TS_resp_ctx *, void *); | |||
| 473 | /* This must return the seconds and microseconds since Jan 1, 1970 in | 473 | /* This must return the seconds and microseconds since Jan 1, 1970 in |
| 474 | the sec and usec variables allocated by the caller. | 474 | the sec and usec variables allocated by the caller. |
| 475 | Return non-zero for success and zero for failure. */ | 475 | Return non-zero for success and zero for failure. */ |
| 476 | typedef int (*TS_time_cb)(struct TS_resp_ctx *, void *, long *sec, long *usec); | 476 | typedef int (*TS_time_cb)(struct TS_resp_ctx *, void *, time_t *sec, long *usec); |
| 477 | 477 | ||
| 478 | /* This must process the given extension. | 478 | /* This must process the given extension. |
| 479 | * It can modify the TS_TST_INFO object of the context. | 479 | * It can modify the TS_TST_INFO object of the context. |
| @@ -556,9 +556,6 @@ void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags); | |||
| 556 | /* Default callback always returns a constant. */ | 556 | /* Default callback always returns a constant. */ |
| 557 | void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data); | 557 | void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data); |
| 558 | 558 | ||
| 559 | /* Default callback uses the gettimeofday() and gmtime() system calls. */ | ||
| 560 | void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data); | ||
| 561 | |||
| 562 | /* Default callback rejects all extensions. The extension callback is called | 559 | /* Default callback rejects all extensions. The extension callback is called |
| 563 | * when the TS_TST_INFO object is already set up and not signed yet. */ | 560 | * when the TS_TST_INFO object is already set up and not signed yet. */ |
| 564 | /* FIXME: extension handling is not tested yet. */ | 561 | /* FIXME: extension handling is not tested yet. */ |
diff --git a/src/lib/libssl/src/crypto/ts/ts_rsp_sign.c b/src/lib/libssl/src/crypto/ts/ts_rsp_sign.c index a81d4eedf0..39d2efd3db 100644 --- a/src/lib/libssl/src/crypto/ts/ts_rsp_sign.c +++ b/src/lib/libssl/src/crypto/ts/ts_rsp_sign.c | |||
| @@ -67,7 +67,7 @@ | |||
| 67 | /* Private function declarations. */ | 67 | /* Private function declarations. */ |
| 68 | 68 | ||
| 69 | static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *, void *); | 69 | static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *, void *); |
| 70 | static int def_time_cb(struct TS_resp_ctx *, void *, long *sec, long *usec); | 70 | static int def_time_cb(struct TS_resp_ctx *, void *, time_t *sec, long *usec); |
| 71 | static int def_extension_cb(struct TS_resp_ctx *, X509_EXTENSION *, void *); | 71 | static int def_extension_cb(struct TS_resp_ctx *, X509_EXTENSION *, void *); |
| 72 | 72 | ||
| 73 | static void TS_RESP_CTX_init(TS_RESP_CTX *ctx); | 73 | static void TS_RESP_CTX_init(TS_RESP_CTX *ctx); |
| @@ -86,7 +86,7 @@ static int TS_TST_INFO_content_new(PKCS7 *p7); | |||
| 86 | static int ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc); | 86 | static int ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc); |
| 87 | 87 | ||
| 88 | static ASN1_GENERALIZEDTIME *TS_RESP_set_genTime_with_precision( | 88 | static ASN1_GENERALIZEDTIME *TS_RESP_set_genTime_with_precision( |
| 89 | ASN1_GENERALIZEDTIME *, long, long, unsigned); | 89 | ASN1_GENERALIZEDTIME *, time_t, long, unsigned); |
| 90 | 90 | ||
| 91 | /* Default callbacks for response generation. */ | 91 | /* Default callbacks for response generation. */ |
| 92 | 92 | ||
| @@ -110,7 +110,7 @@ err: | |||
| 110 | 110 | ||
| 111 | /* Use the gettimeofday function call. */ | 111 | /* Use the gettimeofday function call. */ |
| 112 | static int | 112 | static int |
| 113 | def_time_cb(struct TS_resp_ctx *ctx, void *data, long *sec, long *usec) | 113 | def_time_cb(struct TS_resp_ctx *ctx, void *data, time_t *sec, long *usec) |
| 114 | { | 114 | { |
| 115 | struct timeval tv; | 115 | struct timeval tv; |
| 116 | 116 | ||
| @@ -321,13 +321,6 @@ TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data) | |||
| 321 | } | 321 | } |
| 322 | 322 | ||
| 323 | void | 323 | void |
| 324 | TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data) | ||
| 325 | { | ||
| 326 | ctx->time_cb = cb; | ||
| 327 | ctx->time_cb_data = data; | ||
| 328 | } | ||
| 329 | |||
| 330 | void | ||
| 331 | TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx, TS_extension_cb cb, void *data) | 324 | TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx, TS_extension_cb cb, void *data) |
| 332 | { | 325 | { |
| 333 | ctx->extension_cb = cb; | 326 | ctx->extension_cb = cb; |
| @@ -607,7 +600,8 @@ TS_RESP_create_tst_info(TS_RESP_CTX *ctx, ASN1_OBJECT *policy) | |||
| 607 | TS_TST_INFO *tst_info = NULL; | 600 | TS_TST_INFO *tst_info = NULL; |
| 608 | ASN1_INTEGER *serial = NULL; | 601 | ASN1_INTEGER *serial = NULL; |
| 609 | ASN1_GENERALIZEDTIME *asn1_time = NULL; | 602 | ASN1_GENERALIZEDTIME *asn1_time = NULL; |
| 610 | long sec, usec; | 603 | time_t sec; |
| 604 | long usec; | ||
| 611 | TS_ACCURACY *accuracy = NULL; | 605 | TS_ACCURACY *accuracy = NULL; |
| 612 | const ASN1_INTEGER *nonce; | 606 | const ASN1_INTEGER *nonce; |
| 613 | GENERAL_NAME *tsa_name = NULL; | 607 | GENERAL_NAME *tsa_name = NULL; |
| @@ -959,9 +953,8 @@ err: | |||
| 959 | 953 | ||
| 960 | static ASN1_GENERALIZEDTIME * | 954 | static ASN1_GENERALIZEDTIME * |
| 961 | TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time, | 955 | TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time, |
| 962 | long sec, long usec, unsigned precision) | 956 | time_t sec, long usec, unsigned precision) |
| 963 | { | 957 | { |
| 964 | time_t time_sec = (time_t) sec; | ||
| 965 | struct tm *tm = NULL; | 958 | struct tm *tm = NULL; |
| 966 | char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS]; | 959 | char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS]; |
| 967 | char usecstr[TS_MAX_CLOCK_PRECISION_DIGITS + 2]; | 960 | char usecstr[TS_MAX_CLOCK_PRECISION_DIGITS + 2]; |
| @@ -971,7 +964,7 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time, | |||
| 971 | if (precision > TS_MAX_CLOCK_PRECISION_DIGITS) | 964 | if (precision > TS_MAX_CLOCK_PRECISION_DIGITS) |
| 972 | goto err; | 965 | goto err; |
| 973 | 966 | ||
| 974 | if (!(tm = gmtime(&time_sec))) | 967 | if (!(tm = gmtime(&sec))) |
| 975 | goto err; | 968 | goto err; |
| 976 | 969 | ||
| 977 | /* | 970 | /* |