Eliminate the timegm(3) dependency in libcrypto

timegm(3) is not available on some operating systems we support in portable. We currently use musl's implementation, for which gcc-13 decided to emit warnings (which seem incorrect in general and are irrelevant in this case anyway). Instead of patching this up and diverge from upstream, we can avoid reports about compiler warnings by simply not depending on this function. Rework the caching of notBefore and notAfter by replacing timegm(3) with asn1_time_tm_to_time_t(3). Also make this API properly error checkable since at the time x509v3_cache_extensions(3) is called, nothing is known about the cert, in particular not whether it isn't malformed one way or the other. suggested by and ok beck
author: tb <> 2023-11-13 10:33:00 +0000
committer: tb <> 2023-11-13 10:33:00 +0000
commit: 934fbb57cd6b0549754b91dafe57b3f63d754fad (patch)
tree: 1c717e972f99cdd8af5ad4b2f0df134f540e1131
parent: 54397579be0eaf2a12e40fad1823cd1ce3d1f6fc (diff)
download: openbsd-934fbb57cd6b0549754b91dafe57b3f63d754fad.tar.gz
openbsd-934fbb57cd6b0549754b91dafe57b3f63d754fad.tar.bz2
openbsd-934fbb57cd6b0549754b91dafe57b3f63d754fad.zip
4 files changed, 36 insertions, 19 deletions
diff --git a/src/lib/libcrypto/x509/x509_internal.h b/src/lib/libcrypto/x509/x509_internal.h
index 15efff6097..280d1ae46c 100644
--- a/src/lib/libcrypto/x509/x509_internal.h
+++ b/src/lib/libcrypto/x509/x509_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_internal.h,v 1.26 2023/09/29 15:53:59 beck Exp $ */
+/* $OpenBSD: x509_internal.h,v 1.27 2023/11/13 10:33:00 tb Exp $ */
 /*
 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
 *
@@ -96,7 +96,8 @@ int x509_vfy_callback_indicate_completion(X509_STORE_CTX *ctx);
 int x509v3_cache_extensions(X509 *x);
 X509 *x509_vfy_lookup_cert_match(X509_STORE_CTX *ctx, X509 *x);
-time_t x509_verify_asn1_time_to_time_t(const ASN1_TIME *atime, int notafter);
+int x509_verify_asn1_time_to_time_t(const ASN1_TIME *atime, int notafter,
+    time_t *out);
 struct x509_verify_ctx *x509_verify_ctx_new_from_xsc(X509_STORE_CTX *xsc);
@@ -133,7 +134,7 @@ int x509_constraints_check(struct x509_constraints_names *names,
    struct x509_constraints_names *excluded, int *error);
 int x509_constraints_chain(STACK_OF(X509) *chain, int *error,
    int *depth);
-void x509_verify_cert_info_populate(X509 *cert);
+int x509_verify_cert_info_populate(X509 *cert);
 int x509_vfy_check_security_level(X509_STORE_CTX *ctx);
 __END_HIDDEN_DECLS
diff --git a/src/lib/libcrypto/x509/x509_purp.c b/src/lib/libcrypto/x509/x509_purp.c
index 0c92dfb19c..999ba639c5 100644
--- a/src/lib/libcrypto/x509/x509_purp.c
+++ b/src/lib/libcrypto/x509/x509_purp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_purp.c,v 1.29 2023/08/18 08:42:41 tb Exp $ */
+/* $OpenBSD: x509_purp.c,v 1.30 2023/11/13 10:33:00 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2001.
 */
@@ -711,7 +711,8 @@ x509v3_cache_extensions_internal(X509 *x)
        if (!x509_extension_oids_are_unique(x))
                x->ex_flags |= EXFLAG_INVALID;
-        x509_verify_cert_info_populate(x);
+        if (!x509_verify_cert_info_populate(x))
+                x->ex_flags |= EXFLAG_INVALID;
        x->ex_flags |= EXFLAG_SET;
 }
diff --git a/src/lib/libcrypto/x509/x509_verify.c b/src/lib/libcrypto/x509/x509_verify.c
index ca4814d938..c4c89a23b9 100644
--- a/src/lib/libcrypto/x509/x509_verify.c
+++ b/src/lib/libcrypto/x509/x509_verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_verify.c,v 1.66 2023/05/07 07:11:50 tb Exp $ */
+/* $OpenBSD: x509_verify.c,v 1.67 2023/11/13 10:33:00 tb Exp $ */
 /*
 * Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org>
 *
@@ -27,6 +27,7 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
+#include "asn1_local.h"
 #include "x509_internal.h"
 #include "x509_issuer_cache.h"
@@ -44,21 +45,22 @@ static void x509_verify_chain_free(struct x509_verify_chain *chain);
 * Parse an asn1 to a representable time_t as per RFC 5280 rules.
 * Returns -1 if that can't be done for any reason.
 */
-time_t
+int
-x509_verify_asn1_time_to_time_t(const ASN1_TIME *atime, int notAfter)
+x509_verify_asn1_time_to_time_t(const ASN1_TIME *atime, int notAfter,
+    time_t *out)
 {
        struct tm tm = { 0 };
        int type;
        type = ASN1_time_parse(atime->data, atime->length, &tm, atime->type);
        if (type == -1)
-                return -1;
+                return 0;
        /* RFC 5280 section 4.1.2.5 */
        if (tm.tm_year < 150 && type != V_ASN1_UTCTIME)
-                return -1;
+                return 0;
        if (tm.tm_year >= 150 && type != V_ASN1_GENERALIZEDTIME)
-                return -1;
+                return 0;
        if (notAfter) {
                /*
@@ -67,7 +69,7 @@ x509_verify_asn1_time_to_time_t(const ASN1_TIME *atime, int notAfter)
                 * date, limit the date to a 32 bit representable value.
                 */
                if (!ASN1_time_tm_clamp_notafter(&tm))
-                        return -1;
+                        return 0;
        }
        /*
@@ -75,22 +77,36 @@ x509_verify_asn1_time_to_time_t(const ASN1_TIME *atime, int notAfter)
         * a time_t. A time_t must be sane if you care about times after
         * Jan 19 2038.
         */
-        return timegm(&tm);
+        return asn1_time_tm_to_time_t(&tm, out);
 }
 /*
 * Cache certificate hash, and values parsed out of an X509.
 * called from cache_extensions()
 */
-void
+int
 x509_verify_cert_info_populate(X509 *cert)
 {
+        const ASN1_TIME *notBefore, *notAfter;
        /*
         * Parse and save the cert times, or remember that they
         * are unacceptable/unparsable.
         */
-        cert->not_before = x509_verify_asn1_time_to_time_t(X509_get_notBefore(cert), 0);
-        cert->not_after = x509_verify_asn1_time_to_time_t(X509_get_notAfter(cert), 1);
+        cert->not_before = cert->not_after = -1;
+        if ((notBefore = X509_get_notBefore(cert)) == NULL)
+                return 0;
+        if ((notAfter = X509_get_notAfter(cert)) == NULL)
+                return 0;
+        if (!x509_verify_asn1_time_to_time_t(notBefore, 0, &cert->not_before))
+                return 0;
+        if (!x509_verify_asn1_time_to_time_t(notAfter, 1, &cert->not_after))
+                return 0;
+        return 1;
 }
 struct x509_verify_chain *
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index c4ba3d5b14..6c0ad78ec8 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.c,v 1.125 2023/06/08 22:02:40 beck Exp $ */
+/* $OpenBSD: x509_vfy.c,v 1.126 2023/11/13 10:33:00 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1969,8 +1969,7 @@ X509_cmp_time_internal(const ASN1_TIME *ctm, time_t *cmp_time, int is_notafter)
        else
                compare = *cmp_time;
-        if ((cert_time = x509_verify_asn1_time_to_time_t(ctm, is_notafter)) ==
+        if (!x509_verify_asn1_time_to_time_t(ctm, is_notafter, &cert_time))
-            -1)
                return 0; /* invalid time */
        if (cert_time <= compare)
author	tb <>	2023-11-13 10:33:00 +0000
committer	tb <>	2023-11-13 10:33:00 +0000
commit	934fbb57cd6b0549754b91dafe57b3f63d754fad (patch)
tree	1c717e972f99cdd8af5ad4b2f0df134f540e1131
parent	54397579be0eaf2a12e40fad1823cd1ce3d1f6fc (diff)
download	openbsd-934fbb57cd6b0549754b91dafe57b3f63d754fad.tar.gz openbsd-934fbb57cd6b0549754b91dafe57b3f63d754fad.tar.bz2 openbsd-934fbb57cd6b0549754b91dafe57b3f63d754fad.zip

diff --git a/src/lib/libcrypto/x509/x509_internal.h b/src/lib/libcrypto/x509/x509_internal.h index 15efff6097..280d1ae46c 100644 --- a/src/lib/libcrypto/x509/x509_internal.h +++ b/src/lib/libcrypto/x509/x509_internal.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_internal.h,v 1.26 2023/09/29 15:53:59 beck Exp $ */	1	/* $OpenBSD: x509_internal.h,v 1.27 2023/11/13 10:33:00 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>	3	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
4	*	4	*
@@ -96,7 +96,8 @@ int x509_vfy_callback_indicate_completion(X509_STORE_CTX *ctx);
96	int x509v3_cache_extensions(X509 *x);	96	int x509v3_cache_extensions(X509 *x);
97	X509 x509_vfy_lookup_cert_match(X509_STORE_CTX ctx, X509 *x);	97	X509 x509_vfy_lookup_cert_match(X509_STORE_CTX ctx, X509 *x);
98		98
99	time_t x509_verify_asn1_time_to_time_t(const ASN1_TIME *atime, int notafter);	99	int x509_verify_asn1_time_to_time_t(const ASN1_TIME *atime, int notafter,
		100	time_t *out);
100		101
101	struct x509_verify_ctx x509_verify_ctx_new_from_xsc(X509_STORE_CTX xsc);	102	struct x509_verify_ctx x509_verify_ctx_new_from_xsc(X509_STORE_CTX xsc);
102		103
@@ -133,7 +134,7 @@ int x509_constraints_check(struct x509_constraints_names *names,
133	struct x509_constraints_names excluded, int error);	134	struct x509_constraints_names excluded, int error);
134	int x509_constraints_chain(STACK_OF(X509) chain, int error,	135	int x509_constraints_chain(STACK_OF(X509) chain, int error,
135	int *depth);	136	int *depth);
136	void x509_verify_cert_info_populate(X509 *cert);	137	int x509_verify_cert_info_populate(X509 *cert);
137	int x509_vfy_check_security_level(X509_STORE_CTX *ctx);	138	int x509_vfy_check_security_level(X509_STORE_CTX *ctx);
138		139
139	__END_HIDDEN_DECLS	140	__END_HIDDEN_DECLS


diff --git a/src/lib/libcrypto/x509/x509_purp.c b/src/lib/libcrypto/x509/x509_purp.c index 0c92dfb19c..999ba639c5 100644 --- a/src/lib/libcrypto/x509/x509_purp.c +++ b/src/lib/libcrypto/x509/x509_purp.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_purp.c,v 1.29 2023/08/18 08:42:41 tb Exp $ */	1	/* $OpenBSD: x509_purp.c,v 1.30 2023/11/13 10:33:00 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2001.	3	* project 2001.
4	*/	4	*/
@@ -711,7 +711,8 @@ x509v3_cache_extensions_internal(X509 *x)
711	if (!x509_extension_oids_are_unique(x))	711	if (!x509_extension_oids_are_unique(x))
712	x->ex_flags \|= EXFLAG_INVALID;	712	x->ex_flags \|= EXFLAG_INVALID;
713		713
714	x509_verify_cert_info_populate(x);	714	if (!x509_verify_cert_info_populate(x))
		715	x->ex_flags \|= EXFLAG_INVALID;
715		716
716	x->ex_flags \|= EXFLAG_SET;	717	x->ex_flags \|= EXFLAG_SET;
717	}	718	}


diff --git a/src/lib/libcrypto/x509/x509_verify.c b/src/lib/libcrypto/x509/x509_verify.c index ca4814d938..c4c89a23b9 100644 --- a/src/lib/libcrypto/x509/x509_verify.c +++ b/src/lib/libcrypto/x509/x509_verify.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_verify.c,v 1.66 2023/05/07 07:11:50 tb Exp $ */	1	/* $OpenBSD: x509_verify.c,v 1.67 2023/11/13 10:33:00 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org>	3	* Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org>
4	*	4	*
@@ -27,6 +27,7 @@
27	#include <openssl/x509.h>	27	#include <openssl/x509.h>
28	#include <openssl/x509v3.h>	28	#include <openssl/x509v3.h>
29		29
		30	#include "asn1_local.h"
30	#include "x509_internal.h"	31	#include "x509_internal.h"
31	#include "x509_issuer_cache.h"	32	#include "x509_issuer_cache.h"
32		33
@@ -44,21 +45,22 @@ static void x509_verify_chain_free(struct x509_verify_chain *chain);
44	* Parse an asn1 to a representable time_t as per RFC 5280 rules.	45	* Parse an asn1 to a representable time_t as per RFC 5280 rules.
45	* Returns -1 if that can't be done for any reason.	46	* Returns -1 if that can't be done for any reason.
46	*/	47	*/
47	time_t	48	int
48	x509_verify_asn1_time_to_time_t(const ASN1_TIME *atime, int notAfter)	49	x509_verify_asn1_time_to_time_t(const ASN1_TIME *atime, int notAfter,
		50	time_t *out)
49	{	51	{
50	struct tm tm = { 0 };	52	struct tm tm = { 0 };
51	int type;	53	int type;
52		54
53	type = ASN1_time_parse(atime->data, atime->length, &tm, atime->type);	55	type = ASN1_time_parse(atime->data, atime->length, &tm, atime->type);
54	if (type == -1)	56	if (type == -1)
55	return -1;	57	return 0;
56		58
57	/* RFC 5280 section 4.1.2.5 */	59	/* RFC 5280 section 4.1.2.5 */
58	if (tm.tm_year < 150 && type != V_ASN1_UTCTIME)	60	if (tm.tm_year < 150 && type != V_ASN1_UTCTIME)
59	return -1;	61	return 0;
60	if (tm.tm_year >= 150 && type != V_ASN1_GENERALIZEDTIME)	62	if (tm.tm_year >= 150 && type != V_ASN1_GENERALIZEDTIME)
61	return -1;	63	return 0;
62		64
63	if (notAfter) {	65	if (notAfter) {
64	/*	66	/*
@@ -67,7 +69,7 @@ x509_verify_asn1_time_to_time_t(const ASN1_TIME *atime, int notAfter)
67	* date, limit the date to a 32 bit representable value.	69	* date, limit the date to a 32 bit representable value.
68	*/	70	*/
69	if (!ASN1_time_tm_clamp_notafter(&tm))	71	if (!ASN1_time_tm_clamp_notafter(&tm))
70	return -1;	72	return 0;
71	}	73	}
72		74
73	/*	75	/*
@@ -75,22 +77,36 @@ x509_verify_asn1_time_to_time_t(const ASN1_TIME *atime, int notAfter)
75	* a time_t. A time_t must be sane if you care about times after	77	* a time_t. A time_t must be sane if you care about times after
76	* Jan 19 2038.	78	* Jan 19 2038.
77	*/	79	*/
78	return timegm(&tm);	80	return asn1_time_tm_to_time_t(&tm, out);
79	}	81	}
80		82
81	/*	83	/*
82	* Cache certificate hash, and values parsed out of an X509.	84	* Cache certificate hash, and values parsed out of an X509.
83	* called from cache_extensions()	85	* called from cache_extensions()
84	*/	86	*/
85	void	87	int
86	x509_verify_cert_info_populate(X509 *cert)	88	x509_verify_cert_info_populate(X509 *cert)
87	{	89	{
		90	const ASN1_TIME notBefore, notAfter;
		91
88	/*	92	/*
89	* Parse and save the cert times, or remember that they	93	* Parse and save the cert times, or remember that they
90	* are unacceptable/unparsable.	94	* are unacceptable/unparsable.
91	*/	95	*/
92	cert->not_before = x509_verify_asn1_time_to_time_t(X509_get_notBefore(cert), 0);	96
93	cert->not_after = x509_verify_asn1_time_to_time_t(X509_get_notAfter(cert), 1);	97	cert->not_before = cert->not_after = -1;
		98
		99	if ((notBefore = X509_get_notBefore(cert)) == NULL)
		100	return 0;
		101	if ((notAfter = X509_get_notAfter(cert)) == NULL)
		102	return 0;
		103
		104	if (!x509_verify_asn1_time_to_time_t(notBefore, 0, &cert->not_before))
		105	return 0;
		106	if (!x509_verify_asn1_time_to_time_t(notAfter, 1, &cert->not_after))
		107	return 0;
		108
		109	return 1;
94	}	110	}
95		111
96	struct x509_verify_chain *	112	struct x509_verify_chain *


diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c index c4ba3d5b14..6c0ad78ec8 100644 --- a/src/lib/libcrypto/x509/x509_vfy.c +++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_vfy.c,v 1.125 2023/06/08 22:02:40 beck Exp $ */	1	/* $OpenBSD: x509_vfy.c,v 1.126 2023/11/13 10:33:00 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1969,8 +1969,7 @@ X509_cmp_time_internal(const ASN1_TIME ctm, time_t cmp_time, int is_notafter)
1969	else	1969	else
1970	compare = *cmp_time;	1970	compare = *cmp_time;
1971		1971
1972	if ((cert_time = x509_verify_asn1_time_to_time_t(ctm, is_notafter)) ==	1972	if (!x509_verify_asn1_time_to_time_t(ctm, is_notafter, &cert_time))
1973	-1)
1974	return 0; /* invalid time */	1973	return 0; /* invalid time */
1975		1974
1976	if (cert_time <= compare)	1975	if (cert_time <= compare)