Add ability to clamp a notafter to values representable in a 32 bit time_t

This will only be used in portable. As noted, necessary to make us conformant to RFC 5280 4.1.2.5. ok jsing@ bcook@
author: beck <> 2017-08-13 19:47:49 +0000
committer: beck <> 2017-08-13 19:47:49 +0000
commit: 9fc3669524ffd3d0ffaf2b50d35ed87ba2c123f7 (patch)
tree: 634fa74bb5ef06aea9f9743d7bd052703b25d395 /src/lib/libcrypto/asn1/a_time_tm.c
parent: cde37b72cb59adfc12216ed65e5ec3b132080ec2 (diff)
download: openbsd-9fc3669524ffd3d0ffaf2b50d35ed87ba2c123f7.tar.gz
openbsd-9fc3669524ffd3d0ffaf2b50d35ed87ba2c123f7.tar.bz2
openbsd-9fc3669524ffd3d0ffaf2b50d35ed87ba2c123f7.zip
1 files changed, 17 insertions, 1 deletions
diff --git a/src/lib/libcrypto/asn1/a_time_tm.c b/src/lib/libcrypto/asn1/a_time_tm.c
index f0afc00be4..48f9f8b5e1 100644
--- a/src/lib/libcrypto/asn1/a_time_tm.c
+++ b/src/lib/libcrypto/asn1/a_time_tm.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_time_tm.c,v 1.12 2017/05/06 17:12:59 beck Exp $ */
+/* $OpenBSD: a_time_tm.c,v 1.13 2017/08/13 19:47:49 beck Exp $ */
 /*
 * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
 *
@@ -58,6 +58,22 @@ ASN1_time_tm_cmp(struct tm *tm1, struct tm *tm2) {
        return 0;
 }
+int
+ASN1_time_tm_clamp_notafter(struct tm *tm)
+{
+#ifdef SMALL_TIME_T
+        struct tm broken_os_epoch_tm;
+        time_t broken_os_epoch_time = INT_MAX;
+        if (gmtime_r(&broken_os_epoch_time, &broken_os_epoch_tm) == NULL)
+                return 0;
+        if (ASN1_time_tm_cmp(tm, &broken_os_epoch_tm) == 1)
+                memcpy(tm, &broken_os_epoch_tm, sizeof(*tm));
+#endif
+        return 1;
+}
 /* Format a time as an RFC 5280 format Generalized time */
 char *
 gentime_string_from_tm(struct tm *tm)
author	beck <>	2017-08-13 19:47:49 +0000
committer	beck <>	2017-08-13 19:47:49 +0000
commit	9fc3669524ffd3d0ffaf2b50d35ed87ba2c123f7 (patch)
tree	634fa74bb5ef06aea9f9743d7bd052703b25d395 /src/lib/libcrypto/asn1/a_time_tm.c
parent	cde37b72cb59adfc12216ed65e5ec3b132080ec2 (diff)
download	openbsd-9fc3669524ffd3d0ffaf2b50d35ed87ba2c123f7.tar.gz openbsd-9fc3669524ffd3d0ffaf2b50d35ed87ba2c123f7.tar.bz2 openbsd-9fc3669524ffd3d0ffaf2b50d35ed87ba2c123f7.zip

diff --git a/src/lib/libcrypto/asn1/a_time_tm.c b/src/lib/libcrypto/asn1/a_time_tm.c index f0afc00be4..48f9f8b5e1 100644 --- a/src/lib/libcrypto/asn1/a_time_tm.c +++ b/src/lib/libcrypto/asn1/a_time_tm.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: a_time_tm.c,v 1.12 2017/05/06 17:12:59 beck Exp $ */	1	/* $OpenBSD: a_time_tm.c,v 1.13 2017/08/13 19:47:49 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2015 Bob Beck <beck@openbsd.org>	3	* Copyright (c) 2015 Bob Beck <beck@openbsd.org>
4	*	4	*
@@ -58,6 +58,22 @@ ASN1_time_tm_cmp(struct tm tm1, struct tm tm2) {
58	return 0;	58	return 0;
59	}	59	}
60		60
		61	int
		62	ASN1_time_tm_clamp_notafter(struct tm *tm)
		63	{
		64	#ifdef SMALL_TIME_T
		65	struct tm broken_os_epoch_tm;
		66	time_t broken_os_epoch_time = INT_MAX;
		67
		68	if (gmtime_r(&broken_os_epoch_time, &broken_os_epoch_tm) == NULL)
		69	return 0;
		70
		71	if (ASN1_time_tm_cmp(tm, &broken_os_epoch_tm) == 1)
		72	memcpy(tm, &broken_os_epoch_tm, sizeof(*tm));
		73	#endif
		74	return 1;
		75	}
		76
61	/* Format a time as an RFC 5280 format Generalized time */	77	/* Format a time as an RFC 5280 format Generalized time */
62	char *	78	char *
63	gentime_string_from_tm(struct tm *tm)	79	gentime_string_from_tm(struct tm *tm)