Change ts to only support one second precision.

RFC 3631 allows for sub second ASN1 GENERALIZED times, if you
choose to support sub second time precison. It does not
indicate that an implementation must support them.

Supporting sub second timestamps is just silly and unrealistic,
so set our maximum to one second of precision. We then simplify
this code by removing some nasty eye-bleed that made artisinally
hand crafted strings and jammed them into an ASN1_GENERALIZEDTIME.

ok tb@, jsing@, with one second precision tested by kn@

1 files changed, 3 insertions, 2 deletions

diff --git a/src/lib/libcrypto/ts/ts_conf.c b/src/lib/libcrypto/ts/ts_conf.c
index 5d27a8bbc3..ef8569ef04 100644
--- a/src/lib/libcrypto/ts/ts_conf.c
+++ b/src/lib/libcrypto/ts/ts_conf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ts_conf.c,v 1.13 2023/11/19 15:46:10 tb Exp $ */
+/* $OpenBSD: ts_conf.c,v 1.14 2024/03/26 00:39:22 beck Exp $ */
 /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
  * project 2002.
  */
@@ -437,7 +437,8 @@ TS_CONF_set_clock_precision_digits(CONF *conf, const char *section,
         if (!NCONF_get_number_e(conf, section, ENV_CLOCK_PRECISION_DIGITS,
             &digits))
                 digits = 0;
-        if (digits < 0 || digits > TS_MAX_CLOCK_PRECISION_DIGITS) {
+        /* We only support second precision, so reject everything else */
+        if (digits != 0) {
                 TS_CONF_invalid(section, ENV_CLOCK_PRECISION_DIGITS);
                 goto err;
         }