Convert libressl to use the BoringSSL style time conversions

This gets rid of our last uses of timegm and gmtime in the library and things that ship with it. It includes a bit of refactoring in ocsp_cl.c to remove some obvious ugly. ok tb@
author: beck <> 2024-03-24 11:30:12 +0000
committer: beck <> 2024-03-24 11:30:12 +0000
commit: 0f167a53fa3e19b7e6bb0620e16c6d11f07f10ca (patch)
tree: af867a635253990b4a88720849f04a8a6bb5d8b3 /src/lib/libtls
parent: a1fcde383f7ab72e64fc36b664d4358d5915f2c1 (diff)
download: openbsd-0f167a53fa3e19b7e6bb0620e16c6d11f07f10ca.tar.gz
openbsd-0f167a53fa3e19b7e6bb0620e16c6d11f07f10ca.tar.bz2
openbsd-0f167a53fa3e19b7e6bb0620e16c6d11f07f10ca.zip
2 files changed, 22 insertions, 9 deletions
diff --git a/src/lib/libtls/tls_conninfo.c b/src/lib/libtls/tls_conninfo.c
index 90fdfacad3..08f8714ecd 100644
--- a/src/lib/libtls/tls_conninfo.c
+++ b/src/lib/libtls/tls_conninfo.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_conninfo.c,v 1.24 2023/11/13 10:51:49 tb Exp $ */
+/* $OpenBSD: tls_conninfo.c,v 1.25 2024/03/24 11:30:12 beck Exp $ */
 /*
 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
@@ -19,12 +19,27 @@
 #include <stdio.h>
 #include <string.h>
+#include <openssl/posix_time.h>
 #include <openssl/x509.h>
 #include <tls.h>
 #include "tls_internal.h"
-int ASN1_time_tm_clamp_notafter(struct tm *tm);
+static int
+tls_convert_notafter(struct tm *tm, time_t *out_time)
+{
+        int64_t posix_time;
+        /* OPENSSL_timegm() fails if tm is not representable in a time_t */
+        if (OPENSSL_timegm(tm, out_time))
+                return 1;
+        if (!OPENSSL_tm_to_posix(tm, &posix_time))
+                return 0;
+        if (posix_time < INT32_MIN)
+                return 0;
+        *out_time = (posix_time > INT32_MAX) ? INT32_MAX : posix_time;
+        return 1;
+}
 int
 tls_hex_string(const unsigned char *in, size_t inlen, char **out,
@@ -121,13 +136,10 @@ tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore,
                goto err;
        if (!ASN1_TIME_to_tm(after, &after_tm))
                goto err;
-        if (!ASN1_time_tm_clamp_notafter(&after_tm))
+        if (!tls_convert_notafter(&after_tm, notafter))
                goto err;
-        if ((*notbefore = timegm(&before_tm)) == -1)
+        if (!OPENSSL_timegm(&before_tm, notbefore))
                goto err;
-        if ((*notafter = timegm(&after_tm)) == -1)
-                goto err;
        return (0);
 err:
diff --git a/src/lib/libtls/tls_ocsp.c b/src/lib/libtls/tls_ocsp.c
index c7eb3e5986..f7d7ba9199 100644
--- a/src/lib/libtls/tls_ocsp.c
+++ b/src/lib/libtls/tls_ocsp.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls_ocsp.c,v 1.24 2023/11/13 10:56:19 tb Exp $ */
+/*      $OpenBSD: tls_ocsp.c,v 1.25 2024/03/24 11:30:12 beck Exp $ */
 /*
 * Copyright (c) 2015 Marko Kreen <markokr@gmail.com>
 * Copyright (c) 2016 Bob Beck <beck@openbsd.org>
@@ -25,6 +25,7 @@
 #include <openssl/err.h>
 #include <openssl/ocsp.h>
+#include <openssl/posix_time.h>
 #include <openssl/x509.h>
 #include <tls.h>
@@ -68,7 +69,7 @@ tls_ocsp_asn1_parse_time(struct tls *ctx, ASN1_GENERALIZEDTIME *gt, time_t *gt_t
                return -1;
        if (!ASN1_TIME_to_tm(gt, &tm))
                return -1;
-        if ((*gt_time = timegm(&tm)) == -1)
+        if (!OPENSSL_timegm(&tm, gt_time))
                return -1;
        return 0;
 }
author	beck <>	2024-03-24 11:30:12 +0000
committer	beck <>	2024-03-24 11:30:12 +0000
commit	0f167a53fa3e19b7e6bb0620e16c6d11f07f10ca (patch)
tree	af867a635253990b4a88720849f04a8a6bb5d8b3 /src/lib/libtls
parent	a1fcde383f7ab72e64fc36b664d4358d5915f2c1 (diff)
download	openbsd-0f167a53fa3e19b7e6bb0620e16c6d11f07f10ca.tar.gz openbsd-0f167a53fa3e19b7e6bb0620e16c6d11f07f10ca.tar.bz2 openbsd-0f167a53fa3e19b7e6bb0620e16c6d11f07f10ca.zip