Convert libressl to use the BoringSSL style time conversions

This gets rid of our last uses of timegm and gmtime in the library and things that ship with it. It includes a bit of refactoring in ocsp_cl.c to remove some obvious ugly. ok tb@
author: beck <> 2024-03-24 11:30:12 +0000
committer: beck <> 2024-03-24 11:30:12 +0000
commit: 5176ab31ca58949fc78b5b06b23adf63a83b9c44 (patch)
tree: af867a635253990b4a88720849f04a8a6bb5d8b3 /src/lib/libtls
parent: c84d6a97971ee756cdbcf3936caaeaa66a6d2289 (diff)
download: openbsd-5176ab31ca58949fc78b5b06b23adf63a83b9c44.tar.gz
openbsd-5176ab31ca58949fc78b5b06b23adf63a83b9c44.tar.bz2
openbsd-5176ab31ca58949fc78b5b06b23adf63a83b9c44.zip
2 files changed, 22 insertions, 9 deletions
diff --git a/src/lib/libtls/tls_conninfo.c b/src/lib/libtls/tls_conninfo.c
index 90fdfacad3..08f8714ecd 100644
--- a/src/lib/libtls/tls_conninfo.c
+++ b/src/lib/libtls/tls_conninfo.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_conninfo.c,v 1.24 2023/11/13 10:51:49 tb Exp $ */
+/* $OpenBSD: tls_conninfo.c,v 1.25 2024/03/24 11:30:12 beck Exp $ */
 /*
 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
@@ -19,12 +19,27 @@
 #include <stdio.h>
 #include <string.h>
+#include <openssl/posix_time.h>
 #include <openssl/x509.h>
 #include <tls.h>
 #include "tls_internal.h"
-int ASN1_time_tm_clamp_notafter(struct tm *tm);
+static int
+tls_convert_notafter(struct tm *tm, time_t *out_time)
+{
+        int64_t posix_time;
+        /* OPENSSL_timegm() fails if tm is not representable in a time_t */
+        if (OPENSSL_timegm(tm, out_time))
+                return 1;
+        if (!OPENSSL_tm_to_posix(tm, &posix_time))
+                return 0;
+        if (posix_time < INT32_MIN)
+                return 0;
+        *out_time = (posix_time > INT32_MAX) ? INT32_MAX : posix_time;
+        return 1;
+}
 int
 tls_hex_string(const unsigned char *in, size_t inlen, char **out,
@@ -121,13 +136,10 @@ tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore,
                goto err;
        if (!ASN1_TIME_to_tm(after, &after_tm))
                goto err;
-        if (!ASN1_time_tm_clamp_notafter(&after_tm))
+        if (!tls_convert_notafter(&after_tm, notafter))
                goto err;
-        if ((*notbefore = timegm(&before_tm)) == -1)
+        if (!OPENSSL_timegm(&before_tm, notbefore))
                goto err;
-        if ((*notafter = timegm(&after_tm)) == -1)
-                goto err;
        return (0);
 err:
diff --git a/src/lib/libtls/tls_ocsp.c b/src/lib/libtls/tls_ocsp.c
index c7eb3e5986..f7d7ba9199 100644
--- a/src/lib/libtls/tls_ocsp.c
+++ b/src/lib/libtls/tls_ocsp.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls_ocsp.c,v 1.24 2023/11/13 10:56:19 tb Exp $ */
+/*      $OpenBSD: tls_ocsp.c,v 1.25 2024/03/24 11:30:12 beck Exp $ */
 /*
 * Copyright (c) 2015 Marko Kreen <markokr@gmail.com>
 * Copyright (c) 2016 Bob Beck <beck@openbsd.org>
@@ -25,6 +25,7 @@
 #include <openssl/err.h>
 #include <openssl/ocsp.h>
+#include <openssl/posix_time.h>
 #include <openssl/x509.h>
 #include <tls.h>
@@ -68,7 +69,7 @@ tls_ocsp_asn1_parse_time(struct tls *ctx, ASN1_GENERALIZEDTIME *gt, time_t *gt_t
                return -1;
        if (!ASN1_TIME_to_tm(gt, &tm))
                return -1;
-        if ((*gt_time = timegm(&tm)) == -1)
+        if (!OPENSSL_timegm(&tm, gt_time))
                return -1;
        return 0;
 }
author	beck <>	2024-03-24 11:30:12 +0000
committer	beck <>	2024-03-24 11:30:12 +0000
commit	5176ab31ca58949fc78b5b06b23adf63a83b9c44 (patch)
tree	af867a635253990b4a88720849f04a8a6bb5d8b3 /src/lib/libtls
parent	c84d6a97971ee756cdbcf3936caaeaa66a6d2289 (diff)
download	openbsd-5176ab31ca58949fc78b5b06b23adf63a83b9c44.tar.gz openbsd-5176ab31ca58949fc78b5b06b23adf63a83b9c44.tar.bz2 openbsd-5176ab31ca58949fc78b5b06b23adf63a83b9c44.zip