6 files changed, 50 insertions, 78 deletions
diff --git a/src/lib/libcrypto/asn1/a_time_tm.c b/src/lib/libcrypto/asn1/a_time_tm.c
index ba75173653..53443fa965 100644
--- a/src/lib/libcrypto/asn1/a_time_tm.c
+++ b/src/lib/libcrypto/asn1/a_time_tm.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_time_tm.c,v 1.4 2015/10/06 12:54:24 bcook Exp $ */
+/* $OpenBSD: a_time_tm.c,v 1.5 2015/10/08 02:26:31 beck Exp $ */
 /*
 * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
 *
@@ -68,8 +68,7 @@ utctime_string_from_tm(struct tm *tm)
 * 0 if we expect to parse a time as specified in RFC 5280 from an
 * X509 certificate.
 * V_ASN1_UTCTIME if we wish to parse a legacy ASN1 UTC time.
- * V_ASN1_GENERALIZEDTIME if we wish to parse a legacy ASN1
+ * V_ASN1_GENERALIZEDTIME if we wish to parse a legacy ASN1 Generalized time.
- * Generalizd time.
 *
 * Returns:
 * -1 if the string was invalid.
diff --git a/src/lib/libcrypto/asn1/a_utctm.c b/src/lib/libcrypto/asn1/a_utctm.c
index c208d494c3..fa6f40cdc9 100644
--- a/src/lib/libcrypto/asn1/a_utctm.c
+++ b/src/lib/libcrypto/asn1/a_utctm.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_utctm.c,v 1.29 2015/10/02 15:04:45 beck Exp $ */
+/* $OpenBSD: a_utctm.c,v 1.30 2015/10/08 02:26:31 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -151,37 +151,23 @@ ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, int offset_day, long offset_sec)
 int
 ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
 {
-        struct tm *tm;
+        struct tm tm1;
-        struct tm data;
+        time_t time1;
-        int offset;
-        int year;
+        /*
+         * This funciton has never handled failure conditions properly
-#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
+         * and should be deprecated. BoringSSL makes it return -2 on
+         * failures, the OpenSSL version follows NULL pointers instead.
-        if (s->data[12] == 'Z')
+         */
-                offset = 0;
+        if (asn1_time_parse(s->data, s->length, &tm1, V_ASN1_UTCTIME) == -1)
-        else {
+                return (-2); /* XXX */
-                offset = g2(s->data + 13)*60 + g2(s->data + 15);
-                if (s->data[12] == '-')
+        if ((time1 = timegm(&tm1)) == -1)
-                        offset = -offset;
+                return (-2); /* XXX */
-        }
+        if (time1 < t)
-        t -= offset * 60; /* FIXME: may overflow in extreme cases */
+                return (-1);
+        if (time1 > t)
-        tm = gmtime_r(&t, &data);
+                return (1);
+        return (0);
-#define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1
-        year = g2(s->data);
-        if (year < 50)
-                year += 100;
-        return_cmp(year, tm->tm_year);
-        return_cmp(g2(s->data + 2) - 1, tm->tm_mon);
-        return_cmp(g2(s->data + 4), tm->tm_mday);
-        return_cmp(g2(s->data + 6), tm->tm_hour);
-        return_cmp(g2(s->data + 8), tm->tm_min);
-        return_cmp(g2(s->data + 10), tm->tm_sec);
-#undef g2
-#undef return_cmp
-        return 0;
 }
diff --git a/src/lib/libcrypto/asn1/asn1.h b/src/lib/libcrypto/asn1/asn1.h
index 3fb4b8fbf1..c0d0f9288f 100644
--- a/src/lib/libcrypto/asn1/asn1.h
+++ b/src/lib/libcrypto/asn1/asn1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1.h,v 1.30 2015/09/30 19:13:13 jsing Exp $ */
+/* $OpenBSD: asn1.h,v 1.31 2015/10/08 02:26:31 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -812,8 +812,9 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t);
 ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
    int offset_day, long offset_sec);
 int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str);
+#ifndef LIBRESSL_INTERNAL
 int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
+#endif
 int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
 ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
    time_t t);
diff --git a/src/lib/libssl/src/crypto/asn1/a_time_tm.c b/src/lib/libssl/src/crypto/asn1/a_time_tm.c
index ba75173653..53443fa965 100644
--- a/src/lib/libssl/src/crypto/asn1/a_time_tm.c
+++ b/src/lib/libssl/src/crypto/asn1/a_time_tm.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_time_tm.c,v 1.4 2015/10/06 12:54:24 bcook Exp $ */
+/* $OpenBSD: a_time_tm.c,v 1.5 2015/10/08 02:26:31 beck Exp $ */
 /*
 * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
 *
@@ -68,8 +68,7 @@ utctime_string_from_tm(struct tm *tm)
 * 0 if we expect to parse a time as specified in RFC 5280 from an
 * X509 certificate.
 * V_ASN1_UTCTIME if we wish to parse a legacy ASN1 UTC time.
- * V_ASN1_GENERALIZEDTIME if we wish to parse a legacy ASN1
+ * V_ASN1_GENERALIZEDTIME if we wish to parse a legacy ASN1 Generalized time.
- * Generalizd time.
 *
 * Returns:
 * -1 if the string was invalid.
diff --git a/src/lib/libssl/src/crypto/asn1/a_utctm.c b/src/lib/libssl/src/crypto/asn1/a_utctm.c
index c208d494c3..fa6f40cdc9 100644
--- a/src/lib/libssl/src/crypto/asn1/a_utctm.c
+++ b/src/lib/libssl/src/crypto/asn1/a_utctm.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_utctm.c,v 1.29 2015/10/02 15:04:45 beck Exp $ */
+/* $OpenBSD: a_utctm.c,v 1.30 2015/10/08 02:26:31 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -151,37 +151,23 @@ ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, int offset_day, long offset_sec)
 int
 ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
 {
-        struct tm *tm;
+        struct tm tm1;
-        struct tm data;
+        time_t time1;
-        int offset;
-        int year;
+        /*
+         * This funciton has never handled failure conditions properly
-#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
+         * and should be deprecated. BoringSSL makes it return -2 on
+         * failures, the OpenSSL version follows NULL pointers instead.
-        if (s->data[12] == 'Z')
+         */
-                offset = 0;
+        if (asn1_time_parse(s->data, s->length, &tm1, V_ASN1_UTCTIME) == -1)
-        else {
+                return (-2); /* XXX */
-                offset = g2(s->data + 13)*60 + g2(s->data + 15);
-                if (s->data[12] == '-')
+        if ((time1 = timegm(&tm1)) == -1)
-                        offset = -offset;
+                return (-2); /* XXX */
-        }
+        if (time1 < t)
-        t -= offset * 60; /* FIXME: may overflow in extreme cases */
+                return (-1);
+        if (time1 > t)
-        tm = gmtime_r(&t, &data);
+                return (1);
+        return (0);
-#define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1
-        year = g2(s->data);
-        if (year < 50)
-                year += 100;
-        return_cmp(year, tm->tm_year);
-        return_cmp(g2(s->data + 2) - 1, tm->tm_mon);
-        return_cmp(g2(s->data + 4), tm->tm_mday);
-        return_cmp(g2(s->data + 6), tm->tm_hour);
-        return_cmp(g2(s->data + 8), tm->tm_min);
-        return_cmp(g2(s->data + 10), tm->tm_sec);
-#undef g2
-#undef return_cmp
-        return 0;
 }
diff --git a/src/lib/libssl/src/crypto/asn1/asn1.h b/src/lib/libssl/src/crypto/asn1/asn1.h
index 3fb4b8fbf1..c0d0f9288f 100644
--- a/src/lib/libssl/src/crypto/asn1/asn1.h
+++ b/src/lib/libssl/src/crypto/asn1/asn1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1.h,v 1.30 2015/09/30 19:13:13 jsing Exp $ */
+/* $OpenBSD: asn1.h,v 1.31 2015/10/08 02:26:31 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -812,8 +812,9 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t);
 ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
    int offset_day, long offset_sec);
 int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str);
+#ifndef LIBRESSL_INTERNAL
 int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
+#endif
 int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
 ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
    time_t t);

diff --git a/src/lib/libcrypto/asn1/a_time_tm.c b/src/lib/libcrypto/asn1/a_time_tm.c index ba75173653..53443fa965 100644 --- a/src/lib/libcrypto/asn1/a_time_tm.c +++ b/src/lib/libcrypto/asn1/a_time_tm.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: a_time_tm.c,v 1.4 2015/10/06 12:54:24 bcook Exp $ */	1	/* $OpenBSD: a_time_tm.c,v 1.5 2015/10/08 02:26:31 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2015 Bob Beck <beck@openbsd.org>	3	* Copyright (c) 2015 Bob Beck <beck@openbsd.org>
4	*	4	*
@@ -68,8 +68,7 @@ utctime_string_from_tm(struct tm *tm)
68	* 0 if we expect to parse a time as specified in RFC 5280 from an	68	* 0 if we expect to parse a time as specified in RFC 5280 from an
69	* X509 certificate.	69	* X509 certificate.
70	* V_ASN1_UTCTIME if we wish to parse a legacy ASN1 UTC time.	70	* V_ASN1_UTCTIME if we wish to parse a legacy ASN1 UTC time.
71	* V_ASN1_GENERALIZEDTIME if we wish to parse a legacy ASN1	71	* V_ASN1_GENERALIZEDTIME if we wish to parse a legacy ASN1 Generalized time.
72	* Generalizd time.
73	*	72	*
74	* Returns:	73	* Returns:
75	* -1 if the string was invalid.	74	* -1 if the string was invalid.


diff --git a/src/lib/libcrypto/asn1/a_utctm.c b/src/lib/libcrypto/asn1/a_utctm.c index c208d494c3..fa6f40cdc9 100644 --- a/src/lib/libcrypto/asn1/a_utctm.c +++ b/src/lib/libcrypto/asn1/a_utctm.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: a_utctm.c,v 1.29 2015/10/02 15:04:45 beck Exp $ */	1	/* $OpenBSD: a_utctm.c,v 1.30 2015/10/08 02:26:31 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -151,37 +151,23 @@ ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, int offset_day, long offset_sec)
151	int	151	int
152	ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)	152	ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
153	{	153	{
154	struct tm *tm;	154	struct tm tm1;
155	struct tm data;	155	time_t time1;
156	int offset;	156
157	int year;	157	/*
158		158	* This funciton has never handled failure conditions properly
159	#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')	159	* and should be deprecated. BoringSSL makes it return -2 on
160		160	* failures, the OpenSSL version follows NULL pointers instead.
161	if (s->data[12] == 'Z')	161	*/
162	offset = 0;	162	if (asn1_time_parse(s->data, s->length, &tm1, V_ASN1_UTCTIME) == -1)
163	else {	163	return (-2); /* XXX */
164	offset = g2(s->data + 13)*60 + g2(s->data + 15);	164
165	if (s->data[12] == '-')	165	if ((time1 = timegm(&tm1)) == -1)
166	offset = -offset;	166	return (-2); /* XXX */
167	}	167
168		168	if (time1 < t)
169	t -= offset * 60; /* FIXME: may overflow in extreme cases */	169	return (-1);
170		170	if (time1 > t)
171	tm = gmtime_r(&t, &data);	171	return (1);
172		172	return (0);
173	#define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1
174	year = g2(s->data);
175	if (year < 50)
176	year += 100;
177	return_cmp(year, tm->tm_year);
178	return_cmp(g2(s->data + 2) - 1, tm->tm_mon);
179	return_cmp(g2(s->data + 4), tm->tm_mday);
180	return_cmp(g2(s->data + 6), tm->tm_hour);
181	return_cmp(g2(s->data + 8), tm->tm_min);
182	return_cmp(g2(s->data + 10), tm->tm_sec);
183	#undef g2
184	#undef return_cmp
185
186	return 0;
187	}	173	}


diff --git a/src/lib/libcrypto/asn1/asn1.h b/src/lib/libcrypto/asn1/asn1.h index 3fb4b8fbf1..c0d0f9288f 100644 --- a/src/lib/libcrypto/asn1/asn1.h +++ b/src/lib/libcrypto/asn1/asn1.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: asn1.h,v 1.30 2015/09/30 19:13:13 jsing Exp $ */	1	/* $OpenBSD: asn1.h,v 1.31 2015/10/08 02:26:31 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -812,8 +812,9 @@ ASN1_UTCTIME ASN1_UTCTIME_set(ASN1_UTCTIME s, time_t t);
812	ASN1_UTCTIME ASN1_UTCTIME_adj(ASN1_UTCTIME s, time_t t,	812	ASN1_UTCTIME ASN1_UTCTIME_adj(ASN1_UTCTIME s, time_t t,
813	int offset_day, long offset_sec);	813	int offset_day, long offset_sec);
814	int ASN1_UTCTIME_set_string(ASN1_UTCTIME s, const char str);	814	int ASN1_UTCTIME_set_string(ASN1_UTCTIME s, const char str);
		815	#ifndef LIBRESSL_INTERNAL
815	int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);	816	int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
816		817	#endif
817	int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);	818	int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
818	ASN1_GENERALIZEDTIME ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME s,	819	ASN1_GENERALIZEDTIME ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME s,
819	time_t t);	820	time_t t);


diff --git a/src/lib/libssl/src/crypto/asn1/a_time_tm.c b/src/lib/libssl/src/crypto/asn1/a_time_tm.c index ba75173653..53443fa965 100644 --- a/src/lib/libssl/src/crypto/asn1/a_time_tm.c +++ b/src/lib/libssl/src/crypto/asn1/a_time_tm.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: a_time_tm.c,v 1.4 2015/10/06 12:54:24 bcook Exp $ */	1	/* $OpenBSD: a_time_tm.c,v 1.5 2015/10/08 02:26:31 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2015 Bob Beck <beck@openbsd.org>	3	* Copyright (c) 2015 Bob Beck <beck@openbsd.org>
4	*	4	*
@@ -68,8 +68,7 @@ utctime_string_from_tm(struct tm *tm)
68	* 0 if we expect to parse a time as specified in RFC 5280 from an	68	* 0 if we expect to parse a time as specified in RFC 5280 from an
69	* X509 certificate.	69	* X509 certificate.
70	* V_ASN1_UTCTIME if we wish to parse a legacy ASN1 UTC time.	70	* V_ASN1_UTCTIME if we wish to parse a legacy ASN1 UTC time.
71	* V_ASN1_GENERALIZEDTIME if we wish to parse a legacy ASN1	71	* V_ASN1_GENERALIZEDTIME if we wish to parse a legacy ASN1 Generalized time.
72	* Generalizd time.
73	*	72	*
74	* Returns:	73	* Returns:
75	* -1 if the string was invalid.	74	* -1 if the string was invalid.


diff --git a/src/lib/libssl/src/crypto/asn1/a_utctm.c b/src/lib/libssl/src/crypto/asn1/a_utctm.c index c208d494c3..fa6f40cdc9 100644 --- a/src/lib/libssl/src/crypto/asn1/a_utctm.c +++ b/src/lib/libssl/src/crypto/asn1/a_utctm.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: a_utctm.c,v 1.29 2015/10/02 15:04:45 beck Exp $ */	1	/* $OpenBSD: a_utctm.c,v 1.30 2015/10/08 02:26:31 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -151,37 +151,23 @@ ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, int offset_day, long offset_sec)
151	int	151	int
152	ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)	152	ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
153	{	153	{
154	struct tm *tm;	154	struct tm tm1;
155	struct tm data;	155	time_t time1;
156	int offset;	156
157	int year;	157	/*
158		158	* This funciton has never handled failure conditions properly
159	#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')	159	* and should be deprecated. BoringSSL makes it return -2 on
160		160	* failures, the OpenSSL version follows NULL pointers instead.
161	if (s->data[12] == 'Z')	161	*/
162	offset = 0;	162	if (asn1_time_parse(s->data, s->length, &tm1, V_ASN1_UTCTIME) == -1)
163	else {	163	return (-2); /* XXX */
164	offset = g2(s->data + 13)*60 + g2(s->data + 15);	164
165	if (s->data[12] == '-')	165	if ((time1 = timegm(&tm1)) == -1)
166	offset = -offset;	166	return (-2); /* XXX */
167	}	167
168		168	if (time1 < t)
169	t -= offset * 60; /* FIXME: may overflow in extreme cases */	169	return (-1);
170		170	if (time1 > t)
171	tm = gmtime_r(&t, &data);	171	return (1);
172		172	return (0);
173	#define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1
174	year = g2(s->data);
175	if (year < 50)
176	year += 100;
177	return_cmp(year, tm->tm_year);
178	return_cmp(g2(s->data + 2) - 1, tm->tm_mon);
179	return_cmp(g2(s->data + 4), tm->tm_mday);
180	return_cmp(g2(s->data + 6), tm->tm_hour);
181	return_cmp(g2(s->data + 8), tm->tm_min);
182	return_cmp(g2(s->data + 10), tm->tm_sec);
183	#undef g2
184	#undef return_cmp
185
186	return 0;
187	}	173	}


diff --git a/src/lib/libssl/src/crypto/asn1/asn1.h b/src/lib/libssl/src/crypto/asn1/asn1.h index 3fb4b8fbf1..c0d0f9288f 100644 --- a/src/lib/libssl/src/crypto/asn1/asn1.h +++ b/src/lib/libssl/src/crypto/asn1/asn1.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: asn1.h,v 1.30 2015/09/30 19:13:13 jsing Exp $ */	1	/* $OpenBSD: asn1.h,v 1.31 2015/10/08 02:26:31 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -812,8 +812,9 @@ ASN1_UTCTIME ASN1_UTCTIME_set(ASN1_UTCTIME s, time_t t);
812	ASN1_UTCTIME ASN1_UTCTIME_adj(ASN1_UTCTIME s, time_t t,	812	ASN1_UTCTIME ASN1_UTCTIME_adj(ASN1_UTCTIME s, time_t t,
813	int offset_day, long offset_sec);	813	int offset_day, long offset_sec);
814	int ASN1_UTCTIME_set_string(ASN1_UTCTIME s, const char str);	814	int ASN1_UTCTIME_set_string(ASN1_UTCTIME s, const char str);
		815	#ifndef LIBRESSL_INTERNAL
815	int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);	816	int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
816		817	#endif
817	int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);	818	int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
818	ASN1_GENERALIZEDTIME ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME s,	819	ASN1_GENERALIZEDTIME ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME s,
819	time_t t);	820	time_t t);