diff options
author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2014-05-27 21:29:44 +0000 |
---|---|---|
committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2014-05-27 21:29:44 +0000 |
commit | 4fd96bab023a093fd12467b9b6c5258a00759e7c (patch) | |
tree | 289b4debfb9b9973ae3e870f90e51ee762fb32e6 | |
parent | d9ff79098ebc25ddc9c1b127e83b022ec84e4bca (diff) |
Fix a Y2038 problem, by conversion of long to time_t.
The TS_RESP_CTX_set_time_cb() API gets removed. Nothing in the greater
ecosystem ever calls it. This API needs to be removed, because if
anyone ever calls on a BE 32 system assuming long rather than time_t,
it will be dangerously incompatible.
ok miod guenther
-rw-r--r-- | lib/libssl/src/crypto/ts/ts.h | 5 | ||||
-rw-r--r-- | lib/libssl/src/crypto/ts/ts_rsp_sign.c | 21 |
2 files changed, 8 insertions, 18 deletions
diff --git a/lib/libssl/src/crypto/ts/ts.h b/lib/libssl/src/crypto/ts/ts.h index 085e062b96c..eb160b0e4dd 100644 --- a/lib/libssl/src/crypto/ts/ts.h +++ b/lib/libssl/src/crypto/ts/ts.h @@ -473,7 +473,7 @@ typedef ASN1_INTEGER *(*TS_serial_cb)(struct TS_resp_ctx *, void *); /* This must return the seconds and microseconds since Jan 1, 1970 in the sec and usec variables allocated by the caller. Return non-zero for success and zero for failure. */ -typedef int (*TS_time_cb)(struct TS_resp_ctx *, void *, long *sec, long *usec); +typedef int (*TS_time_cb)(struct TS_resp_ctx *, void *, time_t *sec, long *usec); /* This must process the given extension. * It can modify the TS_TST_INFO object of the context. @@ -556,9 +556,6 @@ void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags); /* Default callback always returns a constant. */ void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data); -/* Default callback uses the gettimeofday() and gmtime() system calls. */ -void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data); - /* Default callback rejects all extensions. The extension callback is called * when the TS_TST_INFO object is already set up and not signed yet. */ /* FIXME: extension handling is not tested yet. */ diff --git a/lib/libssl/src/crypto/ts/ts_rsp_sign.c b/lib/libssl/src/crypto/ts/ts_rsp_sign.c index a81d4eedf02..39d2efd3db7 100644 --- a/lib/libssl/src/crypto/ts/ts_rsp_sign.c +++ b/lib/libssl/src/crypto/ts/ts_rsp_sign.c @@ -67,7 +67,7 @@ /* Private function declarations. */ static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *, void *); -static int def_time_cb(struct TS_resp_ctx *, void *, long *sec, long *usec); +static int def_time_cb(struct TS_resp_ctx *, void *, time_t *sec, long *usec); static int def_extension_cb(struct TS_resp_ctx *, X509_EXTENSION *, void *); static void TS_RESP_CTX_init(TS_RESP_CTX *ctx); @@ -86,7 +86,7 @@ static int TS_TST_INFO_content_new(PKCS7 *p7); static int ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc); static ASN1_GENERALIZEDTIME *TS_RESP_set_genTime_with_precision( - ASN1_GENERALIZEDTIME *, long, long, unsigned); + ASN1_GENERALIZEDTIME *, time_t, long, unsigned); /* Default callbacks for response generation. */ @@ -110,7 +110,7 @@ err: /* Use the gettimeofday function call. */ static int -def_time_cb(struct TS_resp_ctx *ctx, void *data, long *sec, long *usec) +def_time_cb(struct TS_resp_ctx *ctx, void *data, time_t *sec, long *usec) { struct timeval tv; @@ -321,13 +321,6 @@ TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data) } void -TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data) -{ - ctx->time_cb = cb; - ctx->time_cb_data = data; -} - -void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx, TS_extension_cb cb, void *data) { ctx->extension_cb = cb; @@ -607,7 +600,8 @@ TS_RESP_create_tst_info(TS_RESP_CTX *ctx, ASN1_OBJECT *policy) TS_TST_INFO *tst_info = NULL; ASN1_INTEGER *serial = NULL; ASN1_GENERALIZEDTIME *asn1_time = NULL; - long sec, usec; + time_t sec; + long usec; TS_ACCURACY *accuracy = NULL; const ASN1_INTEGER *nonce; GENERAL_NAME *tsa_name = NULL; @@ -959,9 +953,8 @@ err: static ASN1_GENERALIZEDTIME * TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time, - long sec, long usec, unsigned precision) + time_t sec, long usec, unsigned precision) { - time_t time_sec = (time_t) sec; struct tm *tm = NULL; char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS]; char usecstr[TS_MAX_CLOCK_PRECISION_DIGITS + 2]; @@ -971,7 +964,7 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time, if (precision > TS_MAX_CLOCK_PRECISION_DIGITS) goto err; - if (!(tm = gmtime(&time_sec))) + if (!(tm = gmtime(&sec))) goto err; /* |