summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>2014-05-27 21:29:44 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>2014-05-27 21:29:44 +0000
commit4fd96bab023a093fd12467b9b6c5258a00759e7c (patch)
tree289b4debfb9b9973ae3e870f90e51ee762fb32e6
parentd9ff79098ebc25ddc9c1b127e83b022ec84e4bca (diff)
Fix a Y2038 problem, by conversion of long to time_t.
The TS_RESP_CTX_set_time_cb() API gets removed. Nothing in the greater ecosystem ever calls it. This API needs to be removed, because if anyone ever calls on a BE 32 system assuming long rather than time_t, it will be dangerously incompatible. ok miod guenther
-rw-r--r--lib/libssl/src/crypto/ts/ts.h5
-rw-r--r--lib/libssl/src/crypto/ts/ts_rsp_sign.c21
2 files changed, 8 insertions, 18 deletions
diff --git a/lib/libssl/src/crypto/ts/ts.h b/lib/libssl/src/crypto/ts/ts.h
index 085e062b96c..eb160b0e4dd 100644
--- a/lib/libssl/src/crypto/ts/ts.h
+++ b/lib/libssl/src/crypto/ts/ts.h
@@ -473,7 +473,7 @@ typedef ASN1_INTEGER *(*TS_serial_cb)(struct TS_resp_ctx *, void *);
/* This must return the seconds and microseconds since Jan 1, 1970 in
the sec and usec variables allocated by the caller.
Return non-zero for success and zero for failure. */
-typedef int (*TS_time_cb)(struct TS_resp_ctx *, void *, long *sec, long *usec);
+typedef int (*TS_time_cb)(struct TS_resp_ctx *, void *, time_t *sec, long *usec);
/* This must process the given extension.
* It can modify the TS_TST_INFO object of the context.
@@ -556,9 +556,6 @@ void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags);
/* Default callback always returns a constant. */
void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data);
-/* Default callback uses the gettimeofday() and gmtime() system calls. */
-void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data);
-
/* Default callback rejects all extensions. The extension callback is called
* when the TS_TST_INFO object is already set up and not signed yet. */
/* FIXME: extension handling is not tested yet. */
diff --git a/lib/libssl/src/crypto/ts/ts_rsp_sign.c b/lib/libssl/src/crypto/ts/ts_rsp_sign.c
index a81d4eedf02..39d2efd3db7 100644
--- a/lib/libssl/src/crypto/ts/ts_rsp_sign.c
+++ b/lib/libssl/src/crypto/ts/ts_rsp_sign.c
@@ -67,7 +67,7 @@
/* Private function declarations. */
static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *, void *);
-static int def_time_cb(struct TS_resp_ctx *, void *, long *sec, long *usec);
+static int def_time_cb(struct TS_resp_ctx *, void *, time_t *sec, long *usec);
static int def_extension_cb(struct TS_resp_ctx *, X509_EXTENSION *, void *);
static void TS_RESP_CTX_init(TS_RESP_CTX *ctx);
@@ -86,7 +86,7 @@ static int TS_TST_INFO_content_new(PKCS7 *p7);
static int ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc);
static ASN1_GENERALIZEDTIME *TS_RESP_set_genTime_with_precision(
- ASN1_GENERALIZEDTIME *, long, long, unsigned);
+ ASN1_GENERALIZEDTIME *, time_t, long, unsigned);
/* Default callbacks for response generation. */
@@ -110,7 +110,7 @@ err:
/* Use the gettimeofday function call. */
static int
-def_time_cb(struct TS_resp_ctx *ctx, void *data, long *sec, long *usec)
+def_time_cb(struct TS_resp_ctx *ctx, void *data, time_t *sec, long *usec)
{
struct timeval tv;
@@ -321,13 +321,6 @@ TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data)
}
void
-TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data)
-{
- ctx->time_cb = cb;
- ctx->time_cb_data = data;
-}
-
-void
TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx, TS_extension_cb cb, void *data)
{
ctx->extension_cb = cb;
@@ -607,7 +600,8 @@ TS_RESP_create_tst_info(TS_RESP_CTX *ctx, ASN1_OBJECT *policy)
TS_TST_INFO *tst_info = NULL;
ASN1_INTEGER *serial = NULL;
ASN1_GENERALIZEDTIME *asn1_time = NULL;
- long sec, usec;
+ time_t sec;
+ long usec;
TS_ACCURACY *accuracy = NULL;
const ASN1_INTEGER *nonce;
GENERAL_NAME *tsa_name = NULL;
@@ -959,9 +953,8 @@ err:
static ASN1_GENERALIZEDTIME *
TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time,
- long sec, long usec, unsigned precision)
+ time_t sec, long usec, unsigned precision)
{
- time_t time_sec = (time_t) sec;
struct tm *tm = NULL;
char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS];
char usecstr[TS_MAX_CLOCK_PRECISION_DIGITS + 2];
@@ -971,7 +964,7 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time,
if (precision > TS_MAX_CLOCK_PRECISION_DIGITS)
goto err;
- if (!(tm = gmtime(&time_sec)))
+ if (!(tm = gmtime(&sec)))
goto err;
/*