From: beck <beck@openbsd.org>
Date: Sun, 24 Mar 2024 11:30:12 +0000 (+0000)
Subject: Convert libressl to use the BoringSSL style time conversions
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=ac0599879842b6058f85b8c9153028df25177228;p=openbsd

Convert libressl to use the BoringSSL style time conversions

This gets rid of our last uses of timegm and gmtime in the
library and things that ship with it. It includes a bit
of refactoring in ocsp_cl.c to remove some obvious ugly.

ok tb@
---

diff --git a/lib/libcrypto/ocsp/ocsp_cl.c b/lib/libcrypto/ocsp/ocsp_cl.c
index 5ef22267856..d8ee33c391a 100644
--- a/lib/libcrypto/ocsp/ocsp_cl.c
+++ b/lib/libcrypto/ocsp/ocsp_cl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ocsp_cl.c,v 1.24 2024/03/02 09:08:41 tb Exp $ */
+/* $OpenBSD: ocsp_cl.c,v 1.25 2024/03/24 11:30:12 beck Exp $ */
 /* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
  * project. */
 
@@ -68,6 +68,7 @@
 #include <openssl/ocsp.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
+#include <openssl/posix_time.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
@@ -394,69 +395,61 @@ int
 OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
     ASN1_GENERALIZEDTIME *nextupd, long nsec, long maxsec)
 {
-	time_t t_now, t_tmp;
-	struct tm tm_this, tm_next, tm_tmp;
+	int64_t posix_next, posix_this, posix_now;
+	struct tm tm_this, tm_next;
 
-	time(&t_now);
+	/* Negative values of nsec make no sense */
+	if (nsec < 0)
+		return 0;
+
+	posix_now = time(NULL);
 
 	/*
 	 * Times must explicitly be a GENERALIZEDTIME as per section
 	 * 4.2.2.1 of RFC 6960 - It is invalid to accept other times
 	 * (such as UTCTIME permitted/required by RFC 5280 for certificates)
 	 */
-
-	/* Check thisUpdate is valid and not more than nsec in the future */
+	/* Check that thisUpdate is valid. */
 	if (ASN1_time_parse(thisupd->data, thisupd->length, &tm_this,
 	    V_ASN1_GENERALIZEDTIME) != V_ASN1_GENERALIZEDTIME) {
 		OCSPerror(OCSP_R_ERROR_IN_THISUPDATE_FIELD);
 		return 0;
-	} else {
-		t_tmp = t_now + nsec;
-		if (gmtime_r(&t_tmp, &tm_tmp) == NULL)
-			return 0;
-		if (ASN1_time_tm_cmp(&tm_this, &tm_tmp) > 0) {
-			OCSPerror(OCSP_R_STATUS_NOT_YET_VALID);
-			return 0;
-		}
-
-		/*
-		 * If maxsec specified check thisUpdate is not more than maxsec
-		 * in the past
-		 */
-		if (maxsec >= 0) {
-			t_tmp = t_now - maxsec;
-			if (gmtime_r(&t_tmp, &tm_tmp) == NULL)
-				return 0;
-			if (ASN1_time_tm_cmp(&tm_this, &tm_tmp) < 0) {
-				OCSPerror(OCSP_R_STATUS_TOO_OLD);
-				return 0;
-			}
-		}
+	}
+	if (!OPENSSL_tm_to_posix(&tm_this, &posix_this))
+		return 0;
+	/* thisUpdate must not be more than nsec in the future. */
+	if (posix_this - nsec > posix_now) {
+		OCSPerror(OCSP_R_STATUS_NOT_YET_VALID);
+		return 0;
+	}
+	/* thisUpdate must not be more than maxsec seconds in the past. */
+	if (maxsec >= 0 && posix_this < posix_now - maxsec) {
+		OCSPerror(OCSP_R_STATUS_TOO_OLD);
+		return 0;
 	}
 
-	if (!nextupd)
+	/* RFC 6960 section 4.2.2.1 allows for servers to not set nextUpdate */
+	if (nextupd == NULL)
 		return 1;
 
-	/* Check nextUpdate is valid and not more than nsec in the past */
+	/* Check that nextUpdate is valid. */
 	if (ASN1_time_parse(nextupd->data, nextupd->length, &tm_next,
 	    V_ASN1_GENERALIZEDTIME) != V_ASN1_GENERALIZEDTIME) {
 		OCSPerror(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD);
 		return 0;
-	} else {
-		t_tmp = t_now - nsec;
-		if (gmtime_r(&t_tmp, &tm_tmp) == NULL)
-			return 0;
-		if (ASN1_time_tm_cmp(&tm_next, &tm_tmp) < 0) {
-			OCSPerror(OCSP_R_STATUS_EXPIRED);
-			return 0;
-		}
 	}
-
-	/* Also don't allow nextUpdate to precede thisUpdate */
-	if (ASN1_time_tm_cmp(&tm_next, &tm_this) < 0) {
+	if (!OPENSSL_tm_to_posix(&tm_next, &posix_next))
+		return 0;
+	/* Don't allow nextUpdate to precede thisUpdate. */
+	if (posix_next < posix_this) {
 		OCSPerror(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE);
 		return 0;
 	}
+	/* nextUpdate must not be more than nsec seconds in the past. */
+	if (posix_next + nsec  < posix_now) {
+		OCSPerror(OCSP_R_STATUS_EXPIRED);
+		return 0;
+	}
 
 	return 1;
 }
diff --git a/lib/libcrypto/ts/ts_rsp_sign.c b/lib/libcrypto/ts/ts_rsp_sign.c
index 3013cffbc5e..8eb687aab1e 100644
--- a/lib/libcrypto/ts/ts_rsp_sign.c
+++ b/lib/libcrypto/ts/ts_rsp_sign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ts_rsp_sign.c,v 1.32 2023/08/22 08:09:36 tb Exp $ */
+/* $OpenBSD: ts_rsp_sign.c,v 1.33 2024/03/24 11:30:12 beck Exp $ */
 /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
  * project 2002.
  */
@@ -999,7 +999,7 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time,
 	if (precision > TS_MAX_CLOCK_PRECISION_DIGITS)
 		goto err;
 
-	if (!(tm = gmtime(&sec)))
+	if (OPENSSL_gmtime(&sec, tm) == NULL)
 		goto err;
 
 	/*
diff --git a/lib/libtls/tls_conninfo.c b/lib/libtls/tls_conninfo.c
index 90fdfacad3c..08f8714ecd7 100644
--- a/lib/libtls/tls_conninfo.c
+++ b/lib/libtls/tls_conninfo.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_conninfo.c,v 1.24 2023/11/13 10:51:49 tb Exp $ */
+/* $OpenBSD: tls_conninfo.c,v 1.25 2024/03/24 11:30:12 beck Exp $ */
 /*
  * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
@@ -19,12 +19,27 @@
 #include <stdio.h>
 #include <string.h>
 
+#include <openssl/posix_time.h>
 #include <openssl/x509.h>
 
 #include <tls.h>
 #include "tls_internal.h"
 
-int ASN1_time_tm_clamp_notafter(struct tm *tm);
+static int
+tls_convert_notafter(struct tm *tm, time_t *out_time)
+{
+	int64_t posix_time;
+
+	/* OPENSSL_timegm() fails if tm is not representable in a time_t */
+	if (OPENSSL_timegm(tm, out_time))
+		return 1;
+	if (!OPENSSL_tm_to_posix(tm, &posix_time))
+		return 0;
+	if (posix_time < INT32_MIN)
+		return 0;
+	*out_time = (posix_time > INT32_MAX) ? INT32_MAX : posix_time;
+	return 1;
+}
 
 int
 tls_hex_string(const unsigned char *in, size_t inlen, char **out,
@@ -121,13 +136,10 @@ tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore,
 		goto err;
 	if (!ASN1_TIME_to_tm(after, &after_tm))
 		goto err;
-	if (!ASN1_time_tm_clamp_notafter(&after_tm))
+	if (!tls_convert_notafter(&after_tm, notafter))
 		goto err;
-	if ((*notbefore = timegm(&before_tm)) == -1)
+	if (!OPENSSL_timegm(&before_tm, notbefore))
 		goto err;
-	if ((*notafter = timegm(&after_tm)) == -1)
-		goto err;
-
 	return (0);
 
  err:
diff --git a/lib/libtls/tls_ocsp.c b/lib/libtls/tls_ocsp.c
index c7eb3e59869..f7d7ba91997 100644
--- a/lib/libtls/tls_ocsp.c
+++ b/lib/libtls/tls_ocsp.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tls_ocsp.c,v 1.24 2023/11/13 10:56:19 tb Exp $ */
+/*	$OpenBSD: tls_ocsp.c,v 1.25 2024/03/24 11:30:12 beck Exp $ */
 /*
  * Copyright (c) 2015 Marko Kreen <markokr@gmail.com>
  * Copyright (c) 2016 Bob Beck <beck@openbsd.org>
@@ -25,6 +25,7 @@
 
 #include <openssl/err.h>
 #include <openssl/ocsp.h>
+#include <openssl/posix_time.h>
 #include <openssl/x509.h>
 
 #include <tls.h>
@@ -68,7 +69,7 @@ tls_ocsp_asn1_parse_time(struct tls *ctx, ASN1_GENERALIZEDTIME *gt, time_t *gt_t
 		return -1;
 	if (!ASN1_TIME_to_tm(gt, &tm))
 		return -1;
-	if ((*gt_time = timegm(&tm)) == -1)
+	if (!OPENSSL_timegm(&tm, gt_time))
 		return -1;
 	return 0;
 }
diff --git a/usr.sbin/ocspcheck/ocspcheck.c b/usr.sbin/ocspcheck/ocspcheck.c
index 234f3d22f63..9739e398e8d 100644
--- a/usr.sbin/ocspcheck/ocspcheck.c
+++ b/usr.sbin/ocspcheck/ocspcheck.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ocspcheck.c,v 1.32 2023/11/13 11:46:24 tb Exp $ */
+/* $OpenBSD: ocspcheck.c,v 1.33 2024/03/24 11:30:12 beck Exp $ */
 
 /*
  * Copyright (c) 2017,2020 Bob Beck <beck@openbsd.org>
@@ -34,6 +34,7 @@
 
 #include <openssl/err.h>
 #include <openssl/ocsp.h>
+#include <openssl/posix_time.h>
 #include <openssl/ssl.h>
 
 #include "http.h"
@@ -193,7 +194,7 @@ parse_ocsp_time(ASN1_GENERALIZEDTIME *gt)
 		return -1;
 	if (!ASN1_TIME_to_tm(gt, &tm))
 		return -1;
-	if ((rv = timegm(&tm)) == -1)
+	if (!OPENSSL_timegm(&tm, &rv))
 		return -1;
 	return rv;
 }