diff options
author | June McEnroe <june@causal.agency> | 2020-07-28 15:19:20 -0400 |
---|---|---|
committer | June McEnroe <june@causal.agency> | 2020-07-31 12:12:53 -0400 |
commit | 7b1b55f3811fbef58ee37959d81f43f278b87a8e (patch) | |
tree | 37f86569785aa0f66c16d64b2523a9dce5c9022a | |
parent | tls_conninfo: Use ASN1_TIME_to_tm (diff) | |
download | libretls-7b1b55f3811fbef58ee37959d81f43f278b87a8e.tar.gz libretls-7b1b55f3811fbef58ee37959d81f43f278b87a8e.zip |
tls_conninfo: Implement time_tm_clamp_notafter
From crypto/asn1/a_time_tm.c
-rw-r--r-- | tls_conninfo.c | 52 |
1 files changed, 49 insertions, 3 deletions
diff --git a/tls_conninfo.c b/tls_conninfo.c index 5fb8948..7805719 100644 --- a/tls_conninfo.c +++ b/tls_conninfo.c @@ -24,8 +24,6 @@ #include <tls.h> #include "tls_internal.h" -int ASN1_time_tm_clamp_notafter(struct tm *tm); - int tls_hex_string(const unsigned char *in, size_t inlen, char **out, size_t *outlen) @@ -104,6 +102,54 @@ tls_get_peer_cert_subject(struct tls *ctx, char **subject) } static int +time_tm_cmp(struct tm *tm1, struct tm *tm2) +{ + if (tm1->tm_year < tm2->tm_year) + return (-1); + if (tm1->tm_year > tm2->tm_year) + return (1); + if (tm1->tm_mon < tm2->tm_mon) + return (-1); + if (tm1->tm_mon > tm2->tm_mon) + return (1); + if (tm1->tm_mday < tm2->tm_mday) + return (-1); + if (tm1->tm_mday > tm2->tm_mday) + return (1); + if (tm1->tm_hour < tm2->tm_hour) + return (-1); + if (tm1->tm_hour > tm2->tm_hour) + return (1); + if (tm1->tm_min < tm2->tm_min) + return (-1); + if (tm1->tm_min > tm2->tm_min) + return (1); + if (tm1->tm_sec < tm2->tm_sec) + return (-1); + if (tm1->tm_sec > tm2->tm_sec) + return (1); + return 0; +} + +static int +time_tm_clamp_notafter(struct tm *tm) +{ +#ifdef SMALL_TIME_T + struct tm broken_os_epoch_tm; + time_t broken_os_epoch_time = INT_MAX; + + if (gmtime_r(&broken_os_epoch_time, &broken_os_epoch_tm) == NULL) + return 0; + + if (time_tm_cmp(tm, &broken_os_epoch_tm) == 1) + memcpy(tm, &broken_os_epoch_tm, sizeof(*tm)); +#else + (void)time_tm_cmp; +#endif + return 1; +} + +static int tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore, time_t *notafter) { @@ -124,7 +170,7 @@ tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore, goto err; if (ASN1_TIME_to_tm(after, &after_tm) == 0) goto err; - if (!ASN1_time_tm_clamp_notafter(&after_tm)) + if (!time_tm_clamp_notafter(&after_tm)) goto err; if ((*notbefore = timegm(&before_tm)) == -1) goto err; |