From 7b1b55f3811fbef58ee37959d81f43f278b87a8e Mon Sep 17 00:00:00 2001
From: "C. McEnroe" <june@causal.agency>
Date: Tue, 28 Jul 2020 15:19:20 -0400
Subject: tls_conninfo: Implement time_tm_clamp_notafter

From crypto/asn1/a_time_tm.c
---
 tls_conninfo.c | 52 +++++++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 49 insertions(+), 3 deletions(-)

diff --git a/tls_conninfo.c b/tls_conninfo.c
index 5fb8948..7805719 100644
--- a/tls_conninfo.c
+++ b/tls_conninfo.c
@@ -24,8 +24,6 @@
 #include <tls.h>
 #include "tls_internal.h"
 
-int ASN1_time_tm_clamp_notafter(struct tm *tm);
-
 int
 tls_hex_string(const unsigned char *in, size_t inlen, char **out,
     size_t *outlen)
@@ -103,6 +101,54 @@ tls_get_peer_cert_subject(struct tls *ctx, char **subject)
 	return (0);
 }
 
+static int
+time_tm_cmp(struct tm *tm1, struct tm *tm2)
+{
+	if (tm1->tm_year < tm2->tm_year)
+		return (-1);
+	if (tm1->tm_year > tm2->tm_year)
+		return (1);
+	if (tm1->tm_mon < tm2->tm_mon)
+		return (-1);
+	if (tm1->tm_mon > tm2->tm_mon)
+		return (1);
+	if (tm1->tm_mday < tm2->tm_mday)
+		return (-1);
+	if (tm1->tm_mday > tm2->tm_mday)
+		return (1);
+	if (tm1->tm_hour < tm2->tm_hour)
+		return (-1);
+	if (tm1->tm_hour > tm2->tm_hour)
+		return (1);
+	if (tm1->tm_min < tm2->tm_min)
+		return (-1);
+	if (tm1->tm_min > tm2->tm_min)
+		return (1);
+	if (tm1->tm_sec < tm2->tm_sec)
+		return (-1);
+	if (tm1->tm_sec > tm2->tm_sec)
+		return (1);
+	return 0;
+}
+
+static int
+time_tm_clamp_notafter(struct tm *tm)
+{
+#ifdef SMALL_TIME_T
+	struct tm broken_os_epoch_tm;
+	time_t broken_os_epoch_time = INT_MAX;
+
+	if (gmtime_r(&broken_os_epoch_time, &broken_os_epoch_tm) == NULL)
+		return 0;
+
+	if (time_tm_cmp(tm, &broken_os_epoch_tm) == 1)
+		memcpy(tm, &broken_os_epoch_tm, sizeof(*tm));
+#else
+	(void)time_tm_cmp;
+#endif
+	return 1;
+}
+
 static int
 tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore,
     time_t *notafter)
@@ -124,7 +170,7 @@ tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore,
 		goto err;
 	if (ASN1_TIME_to_tm(after, &after_tm) == 0)
 		goto err;
-	if (!ASN1_time_tm_clamp_notafter(&after_tm))
+	if (!time_tm_clamp_notafter(&after_tm))
 		goto err;
 	if ((*notbefore = timegm(&before_tm)) == -1)
 		goto err;
-- 
cgit 1.4.1