Update upstream source from tag 'upstream/6.8p1'
Update to upstream version '6.8p1'
with Debian dir 8ae9e59e5c82336ac32e95fea8131edd75d37e9b
Marco d'Itri
3 years ago
55 | 55 | if !HAVE_SETRESUID |
56 | 56 | libcompat_la_SOURCES += bsd-setresuid.c |
57 | 57 | endif |
58 | ||
59 | if !HAVE_ASN1_TIME_PARSE | |
60 | libcompat_la_SOURCES += a_time_tm.c | |
61 | else | |
62 | if !HAVE_ASN1_TIME_TM_CMP | |
63 | libcompat_la_SOURCES += a_time_tm.c | |
64 | endif | |
65 | endif |
110 | 110 | @HAVE_STRTONUM_FALSE@am__append_6 = strtonum.c |
111 | 111 | @HAVE_SETRESGID_FALSE@am__append_7 = bsd-setresgid.c |
112 | 112 | @HAVE_SETRESUID_FALSE@am__append_8 = bsd-setresuid.c |
113 | @HAVE_ASN1_TIME_PARSE_FALSE@am__append_9 = a_time_tm.c | |
114 | @HAVE_ASN1_TIME_PARSE_TRUE@@HAVE_ASN1_TIME_TM_CMP_FALSE@am__append_10 = a_time_tm.c | |
113 | 115 | subdir = compat |
114 | 116 | ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 |
115 | 117 | am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ |
125 | 127 | LTLIBRARIES = $(noinst_LTLIBRARIES) |
126 | 128 | libcompat_la_DEPENDENCIES = |
127 | 129 | am__libcompat_la_SOURCES_DIST = reallocarray.c recallocarray.c \ |
128 | strlcat.c strlcpy.c strtonum.c bsd-setresgid.c bsd-setresuid.c | |
130 | strlcat.c strlcpy.c strtonum.c bsd-setresgid.c bsd-setresuid.c \ | |
131 | a_time_tm.c | |
129 | 132 | @HAVE_REALLOCARRAY_FALSE@am__objects_1 = reallocarray.lo |
130 | 133 | @HAVE_RECALLOCARRAY_FALSE@am__objects_2 = recallocarray.lo |
131 | 134 | @HAVE_STRLCAT_FALSE@am__objects_3 = strlcat.lo |
133 | 136 | @HAVE_STRTONUM_FALSE@am__objects_5 = strtonum.lo |
134 | 137 | @HAVE_SETRESGID_FALSE@am__objects_6 = bsd-setresgid.lo |
135 | 138 | @HAVE_SETRESUID_FALSE@am__objects_7 = bsd-setresuid.lo |
139 | @HAVE_ASN1_TIME_PARSE_FALSE@am__objects_8 = a_time_tm.lo | |
140 | @HAVE_ASN1_TIME_PARSE_TRUE@@HAVE_ASN1_TIME_TM_CMP_FALSE@am__objects_9 = a_time_tm.lo | |
136 | 141 | am_libcompat_la_OBJECTS = $(am__objects_1) $(am__objects_2) \ |
137 | 142 | $(am__objects_3) $(am__objects_4) $(am__objects_5) \ |
138 | $(am__objects_6) $(am__objects_7) | |
143 | $(am__objects_6) $(am__objects_7) $(am__objects_8) \ | |
144 | $(am__objects_9) | |
139 | 145 | libcompat_la_OBJECTS = $(am_libcompat_la_OBJECTS) |
140 | 146 | AM_V_lt = $(am__v_lt_@AM_V@) |
141 | 147 | am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) |
143 | 149 | am__v_lt_1 = |
144 | 150 | libcompatnoopt_la_LIBADD = |
145 | 151 | am__libcompatnoopt_la_SOURCES_DIST = explicit_bzero.c |
146 | @HAVE_EXPLICIT_BZERO_FALSE@am__objects_8 = libcompatnoopt_la-explicit_bzero.lo | |
147 | am_libcompatnoopt_la_OBJECTS = $(am__objects_8) | |
152 | @HAVE_EXPLICIT_BZERO_FALSE@am__objects_10 = libcompatnoopt_la-explicit_bzero.lo | |
153 | am_libcompatnoopt_la_OBJECTS = $(am__objects_10) | |
148 | 154 | libcompatnoopt_la_OBJECTS = $(am_libcompatnoopt_la_OBJECTS) |
149 | 155 | libcompatnoopt_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ |
150 | 156 | $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ |
165 | 171 | DEFAULT_INCLUDES = -I.@am__isrc@ |
166 | 172 | depcomp = $(SHELL) $(top_srcdir)/depcomp |
167 | 173 | am__maybe_remake_depfiles = depfiles |
168 | am__depfiles_remade = ./$(DEPDIR)/bsd-setresgid.Plo \ | |
169 | ./$(DEPDIR)/bsd-setresuid.Plo \ | |
174 | am__depfiles_remade = ./$(DEPDIR)/a_time_tm.Plo \ | |
175 | ./$(DEPDIR)/bsd-setresgid.Plo ./$(DEPDIR)/bsd-setresuid.Plo \ | |
170 | 176 | ./$(DEPDIR)/libcompatnoopt_la-explicit_bzero.Plo \ |
171 | 177 | ./$(DEPDIR)/reallocarray.Plo ./$(DEPDIR)/recallocarray.Plo \ |
172 | 178 | ./$(DEPDIR)/strlcat.Plo ./$(DEPDIR)/strlcpy.Plo \ |
353 | 359 | # other compatibility functions |
354 | 360 | libcompat_la_SOURCES = $(am__append_2) $(am__append_3) $(am__append_4) \ |
355 | 361 | $(am__append_5) $(am__append_6) $(am__append_7) \ |
356 | $(am__append_8) | |
362 | $(am__append_8) $(am__append_9) $(am__append_10) | |
357 | 363 | libcompat_la_LIBADD = $(PLATFORM_LDADD) |
358 | 364 | all: all-am |
359 | 365 | |
412 | 418 | distclean-compile: |
413 | 419 | -rm -f *.tab.c |
414 | 420 | |
421 | @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/a_time_tm.Plo@am__quote@ # am--include-marker | |
415 | 422 | @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsd-setresgid.Plo@am__quote@ # am--include-marker |
416 | 423 | @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsd-setresuid.Plo@am__quote@ # am--include-marker |
417 | 424 | @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcompatnoopt_la-explicit_bzero.Plo@am__quote@ # am--include-marker |
589 | 596 | mostlyclean-am |
590 | 597 | |
591 | 598 | distclean: distclean-am |
592 | -rm -f ./$(DEPDIR)/bsd-setresgid.Plo | |
599 | -rm -f ./$(DEPDIR)/a_time_tm.Plo | |
600 | -rm -f ./$(DEPDIR)/bsd-setresgid.Plo | |
593 | 601 | -rm -f ./$(DEPDIR)/bsd-setresuid.Plo |
594 | 602 | -rm -f ./$(DEPDIR)/libcompatnoopt_la-explicit_bzero.Plo |
595 | 603 | -rm -f ./$(DEPDIR)/reallocarray.Plo |
642 | 650 | installcheck-am: |
643 | 651 | |
644 | 652 | maintainer-clean: maintainer-clean-am |
645 | -rm -f ./$(DEPDIR)/bsd-setresgid.Plo | |
653 | -rm -f ./$(DEPDIR)/a_time_tm.Plo | |
654 | -rm -f ./$(DEPDIR)/bsd-setresgid.Plo | |
646 | 655 | -rm -f ./$(DEPDIR)/bsd-setresuid.Plo |
647 | 656 | -rm -f ./$(DEPDIR)/libcompatnoopt_la-explicit_bzero.Plo |
648 | 657 | -rm -f ./$(DEPDIR)/reallocarray.Plo |
0 | /* $OpenBSD: a_time_tm.c,v 1.15 2018/04/25 11:48:21 tb Exp $ */ | |
1 | /* | |
2 | * Copyright (c) 2015 Bob Beck <beck@openbsd.org> | |
3 | * | |
4 | * Permission to use, copy, modify, and distribute this software for any | |
5 | * purpose with or without fee is hereby granted, provided that the above | |
6 | * copyright notice and this permission notice appear in all copies. | |
7 | * | |
8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | |
9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | |
10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | |
11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | |
12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | |
13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | |
14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | |
15 | */ | |
16 | #include <ctype.h> | |
17 | #include <limits.h> | |
18 | #include <stdio.h> | |
19 | #include <string.h> | |
20 | #include <time.h> | |
21 | ||
22 | #include <openssl/asn1t.h> | |
23 | #include <openssl/err.h> | |
24 | ||
25 | #define RFC5280 0 | |
26 | #define GENTIME_LENGTH 15 | |
27 | #define UTCTIME_LENGTH 13 | |
28 | ||
29 | #ifndef HAVE_ASN1_TIME_TM_CMP | |
30 | int | |
31 | ASN1_time_tm_cmp(struct tm *tm1, struct tm *tm2) | |
32 | { | |
33 | if (tm1->tm_year < tm2->tm_year) | |
34 | return (-1); | |
35 | if (tm1->tm_year > tm2->tm_year) | |
36 | return (1); | |
37 | if (tm1->tm_mon < tm2->tm_mon) | |
38 | return (-1); | |
39 | if (tm1->tm_mon > tm2->tm_mon) | |
40 | return (1); | |
41 | if (tm1->tm_mday < tm2->tm_mday) | |
42 | return (-1); | |
43 | if (tm1->tm_mday > tm2->tm_mday) | |
44 | return (1); | |
45 | if (tm1->tm_hour < tm2->tm_hour) | |
46 | return (-1); | |
47 | if (tm1->tm_hour > tm2->tm_hour) | |
48 | return (1); | |
49 | if (tm1->tm_min < tm2->tm_min) | |
50 | return (-1); | |
51 | if (tm1->tm_min > tm2->tm_min) | |
52 | return (1); | |
53 | if (tm1->tm_sec < tm2->tm_sec) | |
54 | return (-1); | |
55 | if (tm1->tm_sec > tm2->tm_sec) | |
56 | return (1); | |
57 | return 0; | |
58 | } | |
59 | #endif | |
60 | ||
61 | #ifndef HAVE_ASN1_TIME_PARSE | |
62 | /* | |
63 | * Parse an RFC 5280 format ASN.1 time string. | |
64 | * | |
65 | * mode must be: | |
66 | * 0 if we expect to parse a time as specified in RFC 5280 for an X509 object. | |
67 | * V_ASN1_UTCTIME if we wish to parse an RFC5280 format UTC time. | |
68 | * V_ASN1_GENERALIZEDTIME if we wish to parse an RFC5280 format Generalized time. | |
69 | * | |
70 | * Returns: | |
71 | * -1 if the string was invalid. | |
72 | * V_ASN1_UTCTIME if the string validated as a UTC time string. | |
73 | * V_ASN1_GENERALIZEDTIME if the string validated as a Generalized time string. | |
74 | * | |
75 | * Fills in *tm with the corresponding time if tm is non NULL. | |
76 | */ | |
77 | #define ATOI2(ar) ((ar) += 2, ((ar)[-2] - '0') * 10 + ((ar)[-1] - '0')) | |
78 | int | |
79 | ASN1_time_parse(const char *bytes, size_t len, struct tm *tm, int mode) | |
80 | { | |
81 | size_t i; | |
82 | int type = 0; | |
83 | struct tm ltm; | |
84 | struct tm *lt; | |
85 | const char *p; | |
86 | ||
87 | if (bytes == NULL) | |
88 | return (-1); | |
89 | ||
90 | /* Constrain to valid lengths. */ | |
91 | if (len != UTCTIME_LENGTH && len != GENTIME_LENGTH) | |
92 | return (-1); | |
93 | ||
94 | lt = tm; | |
95 | if (lt == NULL) { | |
96 | memset(<m, 0, sizeof(ltm)); | |
97 | lt = <m; | |
98 | } | |
99 | ||
100 | /* Timezone is required and must be GMT (Zulu). */ | |
101 | if (bytes[len - 1] != 'Z') | |
102 | return (-1); | |
103 | ||
104 | /* Make sure everything else is digits. */ | |
105 | for (i = 0; i < len - 1; i++) { | |
106 | if (isdigit((unsigned char)bytes[i])) | |
107 | continue; | |
108 | return (-1); | |
109 | } | |
110 | ||
111 | /* | |
112 | * Validate and convert the time | |
113 | */ | |
114 | p = bytes; | |
115 | switch (len) { | |
116 | case GENTIME_LENGTH: | |
117 | if (mode == V_ASN1_UTCTIME) | |
118 | return (-1); | |
119 | lt->tm_year = (ATOI2(p) * 100) - 1900; /* cc */ | |
120 | type = V_ASN1_GENERALIZEDTIME; | |
121 | /* FALLTHROUGH */ | |
122 | case UTCTIME_LENGTH: | |
123 | if (type == 0) { | |
124 | if (mode == V_ASN1_GENERALIZEDTIME) | |
125 | return (-1); | |
126 | type = V_ASN1_UTCTIME; | |
127 | } | |
128 | lt->tm_year += ATOI2(p); /* yy */ | |
129 | if (type == V_ASN1_UTCTIME) { | |
130 | if (lt->tm_year < 50) | |
131 | lt->tm_year += 100; | |
132 | } | |
133 | lt->tm_mon = ATOI2(p) - 1; /* mm */ | |
134 | if (lt->tm_mon < 0 || lt->tm_mon > 11) | |
135 | return (-1); | |
136 | lt->tm_mday = ATOI2(p); /* dd */ | |
137 | if (lt->tm_mday < 1 || lt->tm_mday > 31) | |
138 | return (-1); | |
139 | lt->tm_hour = ATOI2(p); /* HH */ | |
140 | if (lt->tm_hour < 0 || lt->tm_hour > 23) | |
141 | return (-1); | |
142 | lt->tm_min = ATOI2(p); /* MM */ | |
143 | if (lt->tm_min < 0 || lt->tm_min > 59) | |
144 | return (-1); | |
145 | lt->tm_sec = ATOI2(p); /* SS */ | |
146 | /* Leap second 60 is not accepted. Reconsider later? */ | |
147 | if (lt->tm_sec < 0 || lt->tm_sec > 59) | |
148 | return (-1); | |
149 | break; | |
150 | default: | |
151 | return (-1); | |
152 | } | |
153 | ||
154 | return (type); | |
155 | } | |
156 | #endif |
0 | 0 | #! /bin/sh |
1 | 1 | # Guess values for system-dependent variables and create Makefiles. |
2 | # Generated by GNU Autoconf 2.69 for rpki-client 6.8p0. | |
2 | # Generated by GNU Autoconf 2.69 for rpki-client 6.8p1. | |
3 | 3 | # |
4 | 4 | # |
5 | 5 | # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. |
586 | 586 | # Identity of this package. |
587 | 587 | PACKAGE_NAME='rpki-client' |
588 | 588 | PACKAGE_TARNAME='rpki-client' |
589 | PACKAGE_VERSION='6.8p0' | |
590 | PACKAGE_STRING='rpki-client 6.8p0' | |
589 | PACKAGE_VERSION='6.8p1' | |
590 | PACKAGE_STRING='rpki-client 6.8p1' | |
591 | 591 | PACKAGE_BUGREPORT='' |
592 | 592 | PACKAGE_URL='' |
593 | 593 | |
636 | 636 | RPKI_TAL_DIR |
637 | 637 | RSYNC |
638 | 638 | RPKI_USER |
639 | HAVE_ASN1_TIME_TM_CMP_FALSE | |
640 | HAVE_ASN1_TIME_TM_CMP_TRUE | |
641 | HAVE_ASN1_TIME_PARSE_FALSE | |
642 | HAVE_ASN1_TIME_PARSE_TRUE | |
639 | 643 | OPENSSL_LDFLAGS |
640 | 644 | OPENSSL_CFLAGS |
641 | 645 | HAVE_UNVEIL_FALSE |
1366 | 1370 | # Omit some internal or obsolete options to make the list less imposing. |
1367 | 1371 | # This message is too long to be a string in the A/UX 3.1 sh. |
1368 | 1372 | cat <<_ACEOF |
1369 | \`configure' configures rpki-client 6.8p0 to adapt to many kinds of systems. | |
1373 | \`configure' configures rpki-client 6.8p1 to adapt to many kinds of systems. | |
1370 | 1374 | |
1371 | 1375 | Usage: $0 [OPTION]... [VAR=VALUE]... |
1372 | 1376 | |
1437 | 1441 | |
1438 | 1442 | if test -n "$ac_init_help"; then |
1439 | 1443 | case $ac_init_help in |
1440 | short | recursive ) echo "Configuration of rpki-client 6.8p0:";; | |
1444 | short | recursive ) echo "Configuration of rpki-client 6.8p1:";; | |
1441 | 1445 | esac |
1442 | 1446 | cat <<\_ACEOF |
1443 | 1447 | |
1554 | 1558 | test -n "$ac_init_help" && exit $ac_status |
1555 | 1559 | if $ac_init_version; then |
1556 | 1560 | cat <<\_ACEOF |
1557 | rpki-client configure 6.8p0 | |
1561 | rpki-client configure 6.8p1 | |
1558 | 1562 | generated by GNU Autoconf 2.69 |
1559 | 1563 | |
1560 | 1564 | Copyright (C) 2012 Free Software Foundation, Inc. |
1919 | 1923 | This file contains any messages produced by compilers while |
1920 | 1924 | running configure, to aid debugging if configure makes a mistake. |
1921 | 1925 | |
1922 | It was created by rpki-client $as_me 6.8p0, which was | |
1926 | It was created by rpki-client $as_me 6.8p1, which was | |
1923 | 1927 | generated by GNU Autoconf 2.69. Invocation command line was |
1924 | 1928 | |
1925 | 1929 | $ $0 $@ |
2854 | 2858 | |
2855 | 2859 | # Define the identity of the package. |
2856 | 2860 | PACKAGE='rpki-client' |
2857 | VERSION='6.8p0' | |
2861 | VERSION='6.8p1' | |
2858 | 2862 | |
2859 | 2863 | |
2860 | 2864 | cat >>confdefs.h <<_ACEOF |
13029 | 13033 | fi |
13030 | 13034 | |
13031 | 13035 | |
13036 | for ac_func in ASN1_time_parse ASN1_time_tm_cmp | |
13037 | do : | |
13038 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | |
13039 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | |
13040 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | |
13041 | cat >>confdefs.h <<_ACEOF | |
13042 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | |
13043 | _ACEOF | |
13044 | ||
13045 | fi | |
13046 | done | |
13047 | ||
13048 | if test "x$ac_cv_func_ASN1_time_parse" = xyes; then | |
13049 | HAVE_ASN1_TIME_PARSE_TRUE= | |
13050 | HAVE_ASN1_TIME_PARSE_FALSE='#' | |
13051 | else | |
13052 | HAVE_ASN1_TIME_PARSE_TRUE='#' | |
13053 | HAVE_ASN1_TIME_PARSE_FALSE= | |
13054 | fi | |
13055 | ||
13056 | if test "x$ac_cv_func_ASN1_time_tm_cmp" = xyes; then | |
13057 | HAVE_ASN1_TIME_TM_CMP_TRUE= | |
13058 | HAVE_ASN1_TIME_TM_CMP_FALSE='#' | |
13059 | else | |
13060 | HAVE_ASN1_TIME_TM_CMP_TRUE='#' | |
13061 | HAVE_ASN1_TIME_TM_CMP_FALSE= | |
13062 | fi | |
13063 | ||
13064 | ||
13032 | 13065 | |
13033 | 13066 | # Check whether --with-user was given. |
13034 | 13067 | if test "${with_user+set}" = set; then : |
13378 | 13411 | as_fn_error $? "conditional \"HAVE_UNVEIL\" was never defined. |
13379 | 13412 | Usually this means the macro was only invoked conditionally." "$LINENO" 5 |
13380 | 13413 | fi |
13414 | if test -z "${HAVE_ASN1_TIME_PARSE_TRUE}" && test -z "${HAVE_ASN1_TIME_PARSE_FALSE}"; then | |
13415 | as_fn_error $? "conditional \"HAVE_ASN1_TIME_PARSE\" was never defined. | |
13416 | Usually this means the macro was only invoked conditionally." "$LINENO" 5 | |
13417 | fi | |
13418 | if test -z "${HAVE_ASN1_TIME_TM_CMP_TRUE}" && test -z "${HAVE_ASN1_TIME_TM_CMP_FALSE}"; then | |
13419 | as_fn_error $? "conditional \"HAVE_ASN1_TIME_TM_CMP\" was never defined. | |
13420 | Usually this means the macro was only invoked conditionally." "$LINENO" 5 | |
13421 | fi | |
13381 | 13422 | |
13382 | 13423 | : "${CONFIG_STATUS=./config.status}" |
13383 | 13424 | ac_write_fail=0 |
13775 | 13816 | # report actual input values of CONFIG_FILES etc. instead of their |
13776 | 13817 | # values after options handling. |
13777 | 13818 | ac_log=" |
13778 | This file was extended by rpki-client $as_me 6.8p0, which was | |
13819 | This file was extended by rpki-client $as_me 6.8p1, which was | |
13779 | 13820 | generated by GNU Autoconf 2.69. Invocation command line was |
13780 | 13821 | |
13781 | 13822 | CONFIG_FILES = $CONFIG_FILES |
13832 | 13873 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 |
13833 | 13874 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" |
13834 | 13875 | ac_cs_version="\\ |
13835 | rpki-client config.status 6.8p0 | |
13876 | rpki-client config.status 6.8p1 | |
13836 | 13877 | configured by $0, generated by GNU Autoconf 2.69, |
13837 | 13878 | with options \\"\$ac_cs_config\\" |
13838 | 13879 |
158 | 158 | AC_CHECK_LIB([crypto], [ASN1_STRING_get0_data], [], [AC_MSG_ERROR([OpenSSL libraries required])]) |
159 | 159 | AC_CHECK_LIB([crypto], [X509_up_ref], [], [AC_MSG_ERROR([OpenSSL libraries required])]) |
160 | 160 | |
161 | AC_CHECK_FUNCS([ASN1_time_parse ASN1_time_tm_cmp]) | |
162 | AM_CONDITIONAL([HAVE_ASN1_TIME_PARSE], [test "x$ac_cv_func_ASN1_time_parse" = xyes]) | |
163 | AM_CONDITIONAL([HAVE_ASN1_TIME_TM_CMP], [test "x$ac_cv_func_ASN1_time_tm_cmp" = xyes]) | |
164 | ||
161 | 165 | AC_ARG_WITH([user], |
162 | 166 | AS_HELP_STRING([--with-user=user], |
163 | 167 | [User for rpki-client to use when run as root]), |
2 | 2 | noinst_HEADERS += sys/queue.h |
3 | 3 | noinst_HEADERS += sys/tree.h |
4 | 4 | noinst_HEADERS += sys/types.h |
5 | noinst_HEADERS += openssl/asn1.h | |
5 | 6 | noinst_HEADERS += poll.h |
6 | 7 | noinst_HEADERS += sha2.h |
7 | 8 | noinst_HEADERS += sha2_openbsd.h |
265 | 265 | top_build_prefix = @top_build_prefix@ |
266 | 266 | top_builddir = @top_builddir@ |
267 | 267 | top_srcdir = @top_srcdir@ |
268 | noinst_HEADERS = sys/_null.h sys/queue.h sys/tree.h sys/types.h poll.h \ | |
269 | sha2.h sha2_openbsd.h stdlib.h string.h unistd.h | |
268 | noinst_HEADERS = sys/_null.h sys/queue.h sys/tree.h sys/types.h \ | |
269 | openssl/asn1.h poll.h sha2.h sha2_openbsd.h stdlib.h string.h \ | |
270 | unistd.h | |
270 | 271 | all: all-am |
271 | 272 | |
272 | 273 | .SUFFIXES: |
0 | /* | |
1 | * Public domain | |
2 | * openssl/asn1.h compatibility shim | |
3 | */ | |
4 | ||
5 | #include_next <openssl/asn1.h> | |
6 | ||
7 | #ifndef LIBCOMPAT_OPENSSL_ASN1_H | |
8 | #define LIBCOMPAT_OPENSSL_ASN1_H | |
9 | ||
10 | #ifndef HAVE_ASN1_TIME_PARSE | |
11 | int ASN1_time_parse(const char *_bytes, size_t _len, struct tm *_tm, int _mode); | |
12 | #endif | |
13 | ||
14 | #ifndef HAVE_ASN1_TIME_TM_CMP | |
15 | int ASN1_time_tm_cmp(struct tm *_tm1, struct tm *_tm2); | |
16 | #endif | |
17 | ||
18 | #endif |
0 | /* $OpenBSD: mft.c,v 1.16 2020/09/12 15:46:48 claudio Exp $ */ | |
0 | /* $OpenBSD: mft.c,v 1.16.4.1 2020/11/09 16:58:04 tb Exp $ */ | |
1 | 1 | /* |
2 | 2 | * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> |
3 | 3 | * |
53 | 53 | } |
54 | 54 | |
55 | 55 | /* |
56 | * Convert an ASN1_GENERALIZEDTIME to a struct tm. | |
57 | * Returns 1 on success, 0 on failure. | |
58 | */ | |
59 | static int | |
60 | generalizedtime_to_tm(const ASN1_GENERALIZEDTIME *gtime, struct tm *tm) | |
61 | { | |
62 | const char *data; | |
63 | size_t len; | |
64 | ||
65 | data = ASN1_STRING_get0_data(gtime); | |
66 | len = ASN1_STRING_length(gtime); | |
67 | ||
68 | return ASN1_time_parse(data, len, tm, V_ASN1_GENERALIZEDTIME) == | |
69 | V_ASN1_GENERALIZEDTIME; | |
70 | } | |
71 | ||
72 | /* | |
56 | 73 | * Validate and verify the time validity of the mft. |
57 | 74 | * Returns 1 if all is good, 0 if mft is stale, any other case -1. |
58 | * XXX should use ASN1_time_tm_cmp() once libressl is used. | |
59 | */ | |
60 | static time_t | |
75 | */ | |
76 | static int | |
61 | 77 | check_validity(const ASN1_GENERALIZEDTIME *from, |
62 | 78 | const ASN1_GENERALIZEDTIME *until, const char *fn) |
63 | 79 | { |
64 | 80 | time_t now = time(NULL); |
65 | ||
66 | if (!ASN1_GENERALIZEDTIME_check(from) || | |
67 | !ASN1_GENERALIZEDTIME_check(until)) { | |
68 | warnx("%s: embedded time format invalid", fn); | |
81 | struct tm tm_from, tm_until, tm_now; | |
82 | ||
83 | if (gmtime_r(&now, &tm_now) == NULL) { | |
84 | warnx("%s: could not get current time", fn); | |
69 | 85 | return -1; |
70 | 86 | } |
87 | ||
88 | if (!generalizedtime_to_tm(from, &tm_from)) { | |
89 | warnx("%s: embedded from time format invalid", fn); | |
90 | return -1; | |
91 | } | |
92 | if (!generalizedtime_to_tm(until, &tm_until)) { | |
93 | warnx("%s: embedded until time format invalid", fn); | |
94 | return -1; | |
95 | } | |
96 | ||
71 | 97 | /* check that until is not before from */ |
72 | if (ASN1_STRING_cmp(until, from) < 0) { | |
98 | if (ASN1_time_tm_cmp(&tm_until, &tm_from) < 0) { | |
73 | 99 | warnx("%s: bad update interval", fn); |
74 | 100 | return -1; |
75 | 101 | } |
76 | 102 | /* check that now is not before from */ |
77 | if (X509_cmp_time(from, &now) > 0) { | |
103 | if (ASN1_time_tm_cmp(&tm_from, &tm_now) > 0) { | |
78 | 104 | warnx("%s: mft not yet valid %s", fn, gentime2str(from)); |
79 | 105 | return -1; |
80 | 106 | } |
81 | 107 | /* check that now is not after until */ |
82 | if (X509_cmp_time(until, &now) < 0) { | |
108 | if (ASN1_time_tm_cmp(&tm_until, &tm_now) < 0) { | |
83 | 109 | warnx("%s: mft expired on %s", fn, gentime2str(until)); |
84 | 110 | return 0; |
85 | 111 | } |