diff options
author | Laurent Bercot <ska-skaware@skarnet.org> | 2022-10-07 15:29:40 +0000 |
---|---|---|
committer | Laurent Bercot <ska@appnovation.com> | 2022-10-07 15:29:40 +0000 |
commit | e8d3f9d42c34f268a181661ca4aaedfa066c0a0a (patch) | |
tree | dd6eaaf3499e851f3b96bd9a1b391e14acaabe78 /src/sbearssl | |
parent | d41fef5b74478b36787f387ed3f58099ac19c905 (diff) | |
download | s6-networking-e8d3f9d42c34f268a181661ca4aaedfa066c0a0a.tar.xz |
Add workaround to bearssl regression with BR_FEATURE_X509_TIME_CALLBACK
Signed-off-by: Laurent Bercot <ska@appnovation.com>
Diffstat (limited to 'src/sbearssl')
-rw-r--r-- | src/sbearssl/deps-lib/sbearssl | 3 | ||||
-rw-r--r-- | src/sbearssl/sbearssl_dayseconds_from_tai.c | 21 | ||||
-rw-r--r-- | src/sbearssl/sbearssl_tai_from_dayseconds.c | 12 | ||||
-rw-r--r-- | src/sbearssl/sbearssl_x509_minimal_set_tai.c | 12 | ||||
-rw-r--r-- | src/sbearssl/sbearssl_x509_small_init_full.c | 5 | ||||
-rw-r--r-- | src/sbearssl/sbearssl_x509_time_check.c | 16 |
6 files changed, 61 insertions, 8 deletions
diff --git a/src/sbearssl/deps-lib/sbearssl b/src/sbearssl/deps-lib/sbearssl index 5241e56..782816e 100644 --- a/src/sbearssl/deps-lib/sbearssl +++ b/src/sbearssl/deps-lib/sbearssl @@ -54,5 +54,8 @@ sbearssl_x500_name_len.o sbearssl_x509_minimal_set_tai.o sbearssl_x509_small_init_full.o sbearssl_x509_small_vtable.o +sbearssl_dayseconds_from_tai.o +sbearssl_tai_from_dayseconds.o +sbearssl_x509_time_check.o -lbearssl -lskarnet diff --git a/src/sbearssl/sbearssl_dayseconds_from_tai.c b/src/sbearssl/sbearssl_dayseconds_from_tai.c new file mode 100644 index 0000000..73ab2be --- /dev/null +++ b/src/sbearssl/sbearssl_dayseconds_from_tai.c @@ -0,0 +1,21 @@ +/* ISC license. */ + +#include <errno.h> + +#include <skalibs/uint64.h> +#include <skalibs/tai.h> +#include <skalibs/djbtime.h> + +#include <s6-networking/sbearssl.h> + +int sbearssl_dayseconds_from_tai (uint32_t *days, uint32_t *seconds, tai const *t) +{ + uint64_t u, d ; + if (!utc_from_tai(&u, t)) return 0 ; + u -= TAI_MAGIC ; + d = u / 86400 + 719528 ; + if (d >= 0xffffffffUL) return (errno = EOVERFLOW, 0) ; + *days = d ; + *seconds = u % 86400 ; + return 1 ; +} diff --git a/src/sbearssl/sbearssl_tai_from_dayseconds.c b/src/sbearssl/sbearssl_tai_from_dayseconds.c new file mode 100644 index 0000000..e97c69c --- /dev/null +++ b/src/sbearssl/sbearssl_tai_from_dayseconds.c @@ -0,0 +1,12 @@ +/* ISC license. */ + +#include <skalibs/uint64.h> +#include <skalibs/tai.h> +#include <skalibs/djbtime.h> + +#include <s6-networking/sbearssl.h> + +int sbearssl_tai_from_dayseconds (tai *t, uint32_t days, uint32_t seconds) +{ + return tai_from_utc(t, TAI_MAGIC + (uint64_t)86400 * (uint64_t)days + 719528 + seconds) ; +} diff --git a/src/sbearssl/sbearssl_x509_minimal_set_tai.c b/src/sbearssl/sbearssl_x509_minimal_set_tai.c index 58a1a4a..0ca9c9d 100644 --- a/src/sbearssl/sbearssl_x509_minimal_set_tai.c +++ b/src/sbearssl/sbearssl_x509_minimal_set_tai.c @@ -1,18 +1,14 @@ /* ISC license. */ +#include <stdint.h> #include <bearssl.h> -#include <skalibs/uint64.h> -#include <skalibs/tai.h> -#include <skalibs/djbtime.h> - #include <s6-networking/sbearssl.h> int sbearssl_x509_minimal_set_tai (br_x509_minimal_context *ctx, tai const *t) { - uint64_t u ; - if (!utc_from_tai(&u, t)) return 0 ; - u -= TAI_MAGIC ; - br_x509_minimal_set_time(ctx, (uint32_t)(u / 86400 + 719528), u % 86400) ; + uint32_t days, seconds ; + if (!sbearssl_dayseconds_from_tai(&days, &seconds, t)) return 0 ; + br_x509_minimal_set_time(ctx, days, seconds) ; return 1 ; } diff --git a/src/sbearssl/sbearssl_x509_small_init_full.c b/src/sbearssl/sbearssl_x509_small_init_full.c index bcb88bb..aece45c 100644 --- a/src/sbearssl/sbearssl_x509_small_init_full.c +++ b/src/sbearssl/sbearssl_x509_small_init_full.c @@ -5,6 +5,8 @@ #include <bearssl.h> +#include <skalibs/tai.h> + #include <s6-networking/sbearssl.h> struct eltinfo_s @@ -28,6 +30,9 @@ void sbearssl_x509_small_init_full (sbearssl_x509_small_context *ctx, br_x509_tr { ctx->vtable = &sbearssl_x509_small_vtable ; br_x509_minimal_init_full(&ctx->minimal, btas, n) ; +#ifdef BR_FEATURE_X509_TIME_CALLBACK + br_x509_minimal_set_time_callback(&ctx->minimal, tain_secp(&STAMP), &sbearssl_x509_time_check) ; +#endif for (unsigned int i = 0 ; i < 6 ; i++) { ctx->elts[i].oid = eltinfo[i].oid ; diff --git a/src/sbearssl/sbearssl_x509_time_check.c b/src/sbearssl/sbearssl_x509_time_check.c new file mode 100644 index 0000000..83e8072 --- /dev/null +++ b/src/sbearssl/sbearssl_x509_time_check.c @@ -0,0 +1,16 @@ +/* ISC license. */ + +#include <stdint.h> +#include <bearssl.h> + +#include <skalibs/tai.h> + +#include <s6-networking/sbearssl.h> + +int sbearssl_x509_time_check (void *ctx, uint32_t nbd, uint32_t nbs, uint32_t nad, uint32_t nas) +{ + uint32_t days, seconds ; + if (!sbearssl_dayseconds_from_tai(&days, &seconds, (tai *)ctx)) return -2 ; + if (days < nbd || (days == nbd && seconds < nbs)) return -1 ; + return days > nad || (days == nad && seconds > nas) ; +} |