From e8d3f9d42c34f268a181661ca4aaedfa066c0a0a Mon Sep 17 00:00:00 2001 From: Laurent Bercot Date: Fri, 7 Oct 2022 15:29:40 +0000 Subject: Add workaround to bearssl regression with BR_FEATURE_X509_TIME_CALLBACK Signed-off-by: Laurent Bercot --- package/deps.mak | 9 ++++++--- src/include/s6-networking/sbearssl.h | 4 ++++ src/sbearssl/deps-lib/sbearssl | 3 +++ src/sbearssl/sbearssl_dayseconds_from_tai.c | 21 +++++++++++++++++++++ src/sbearssl/sbearssl_tai_from_dayseconds.c | 12 ++++++++++++ src/sbearssl/sbearssl_x509_minimal_set_tai.c | 12 ++++-------- src/sbearssl/sbearssl_x509_small_init_full.c | 5 +++++ src/sbearssl/sbearssl_x509_time_check.c | 16 ++++++++++++++++ 8 files changed, 71 insertions(+), 11 deletions(-) create mode 100644 src/sbearssl/sbearssl_dayseconds_from_tai.c create mode 100644 src/sbearssl/sbearssl_tai_from_dayseconds.c create mode 100644 src/sbearssl/sbearssl_x509_time_check.c diff --git a/package/deps.mak b/package/deps.mak index 8776328..0f01c27 100644 --- a/package/deps.mak +++ b/package/deps.mak @@ -33,6 +33,7 @@ src/sbearssl/sbearssl_choose_algos_ec.o src/sbearssl/sbearssl_choose_algos_ec.lo src/sbearssl/sbearssl_choose_algos_rsa.o src/sbearssl/sbearssl_choose_algos_rsa.lo: src/sbearssl/sbearssl_choose_algos_rsa.c src/include/s6-networking/sbearssl.h src/sbearssl/sbearssl-internal.h src/sbearssl/sbearssl_choose_hash.o src/sbearssl/sbearssl_choose_hash.lo: src/sbearssl/sbearssl_choose_hash.c src/sbearssl/sbearssl-internal.h src/sbearssl/sbearssl_client_init_and_run.o src/sbearssl/sbearssl_client_init_and_run.lo: src/sbearssl/sbearssl_client_init_and_run.c src/include/s6-networking/sbearssl.h src/sbearssl/sbearssl-internal.h +src/sbearssl/sbearssl_dayseconds_from_tai.o src/sbearssl/sbearssl_dayseconds_from_tai.lo: src/sbearssl/sbearssl_dayseconds_from_tai.c src/include/s6-networking/sbearssl.h src/sbearssl/sbearssl_drop.o src/sbearssl/sbearssl_drop.lo: src/sbearssl/sbearssl_drop.c src/sbearssl/sbearssl-internal.h src/sbearssl/sbearssl_ec_issuer_keytype.o src/sbearssl/sbearssl_ec_issuer_keytype.lo: src/sbearssl/sbearssl_ec_issuer_keytype.c src/include/s6-networking/sbearssl.h src/sbearssl/sbearssl-internal.h src/sbearssl/sbearssl_ec_pkey_from.o src/sbearssl/sbearssl_ec_pkey_from.lo: src/sbearssl/sbearssl_ec_pkey_from.c src/include/s6-networking/sbearssl.h @@ -75,11 +76,13 @@ src/sbearssl/sbearssl_ta_from.o src/sbearssl/sbearssl_ta_from.lo: src/sbearssl/s src/sbearssl/sbearssl_ta_readdir.o src/sbearssl/sbearssl_ta_readdir.lo: src/sbearssl/sbearssl_ta_readdir.c src/include/s6-networking/sbearssl.h src/sbearssl/sbearssl_ta_readfile.o src/sbearssl/sbearssl_ta_readfile.lo: src/sbearssl/sbearssl_ta_readfile.c src/include/s6-networking/sbearssl.h src/sbearssl/sbearssl_ta_to.o src/sbearssl/sbearssl_ta_to.lo: src/sbearssl/sbearssl_ta_to.c src/include/s6-networking/sbearssl.h +src/sbearssl/sbearssl_tai_from_dayseconds.o src/sbearssl/sbearssl_tai_from_dayseconds.lo: src/sbearssl/sbearssl_tai_from_dayseconds.c src/include/s6-networking/sbearssl.h src/sbearssl/sbearssl_x500_from_ta.o src/sbearssl/sbearssl_x500_from_ta.lo: src/sbearssl/sbearssl_x500_from_ta.c src/include/s6-networking/sbearssl.h src/sbearssl/sbearssl_x500_name_len.o src/sbearssl/sbearssl_x500_name_len.lo: src/sbearssl/sbearssl_x500_name_len.c src/include/s6-networking/sbearssl.h src/sbearssl/sbearssl_x509_minimal_set_tai.o src/sbearssl/sbearssl_x509_minimal_set_tai.lo: src/sbearssl/sbearssl_x509_minimal_set_tai.c src/include/s6-networking/sbearssl.h src/sbearssl/sbearssl_x509_small_init_full.o src/sbearssl/sbearssl_x509_small_init_full.lo: src/sbearssl/sbearssl_x509_small_init_full.c src/include/s6-networking/sbearssl.h src/sbearssl/sbearssl_x509_small_vtable.o src/sbearssl/sbearssl_x509_small_vtable.lo: src/sbearssl/sbearssl_x509_small_vtable.c src/include/s6-networking/sbearssl.h +src/sbearssl/sbearssl_x509_time_check.o src/sbearssl/sbearssl_x509_time_check.lo: src/sbearssl/sbearssl_x509_time_check.c src/include/s6-networking/sbearssl.h src/stls/stls_client_init_and_handshake.o src/stls/stls_client_init_and_handshake.lo: src/stls/stls_client_init_and_handshake.c src/include/s6-networking/stls.h src/stls/stls-internal.h src/stls/stls_drop.o src/stls/stls_drop.lo: src/stls/stls_drop.c src/stls/stls-internal.h src/stls/stls_handshake.o src/stls/stls_handshake.lo: src/stls/stls_handshake.c src/stls/stls-internal.h @@ -140,12 +143,12 @@ endif libs6net.so.xyzzy: EXTRA_LIBS := -lskarnet libs6net.so.xyzzy: src/libs6net/s6net_ident_client.lo src/libs6net/s6net_ident_reply_get.lo src/libs6net/s6net_ident_reply_parse.lo src/libs6net/s6net_ident_error.lo ifeq ($(strip $(STATIC_LIBS_ARE_PIC)),) -libsbearssl.a.xyzzy: src/sbearssl/sbearssl_append.o src/sbearssl/sbearssl_cert_from.o src/sbearssl/sbearssl_cert_readbigpem.o src/sbearssl/sbearssl_cert_readfile.o src/sbearssl/sbearssl_cert_to.o src/sbearssl/sbearssl_choose_algos_ec.o src/sbearssl/sbearssl_choose_algos_rsa.o src/sbearssl/sbearssl_choose_hash.o src/sbearssl/sbearssl_client_init_and_run.o src/sbearssl/sbearssl_drop.o src/sbearssl/sbearssl_ec_issuer_keytype.o src/sbearssl/sbearssl_ec_pkey_from.o src/sbearssl/sbearssl_ec_pkey_to.o src/sbearssl/sbearssl_ec_skey_from.o src/sbearssl/sbearssl_ec_skey_to.o src/sbearssl/sbearssl_error_str.o src/sbearssl/sbearssl_get_keycert.o src/sbearssl/sbearssl_get_tas.o src/sbearssl/sbearssl_isder.o src/sbearssl/sbearssl_pem_decode_from_buffer.o src/sbearssl/sbearssl_pem_decode_from_string.o src/sbearssl/sbearssl_pem_push.o src/sbearssl/sbearssl_pkey_from.o src/sbearssl/sbearssl_pkey_to.o src/sbearssl/sbearssl_rsa_pkey_from.o src/sbearssl/sbearssl_rsa_pkey_to.o src/sbearssl/sbearssl_rsa_skey_from.o src/sbearssl/sbearssl_rsa_skey_to.o src/sbearssl/sbearssl_run.o src/sbearssl/sbearssl_sctx_init_full_generic.o src/sbearssl/sbearssl_sctx_set_policy_sni.o src/sbearssl/sbearssl_send_environment.o src/sbearssl/sbearssl_server_init_and_run.o src/sbearssl/sbearssl_skey_from.o src/sbearssl/sbearssl_skey_readfile.o src/sbearssl/sbearssl_skey_storagelen.o src/sbearssl/sbearssl_skey_to.o src/sbearssl/sbearssl_skey_wipe.o src/sbearssl/sbearssl_sni_policy_add_keypair_file.o src/sbearssl/sbearssl_sni_policy_init.o src/sbearssl/sbearssl_sni_policy_nkeypairs.o src/sbearssl/sbearssl_sni_policy_vtable.o src/sbearssl/sbearssl_suite_bits.o src/sbearssl/sbearssl_suite_list.o src/sbearssl/sbearssl_suite_name.o src/sbearssl/sbearssl_ta_cert.o src/sbearssl/sbearssl_ta_certs.o src/sbearssl/sbearssl_ta_from.o src/sbearssl/sbearssl_ta_readdir.o src/sbearssl/sbearssl_ta_readfile.o src/sbearssl/sbearssl_ta_to.o src/sbearssl/sbearssl_x500_from_ta.o src/sbearssl/sbearssl_x500_name_len.o src/sbearssl/sbearssl_x509_minimal_set_tai.o src/sbearssl/sbearssl_x509_small_init_full.o src/sbearssl/sbearssl_x509_small_vtable.o +libsbearssl.a.xyzzy: src/sbearssl/sbearssl_append.o src/sbearssl/sbearssl_cert_from.o src/sbearssl/sbearssl_cert_readbigpem.o src/sbearssl/sbearssl_cert_readfile.o src/sbearssl/sbearssl_cert_to.o src/sbearssl/sbearssl_choose_algos_ec.o src/sbearssl/sbearssl_choose_algos_rsa.o src/sbearssl/sbearssl_choose_hash.o src/sbearssl/sbearssl_client_init_and_run.o src/sbearssl/sbearssl_drop.o src/sbearssl/sbearssl_ec_issuer_keytype.o src/sbearssl/sbearssl_ec_pkey_from.o src/sbearssl/sbearssl_ec_pkey_to.o src/sbearssl/sbearssl_ec_skey_from.o src/sbearssl/sbearssl_ec_skey_to.o src/sbearssl/sbearssl_error_str.o src/sbearssl/sbearssl_get_keycert.o src/sbearssl/sbearssl_get_tas.o src/sbearssl/sbearssl_isder.o src/sbearssl/sbearssl_pem_decode_from_buffer.o src/sbearssl/sbearssl_pem_decode_from_string.o src/sbearssl/sbearssl_pem_push.o src/sbearssl/sbearssl_pkey_from.o src/sbearssl/sbearssl_pkey_to.o src/sbearssl/sbearssl_rsa_pkey_from.o src/sbearssl/sbearssl_rsa_pkey_to.o src/sbearssl/sbearssl_rsa_skey_from.o src/sbearssl/sbearssl_rsa_skey_to.o src/sbearssl/sbearssl_run.o src/sbearssl/sbearssl_sctx_init_full_generic.o src/sbearssl/sbearssl_sctx_set_policy_sni.o src/sbearssl/sbearssl_send_environment.o src/sbearssl/sbearssl_server_init_and_run.o src/sbearssl/sbearssl_skey_from.o src/sbearssl/sbearssl_skey_readfile.o src/sbearssl/sbearssl_skey_storagelen.o src/sbearssl/sbearssl_skey_to.o src/sbearssl/sbearssl_skey_wipe.o src/sbearssl/sbearssl_sni_policy_add_keypair_file.o src/sbearssl/sbearssl_sni_policy_init.o src/sbearssl/sbearssl_sni_policy_nkeypairs.o src/sbearssl/sbearssl_sni_policy_vtable.o src/sbearssl/sbearssl_suite_bits.o src/sbearssl/sbearssl_suite_list.o src/sbearssl/sbearssl_suite_name.o src/sbearssl/sbearssl_ta_cert.o src/sbearssl/sbearssl_ta_certs.o src/sbearssl/sbearssl_ta_from.o src/sbearssl/sbearssl_ta_readdir.o src/sbearssl/sbearssl_ta_readfile.o src/sbearssl/sbearssl_ta_to.o src/sbearssl/sbearssl_x500_from_ta.o src/sbearssl/sbearssl_x500_name_len.o src/sbearssl/sbearssl_x509_minimal_set_tai.o src/sbearssl/sbearssl_x509_small_init_full.o src/sbearssl/sbearssl_x509_small_vtable.o src/sbearssl/sbearssl_dayseconds_from_tai.o src/sbearssl/sbearssl_tai_from_dayseconds.o src/sbearssl/sbearssl_x509_time_check.o else -libsbearssl.a.xyzzy: src/sbearssl/sbearssl_append.lo src/sbearssl/sbearssl_cert_from.lo src/sbearssl/sbearssl_cert_readbigpem.lo src/sbearssl/sbearssl_cert_readfile.lo src/sbearssl/sbearssl_cert_to.lo src/sbearssl/sbearssl_choose_algos_ec.lo src/sbearssl/sbearssl_choose_algos_rsa.lo src/sbearssl/sbearssl_choose_hash.lo src/sbearssl/sbearssl_client_init_and_run.lo src/sbearssl/sbearssl_drop.lo src/sbearssl/sbearssl_ec_issuer_keytype.lo src/sbearssl/sbearssl_ec_pkey_from.lo src/sbearssl/sbearssl_ec_pkey_to.lo src/sbearssl/sbearssl_ec_skey_from.lo src/sbearssl/sbearssl_ec_skey_to.lo src/sbearssl/sbearssl_error_str.lo src/sbearssl/sbearssl_get_keycert.lo src/sbearssl/sbearssl_get_tas.lo src/sbearssl/sbearssl_isder.lo src/sbearssl/sbearssl_pem_decode_from_buffer.lo src/sbearssl/sbearssl_pem_decode_from_string.lo src/sbearssl/sbearssl_pem_push.lo src/sbearssl/sbearssl_pkey_from.lo src/sbearssl/sbearssl_pkey_to.lo src/sbearssl/sbearssl_rsa_pkey_from.lo src/sbearssl/sbearssl_rsa_pkey_to.lo src/sbearssl/sbearssl_rsa_skey_from.lo src/sbearssl/sbearssl_rsa_skey_to.lo src/sbearssl/sbearssl_run.lo src/sbearssl/sbearssl_sctx_init_full_generic.lo src/sbearssl/sbearssl_sctx_set_policy_sni.lo src/sbearssl/sbearssl_send_environment.lo src/sbearssl/sbearssl_server_init_and_run.lo src/sbearssl/sbearssl_skey_from.lo src/sbearssl/sbearssl_skey_readfile.lo src/sbearssl/sbearssl_skey_storagelen.lo src/sbearssl/sbearssl_skey_to.lo src/sbearssl/sbearssl_skey_wipe.lo src/sbearssl/sbearssl_sni_policy_add_keypair_file.lo src/sbearssl/sbearssl_sni_policy_init.lo src/sbearssl/sbearssl_sni_policy_nkeypairs.lo src/sbearssl/sbearssl_sni_policy_vtable.lo src/sbearssl/sbearssl_suite_bits.lo src/sbearssl/sbearssl_suite_list.lo src/sbearssl/sbearssl_suite_name.lo src/sbearssl/sbearssl_ta_cert.lo src/sbearssl/sbearssl_ta_certs.lo src/sbearssl/sbearssl_ta_from.lo src/sbearssl/sbearssl_ta_readdir.lo src/sbearssl/sbearssl_ta_readfile.lo src/sbearssl/sbearssl_ta_to.lo src/sbearssl/sbearssl_x500_from_ta.lo src/sbearssl/sbearssl_x500_name_len.lo src/sbearssl/sbearssl_x509_minimal_set_tai.lo src/sbearssl/sbearssl_x509_small_init_full.lo src/sbearssl/sbearssl_x509_small_vtable.lo +libsbearssl.a.xyzzy: src/sbearssl/sbearssl_append.lo src/sbearssl/sbearssl_cert_from.lo src/sbearssl/sbearssl_cert_readbigpem.lo src/sbearssl/sbearssl_cert_readfile.lo src/sbearssl/sbearssl_cert_to.lo src/sbearssl/sbearssl_choose_algos_ec.lo src/sbearssl/sbearssl_choose_algos_rsa.lo src/sbearssl/sbearssl_choose_hash.lo src/sbearssl/sbearssl_client_init_and_run.lo src/sbearssl/sbearssl_drop.lo src/sbearssl/sbearssl_ec_issuer_keytype.lo src/sbearssl/sbearssl_ec_pkey_from.lo src/sbearssl/sbearssl_ec_pkey_to.lo src/sbearssl/sbearssl_ec_skey_from.lo src/sbearssl/sbearssl_ec_skey_to.lo src/sbearssl/sbearssl_error_str.lo src/sbearssl/sbearssl_get_keycert.lo src/sbearssl/sbearssl_get_tas.lo src/sbearssl/sbearssl_isder.lo src/sbearssl/sbearssl_pem_decode_from_buffer.lo src/sbearssl/sbearssl_pem_decode_from_string.lo src/sbearssl/sbearssl_pem_push.lo src/sbearssl/sbearssl_pkey_from.lo src/sbearssl/sbearssl_pkey_to.lo src/sbearssl/sbearssl_rsa_pkey_from.lo src/sbearssl/sbearssl_rsa_pkey_to.lo src/sbearssl/sbearssl_rsa_skey_from.lo src/sbearssl/sbearssl_rsa_skey_to.lo src/sbearssl/sbearssl_run.lo src/sbearssl/sbearssl_sctx_init_full_generic.lo src/sbearssl/sbearssl_sctx_set_policy_sni.lo src/sbearssl/sbearssl_send_environment.lo src/sbearssl/sbearssl_server_init_and_run.lo src/sbearssl/sbearssl_skey_from.lo src/sbearssl/sbearssl_skey_readfile.lo src/sbearssl/sbearssl_skey_storagelen.lo src/sbearssl/sbearssl_skey_to.lo src/sbearssl/sbearssl_skey_wipe.lo src/sbearssl/sbearssl_sni_policy_add_keypair_file.lo src/sbearssl/sbearssl_sni_policy_init.lo src/sbearssl/sbearssl_sni_policy_nkeypairs.lo src/sbearssl/sbearssl_sni_policy_vtable.lo src/sbearssl/sbearssl_suite_bits.lo src/sbearssl/sbearssl_suite_list.lo src/sbearssl/sbearssl_suite_name.lo src/sbearssl/sbearssl_ta_cert.lo src/sbearssl/sbearssl_ta_certs.lo src/sbearssl/sbearssl_ta_from.lo src/sbearssl/sbearssl_ta_readdir.lo src/sbearssl/sbearssl_ta_readfile.lo src/sbearssl/sbearssl_ta_to.lo src/sbearssl/sbearssl_x500_from_ta.lo src/sbearssl/sbearssl_x500_name_len.lo src/sbearssl/sbearssl_x509_minimal_set_tai.lo src/sbearssl/sbearssl_x509_small_init_full.lo src/sbearssl/sbearssl_x509_small_vtable.lo src/sbearssl/sbearssl_dayseconds_from_tai.lo src/sbearssl/sbearssl_tai_from_dayseconds.lo src/sbearssl/sbearssl_x509_time_check.lo endif libsbearssl.so.xyzzy: EXTRA_LIBS := -lbearssl -lskarnet -libsbearssl.so.xyzzy: src/sbearssl/sbearssl_append.lo src/sbearssl/sbearssl_cert_from.lo src/sbearssl/sbearssl_cert_readbigpem.lo src/sbearssl/sbearssl_cert_readfile.lo src/sbearssl/sbearssl_cert_to.lo src/sbearssl/sbearssl_choose_algos_ec.lo src/sbearssl/sbearssl_choose_algos_rsa.lo src/sbearssl/sbearssl_choose_hash.lo src/sbearssl/sbearssl_client_init_and_run.lo src/sbearssl/sbearssl_drop.lo src/sbearssl/sbearssl_ec_issuer_keytype.lo src/sbearssl/sbearssl_ec_pkey_from.lo src/sbearssl/sbearssl_ec_pkey_to.lo src/sbearssl/sbearssl_ec_skey_from.lo src/sbearssl/sbearssl_ec_skey_to.lo src/sbearssl/sbearssl_error_str.lo src/sbearssl/sbearssl_get_keycert.lo src/sbearssl/sbearssl_get_tas.lo src/sbearssl/sbearssl_isder.lo src/sbearssl/sbearssl_pem_decode_from_buffer.lo src/sbearssl/sbearssl_pem_decode_from_string.lo src/sbearssl/sbearssl_pem_push.lo src/sbearssl/sbearssl_pkey_from.lo src/sbearssl/sbearssl_pkey_to.lo src/sbearssl/sbearssl_rsa_pkey_from.lo src/sbearssl/sbearssl_rsa_pkey_to.lo src/sbearssl/sbearssl_rsa_skey_from.lo src/sbearssl/sbearssl_rsa_skey_to.lo src/sbearssl/sbearssl_run.lo src/sbearssl/sbearssl_sctx_init_full_generic.lo src/sbearssl/sbearssl_sctx_set_policy_sni.lo src/sbearssl/sbearssl_send_environment.lo src/sbearssl/sbearssl_server_init_and_run.lo src/sbearssl/sbearssl_skey_from.lo src/sbearssl/sbearssl_skey_readfile.lo src/sbearssl/sbearssl_skey_storagelen.lo src/sbearssl/sbearssl_skey_to.lo src/sbearssl/sbearssl_skey_wipe.lo src/sbearssl/sbearssl_sni_policy_add_keypair_file.lo src/sbearssl/sbearssl_sni_policy_init.lo src/sbearssl/sbearssl_sni_policy_nkeypairs.lo src/sbearssl/sbearssl_sni_policy_vtable.lo src/sbearssl/sbearssl_suite_bits.lo src/sbearssl/sbearssl_suite_list.lo src/sbearssl/sbearssl_suite_name.lo src/sbearssl/sbearssl_ta_cert.lo src/sbearssl/sbearssl_ta_certs.lo src/sbearssl/sbearssl_ta_from.lo src/sbearssl/sbearssl_ta_readdir.lo src/sbearssl/sbearssl_ta_readfile.lo src/sbearssl/sbearssl_ta_to.lo src/sbearssl/sbearssl_x500_from_ta.lo src/sbearssl/sbearssl_x500_name_len.lo src/sbearssl/sbearssl_x509_minimal_set_tai.lo src/sbearssl/sbearssl_x509_small_init_full.lo src/sbearssl/sbearssl_x509_small_vtable.lo +libsbearssl.so.xyzzy: src/sbearssl/sbearssl_append.lo src/sbearssl/sbearssl_cert_from.lo src/sbearssl/sbearssl_cert_readbigpem.lo src/sbearssl/sbearssl_cert_readfile.lo src/sbearssl/sbearssl_cert_to.lo src/sbearssl/sbearssl_choose_algos_ec.lo src/sbearssl/sbearssl_choose_algos_rsa.lo src/sbearssl/sbearssl_choose_hash.lo src/sbearssl/sbearssl_client_init_and_run.lo src/sbearssl/sbearssl_drop.lo src/sbearssl/sbearssl_ec_issuer_keytype.lo src/sbearssl/sbearssl_ec_pkey_from.lo src/sbearssl/sbearssl_ec_pkey_to.lo src/sbearssl/sbearssl_ec_skey_from.lo src/sbearssl/sbearssl_ec_skey_to.lo src/sbearssl/sbearssl_error_str.lo src/sbearssl/sbearssl_get_keycert.lo src/sbearssl/sbearssl_get_tas.lo src/sbearssl/sbearssl_isder.lo src/sbearssl/sbearssl_pem_decode_from_buffer.lo src/sbearssl/sbearssl_pem_decode_from_string.lo src/sbearssl/sbearssl_pem_push.lo src/sbearssl/sbearssl_pkey_from.lo src/sbearssl/sbearssl_pkey_to.lo src/sbearssl/sbearssl_rsa_pkey_from.lo src/sbearssl/sbearssl_rsa_pkey_to.lo src/sbearssl/sbearssl_rsa_skey_from.lo src/sbearssl/sbearssl_rsa_skey_to.lo src/sbearssl/sbearssl_run.lo src/sbearssl/sbearssl_sctx_init_full_generic.lo src/sbearssl/sbearssl_sctx_set_policy_sni.lo src/sbearssl/sbearssl_send_environment.lo src/sbearssl/sbearssl_server_init_and_run.lo src/sbearssl/sbearssl_skey_from.lo src/sbearssl/sbearssl_skey_readfile.lo src/sbearssl/sbearssl_skey_storagelen.lo src/sbearssl/sbearssl_skey_to.lo src/sbearssl/sbearssl_skey_wipe.lo src/sbearssl/sbearssl_sni_policy_add_keypair_file.lo src/sbearssl/sbearssl_sni_policy_init.lo src/sbearssl/sbearssl_sni_policy_nkeypairs.lo src/sbearssl/sbearssl_sni_policy_vtable.lo src/sbearssl/sbearssl_suite_bits.lo src/sbearssl/sbearssl_suite_list.lo src/sbearssl/sbearssl_suite_name.lo src/sbearssl/sbearssl_ta_cert.lo src/sbearssl/sbearssl_ta_certs.lo src/sbearssl/sbearssl_ta_from.lo src/sbearssl/sbearssl_ta_readdir.lo src/sbearssl/sbearssl_ta_readfile.lo src/sbearssl/sbearssl_ta_to.lo src/sbearssl/sbearssl_x500_from_ta.lo src/sbearssl/sbearssl_x500_name_len.lo src/sbearssl/sbearssl_x509_minimal_set_tai.lo src/sbearssl/sbearssl_x509_small_init_full.lo src/sbearssl/sbearssl_x509_small_vtable.lo src/sbearssl/sbearssl_dayseconds_from_tai.lo src/sbearssl/sbearssl_tai_from_dayseconds.lo src/sbearssl/sbearssl_x509_time_check.lo ifeq ($(strip $(STATIC_LIBS_ARE_PIC)),) libstls.a.xyzzy: src/stls/stls_drop.o src/stls/stls_handshake.o src/stls/stls_run.o src/stls/stls_client_init_and_handshake.o src/stls/stls_server_init_and_handshake.o src/stls/stls_send_environment.o else diff --git a/src/include/s6-networking/sbearssl.h b/src/include/s6-networking/sbearssl.h index 2d46261..f314b51 100644 --- a/src/include/s6-networking/sbearssl.h +++ b/src/include/s6-networking/sbearssl.h @@ -31,6 +31,8 @@ /* Utility functions */ extern int sbearssl_isder (unsigned char const *, size_t) ; +extern int sbearssl_tai_from_dayseconds (tai *, uint32_t, uint32_t) ; +extern int sbearssl_dayseconds_from_tai (uint32_t *, uint32_t *, tai const *) ; /* x509 functions */ @@ -68,6 +70,8 @@ extern int sbearssl_x509_minimal_set_tai (br_x509_minimal_context *, tai const * #define sbearssl_x509_small_set_tai_g(ctx) sbearssl_x509_small_set_tain((ctx), &STAMP) #define sbearssl_x509_small_set_tain_g(ctx) sbearssl_x509_small_set_tain((ctx), &STAMP) +extern int sbearssl_x509_time_check (void *, uint32_t, uint32_t, uint32_t, uint32_t) ; /* br_x509_time_check */ + extern br_x509_class const sbearssl_x509_small_vtable ; extern void sbearssl_x509_small_init_full (sbearssl_x509_small_context *, br_x509_trust_anchor *, size_t, sbearssl_dn *, uint8_t *, char *) ; diff --git a/src/sbearssl/deps-lib/sbearssl b/src/sbearssl/deps-lib/sbearssl index 5241e56..782816e 100644 --- a/src/sbearssl/deps-lib/sbearssl +++ b/src/sbearssl/deps-lib/sbearssl @@ -54,5 +54,8 @@ sbearssl_x500_name_len.o sbearssl_x509_minimal_set_tai.o sbearssl_x509_small_init_full.o sbearssl_x509_small_vtable.o +sbearssl_dayseconds_from_tai.o +sbearssl_tai_from_dayseconds.o +sbearssl_x509_time_check.o -lbearssl -lskarnet diff --git a/src/sbearssl/sbearssl_dayseconds_from_tai.c b/src/sbearssl/sbearssl_dayseconds_from_tai.c new file mode 100644 index 0000000..73ab2be --- /dev/null +++ b/src/sbearssl/sbearssl_dayseconds_from_tai.c @@ -0,0 +1,21 @@ +/* ISC license. */ + +#include + +#include +#include +#include + +#include + +int sbearssl_dayseconds_from_tai (uint32_t *days, uint32_t *seconds, tai const *t) +{ + uint64_t u, d ; + if (!utc_from_tai(&u, t)) return 0 ; + u -= TAI_MAGIC ; + d = u / 86400 + 719528 ; + if (d >= 0xffffffffUL) return (errno = EOVERFLOW, 0) ; + *days = d ; + *seconds = u % 86400 ; + return 1 ; +} diff --git a/src/sbearssl/sbearssl_tai_from_dayseconds.c b/src/sbearssl/sbearssl_tai_from_dayseconds.c new file mode 100644 index 0000000..e97c69c --- /dev/null +++ b/src/sbearssl/sbearssl_tai_from_dayseconds.c @@ -0,0 +1,12 @@ +/* ISC license. */ + +#include +#include +#include + +#include + +int sbearssl_tai_from_dayseconds (tai *t, uint32_t days, uint32_t seconds) +{ + return tai_from_utc(t, TAI_MAGIC + (uint64_t)86400 * (uint64_t)days + 719528 + seconds) ; +} diff --git a/src/sbearssl/sbearssl_x509_minimal_set_tai.c b/src/sbearssl/sbearssl_x509_minimal_set_tai.c index 58a1a4a..0ca9c9d 100644 --- a/src/sbearssl/sbearssl_x509_minimal_set_tai.c +++ b/src/sbearssl/sbearssl_x509_minimal_set_tai.c @@ -1,18 +1,14 @@ /* ISC license. */ +#include #include -#include -#include -#include - #include int sbearssl_x509_minimal_set_tai (br_x509_minimal_context *ctx, tai const *t) { - uint64_t u ; - if (!utc_from_tai(&u, t)) return 0 ; - u -= TAI_MAGIC ; - br_x509_minimal_set_time(ctx, (uint32_t)(u / 86400 + 719528), u % 86400) ; + uint32_t days, seconds ; + if (!sbearssl_dayseconds_from_tai(&days, &seconds, t)) return 0 ; + br_x509_minimal_set_time(ctx, days, seconds) ; return 1 ; } diff --git a/src/sbearssl/sbearssl_x509_small_init_full.c b/src/sbearssl/sbearssl_x509_small_init_full.c index bcb88bb..aece45c 100644 --- a/src/sbearssl/sbearssl_x509_small_init_full.c +++ b/src/sbearssl/sbearssl_x509_small_init_full.c @@ -5,6 +5,8 @@ #include +#include + #include struct eltinfo_s @@ -28,6 +30,9 @@ void sbearssl_x509_small_init_full (sbearssl_x509_small_context *ctx, br_x509_tr { ctx->vtable = &sbearssl_x509_small_vtable ; br_x509_minimal_init_full(&ctx->minimal, btas, n) ; +#ifdef BR_FEATURE_X509_TIME_CALLBACK + br_x509_minimal_set_time_callback(&ctx->minimal, tain_secp(&STAMP), &sbearssl_x509_time_check) ; +#endif for (unsigned int i = 0 ; i < 6 ; i++) { ctx->elts[i].oid = eltinfo[i].oid ; diff --git a/src/sbearssl/sbearssl_x509_time_check.c b/src/sbearssl/sbearssl_x509_time_check.c new file mode 100644 index 0000000..83e8072 --- /dev/null +++ b/src/sbearssl/sbearssl_x509_time_check.c @@ -0,0 +1,16 @@ +/* ISC license. */ + +#include +#include + +#include + +#include + +int sbearssl_x509_time_check (void *ctx, uint32_t nbd, uint32_t nbs, uint32_t nad, uint32_t nas) +{ + uint32_t days, seconds ; + if (!sbearssl_dayseconds_from_tai(&days, &seconds, (tai *)ctx)) return -2 ; + if (days < nbd || (days == nbd && seconds < nbs)) return -1 ; + return days > nad || (days == nad && seconds > nas) ; +} -- cgit v1.2.3