From: Bob Beck Date: Tue, 7 Oct 2025 08:51:13 +0000 (-0600) Subject: Catch the failing conversions due to limited time_t on NotBefore and NotAfter as... X-Git-Tag: 4.0-PRE-CLANG-FORMAT-WEBKIT~358 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8803efadadb88e2a71b2ce33848aa11e32cd7751;p=thirdparty%2Fopenssl.git Catch the failing conversions due to limited time_t on NotBefore and NotAfter as well Reviewed-by: Neil Horman Reviewed-by: Saša Nedvědický (Merged from https://github.com/openssl/openssl/pull/28623) --- diff --git a/test/x509_internal_test.c b/test/x509_internal_test.c index bf45299110f..3c4f2b3c07d 100644 --- a/test/x509_internal_test.c +++ b/test/x509_internal_test.c @@ -379,6 +379,31 @@ static int do_x509_time_tests(CERT_TEST_DATA *tests, size_t ntests, int64_t lowe continue; if (tests[i].NotAfter < lower_limit || tests[i].NotAfter > upper_limit) continue; + /* + * XXX beck This block below is a hack. The current comparison + * routines needlessly convert the time_t value to a struct + * tm to compare it to the asn1_string converted to a struct tm. + * OPENSSL_gmtime() does this, but fails on large time_t values. + * Once we remove this conversion we should be able to compare + * against the full range of time_t. but for the moment we need + * to skip this test if OPENSSL_gmtime() fails. + */ + { + const time_t t = (const time_t) tests[i].NotBefore; + const time_t t2 = (const time_t) tests[i].NotAfter; + struct tm tm; + + if (OPENSSL_gmtime(&t, &tm) == NULL) { + TEST_info("OPENSSL_gmtime can't handle notBefore time of %lld, skipping test", + (long long) tests[i].NotBefore); + continue; + } + if (OPENSSL_gmtime(&t2, &tm) == NULL) { + TEST_info("OPENSSL_gmtime can't handle notAfter time of %lld, skipping test", + (long long) tests[i].NotAfter); + continue; + } + } if (ASN1_TIME_adj(nb, (time_t)tests[i].NotBefore, 0, 0) == NULL) { TEST_info("Could not create NotBefore for time %lld\n", (long long) tests[i].NotBefore);