Merge pull request #913 from awslabs/validator_bug_on_32_bit

time_t is a screwy type and is not 64 bit on 32bit builds, this broke…
aws · Nov 21, 2018 · 7c90696 · 7c90696
2 parents 55699d9 + 31e3a5c
commit 7c90696
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 3 deletions.
diff --git a/tls/s2n_config.c b/tls/s2n_config.c
@@ -38,7 +38,7 @@ static int monotonic_clock(void *data, uint64_t *nanoseconds)
 
     GUARD(clock_gettime(S2N_CLOCK_HW, &current_time));
 
-    *nanoseconds = current_time.tv_sec * 1000000000;
+    *nanoseconds = (uint64_t)current_time.tv_sec * 1000000000ull;
     *nanoseconds += current_time.tv_nsec;
 
     return 0;
@@ -50,7 +50,7 @@ static int wall_clock(void *data, uint64_t *nanoseconds)
 
     GUARD(clock_gettime(S2N_CLOCK_SYS, &current_time));
 
-    *nanoseconds = current_time.tv_sec * 1000000000;
+    *nanoseconds = (uint64_t)current_time.tv_sec * 1000000000ull;
     *nanoseconds += current_time.tv_nsec;
 
     return 0;

diff --git a/tls/s2n_x509_validator.c b/tls/s2n_x509_validator.c
@@ -360,7 +360,8 @@ s2n_cert_validation_code s2n_x509_validator_validate_cert_chain(struct s2n_x509_
         conn->config->wall_clock(conn->config->sys_clock_ctx, &current_sys_time);
 
         /* this wants seconds not nanoseconds */
-        X509_STORE_CTX_set_time(ctx, 0, current_sys_time / 1000000000);
+        time_t current_time = (time_t)(current_sys_time / 1000000000);
+        X509_STORE_CTX_set_time(ctx, 0, current_time);
 
         op_code = X509_verify_cert(ctx);