sync with OpenBSD -current

distrib/sets/lists/comp/mi

@@ -1151,6 +1151,7 @@
 ./usr/include/openssl/pkcs12.h
 ./usr/include/openssl/pkcs7.h
 ./usr/include/openssl/poly1305.h
+./usr/include/openssl/posix_time.h
 ./usr/include/openssl/rand.h
 ./usr/include/openssl/rc2.h
 ./usr/include/openssl/rc4.h

lib/libcrypto/Makefile

@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.167 2024/01/27 17:14:33 tb Exp $
+# $OpenBSD: Makefile,v 1.168 2024/02/18 16:28:37 tb Exp $
 
 LIB=	crypto
 LIBREBUILD=y
@@ -705,6 +705,7 @@ HDRS=\
 	${LCRYPTO_SRC}/aes/aes.h \
 	${LCRYPTO_SRC}/asn1/asn1.h \
 	${LCRYPTO_SRC}/asn1/asn1t.h \
+	${LCRYPTO_SRC}/asn1/posix_time.h \
 	${LCRYPTO_SRC}/bf/blowfish.h \
 	${LCRYPTO_SRC}/bio/bio.h \
 	${LCRYPTO_SRC}/bn/bn.h \

lib/libcrypto/Symbols.namespace

@@ -2645,3 +2645,7 @@ _libre_i2d_DHparams
 _libre_DHparams_print_fp
 _libre_DHparams_print
 _libre_ERR_load_DH_strings
+_libre_OPENSSL_gmtime
+_libre_OPENSSL_timegm
+_libre_OPENSSL_posix_to_tm
+_libre_OPENSSL_tm_to_posix

lib/libcrypto/asn1/a_time_posix.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: a_time_posix.c,v 1.4 2023/11/13 12:46:07 beck Exp $ */
+/* $OpenBSD: a_time_posix.c,v 1.5 2024/02/18 16:28:38 tb Exp $ */
 /*
  * Copyright (c) 2022, Google Inc.
  * Copyright (c) 2022, Bob Beck <beck@obtuse.com>
@@ -23,10 +23,14 @@
 
 #include <inttypes.h>
 #include <limits.h>
+#include <stdint.h>
 #include <string.h>
 #include <time.h>
 
 #include <openssl/asn1.h>
+#include <openssl/posix_time.h>
+
+#include "crypto_internal.h"
 
 #define SECS_PER_HOUR (int64_t)(60 * 60)
 #define SECS_PER_DAY (int64_t)(24 * SECS_PER_HOUR)
@@ -36,7 +40,7 @@
  * to 9999?
  */
 static int
-is_valid_date(int year, int month, int day)
+is_valid_date(int64_t year, int64_t month, int64_t day)
 {
 	int days_in_month;
 	if (day < 1 || month < 1 || year < 0 || year > 9999)
@@ -80,13 +84,16 @@ is_valid_time(int hours, int minutes, int seconds)
 	    minutes <= 59 && seconds <= 59;
 }
 
+/* 0000-01-01 00:00:00 UTC */
+#define MIN_POSIX_TIME INT64_C(-62167219200)
+/* 9999-12-31 23:59:59 UTC */
+#define MAX_POSIX_TIME INT64_C(253402300799)
+
 /* Is a int64 time representing a time within our expected range? */
 static int
-is_valid_epoch_time(int64_t time)
+is_valid_posix_time(int64_t time)
 {
-	/* 0000-01-01 00:00:00 UTC to 9999-12-31 23:59:59 UTC */
-	return (int64_t)-62167219200LL <= time &&
-	    time <= (int64_t)253402300799LL;
+	return MIN_POSIX_TIME <= time && time <= MAX_POSIX_TIME;
 }
 
 /*
@@ -95,8 +102,8 @@ is_valid_epoch_time(int64_t time)
  * (Public Domain)
  */
 static int
-posix_time_from_utc(int year, int month, int day, int hours,  int minutes,
-    int seconds, int64_t *out_time)
+posix_time_from_utc(int64_t year, int64_t month, int64_t day, int64_t hours,
+    int64_t minutes, int64_t seconds, int64_t *out_time)
 {
 	int64_t era, year_of_era, day_of_year, day_of_era, posix_days;
 
@@ -132,7 +139,7 @@ utc_from_posix_time(int64_t time, int *out_year, int *out_month, int *out_day,
 	int64_t days, leftover_seconds, era, day_of_era, year_of_era,
 	    day_of_year, month_of_year;
 
-	if (!is_valid_epoch_time(time))
+	if (!is_valid_posix_time(time))
 		return 0;
 
 	days = time / SECS_PER_DAY;
@@ -167,40 +174,41 @@ utc_from_posix_time(int64_t time, int *out_year, int *out_month, int *out_day,
 	return 1;
 }
 
-static int
-asn1_time_tm_to_posix(const struct tm *tm, int64_t *out)
+int
+OPENSSL_tm_to_posix(const struct tm *tm, int64_t *out)
 {
-	/* Ensure additions below do not overflow */
-	if (tm->tm_year > 9999)
-		return 0;
-	if (tm->tm_mon > 12)
-		return 0;
-
-	return posix_time_from_utc(tm->tm_year + 1900, tm->tm_mon + 1,
-	    tm->tm_mday, tm->tm_hour, tm->tm_min, tm->tm_sec, out);
+	return posix_time_from_utc(tm->tm_year + (int64_t)1900,
+	    tm->tm_mon + (int64_t)1, tm->tm_mday, tm->tm_hour, tm->tm_min,
+	    tm->tm_sec, out);
 }
+LCRYPTO_ALIAS(OPENSSL_tm_to_posix);
 
-static int
-asn1_time_posix_to_tm(int64_t time, struct tm *out_tm)
+int
+OPENSSL_posix_to_tm(int64_t time, struct tm *out_tm)
 {
-	memset(out_tm, 0, sizeof(struct tm));
-	if (!utc_from_posix_time(time, &out_tm->tm_year, &out_tm->tm_mon,
-	    &out_tm->tm_mday, &out_tm->tm_hour, &out_tm->tm_min,
-	    &out_tm->tm_sec))
+	struct tm tmp_tm = {0};
+
+	memset(out_tm, 0, sizeof(*out_tm));
+
+	if (!utc_from_posix_time(time, &tmp_tm.tm_year, &tmp_tm.tm_mon,
+	    &tmp_tm.tm_mday, &tmp_tm.tm_hour, &tmp_tm.tm_min, &tmp_tm.tm_sec))
 		return 0;
 
-	out_tm->tm_year -= 1900;
-	out_tm->tm_mon -= 1;
+	tmp_tm.tm_year -= 1900;
+	tmp_tm.tm_mon -= 1;
+
+	*out_tm = tmp_tm;
 
 	return 1;
 }
+LCRYPTO_ALIAS(OPENSSL_posix_to_tm);
 
 int
 asn1_time_tm_to_time_t(const struct tm *tm, time_t *out)
 {
 	int64_t posix_time;
 
-	if (!asn1_time_tm_to_posix(tm, &posix_time))
+	if (!OPENSSL_tm_to_posix(tm, &posix_time))
 		return 0;
 
 #ifdef SMALL_TIME_T
@@ -219,7 +227,7 @@ asn1_time_time_t_to_tm(const time_t *time, struct tm *out_tm)
 {
 	int64_t posix_time = *time;
 
-	return asn1_time_posix_to_tm(posix_time, out_tm);
+	return OPENSSL_posix_to_tm(posix_time, out_tm);
 }
 
 int
@@ -236,28 +244,29 @@ OPENSSL_gmtime(const time_t *time, struct tm *out_tm) {
 }
 LCRYPTO_ALIAS(OPENSSL_gmtime);
 
+/* Public API in OpenSSL. BoringSSL uses int64_t instead of long. */
 int
-OPENSSL_gmtime_adj(struct tm *tm, int off_day, long offset_sec)
+OPENSSL_gmtime_adj(struct tm *tm, int offset_day, int64_t offset_sec)
 {
 	int64_t posix_time;
 
-	/* Ensure additions below do not overflow */
-	if (tm->tm_year > 9999)
-		return 0;
-	if (tm->tm_mon > 12)
+	if (!OPENSSL_tm_to_posix(tm, &posix_time))
 		return 0;
 
-	if (!posix_time_from_utc(tm->tm_year + 1900, tm->tm_mon + 1,
-	    tm->tm_mday, tm->tm_hour, tm->tm_min, tm->tm_sec, &posix_time))
-		return 0;
+	CTASSERT(INT_MAX <= INT64_MAX / SECS_PER_DAY);
+	CTASSERT(MAX_POSIX_TIME <= INT64_MAX - INT_MAX * SECS_PER_DAY);
+	CTASSERT(MIN_POSIX_TIME >= INT64_MIN - INT_MIN * SECS_PER_DAY);
 
-	if (!utc_from_posix_time(posix_time + off_day * SECS_PER_DAY +
-	    offset_sec, &tm->tm_year, &tm->tm_mon, &tm->tm_mday, &tm->tm_hour,
-	    &tm->tm_min, &tm->tm_sec))
-		return 0;
+	posix_time += offset_day * SECS_PER_DAY;
 
-	tm->tm_year -= 1900;
-	tm->tm_mon -= 1;
+	if (posix_time > 0 && offset_sec > INT64_MAX - posix_time)
+		return 0;
+	if (posix_time < 0 && offset_sec < INT64_MIN - posix_time)
+		return 0;
+	posix_time += offset_sec;
+
+	if (!OPENSSL_posix_to_tm(posix_time, tm))
+		return 0;
 
 	return 1;
 }
@@ -268,20 +277,17 @@ OPENSSL_gmtime_diff(int *out_days, int *out_secs, const struct tm *from,
 {
 	int64_t time_to, time_from, timediff, daydiff;
 
-	if (!posix_time_from_utc(to->tm_year + 1900, to->tm_mon + 1,
-	    to->tm_mday, to->tm_hour, to->tm_min, to->tm_sec, &time_to))
+	if (!OPENSSL_tm_to_posix(to, &time_to) ||
+	    !OPENSSL_tm_to_posix(from, &time_from))
 		return 0;
 
-	if (!posix_time_from_utc(from->tm_year + 1900, from->tm_mon + 1,
-	    from->tm_mday, from->tm_hour, from->tm_min,
-	    from->tm_sec, &time_from))
-		return 0;
+	/* Times are in range, so these calculations cannot overflow. */
+	CTASSERT(SECS_PER_DAY <= INT_MAX);
+	CTASSERT((MAX_POSIX_TIME - MIN_POSIX_TIME) / SECS_PER_DAY <= INT_MAX);
 
 	timediff = time_to - time_from;
 	daydiff = timediff / SECS_PER_DAY;
 	timediff %= SECS_PER_DAY;
-	if (daydiff > INT_MAX || daydiff < INT_MIN)
-		return 0;
 
 	*out_secs = timediff;
 	*out_days = daydiff;

lib/libcrypto/asn1/asn1.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1.h,v 1.82 2023/12/16 12:25:02 tb Exp $ */
+/* $OpenBSD: asn1.h,v 1.83 2024/02/18 16:28:38 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -915,11 +915,6 @@ int SMIME_text(BIO *in, BIO *out);
 
 void ERR_load_ASN1_strings(void);
 
-#if defined(LIBRESSL_INTERNAL) || defined(LIBRESSL_NEXT_API)
-int OPENSSL_timegm(const struct tm *tm, time_t *out);
-struct tm *OPENSSL_gmtime(const time_t *time, struct tm *out_tm);
-#endif
-
 /* Error codes for the ASN1 functions. */
 
 /* Function codes. */

lib/libcrypto/asn1/asn1_local.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_local.h,v 1.7 2024/01/06 20:47:01 tb Exp $ */
+/* $OpenBSD: asn1_local.h,v 1.8 2024/02/18 16:28:38 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -160,7 +160,7 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
 int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp);
 ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
     long length);
-int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec);
+int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, int64_t offset_sec);
 int OPENSSL_gmtime_diff(int *pday, int *psec, const struct tm *from,
     const struct tm *to);
 int asn1_time_time_t_to_tm(const time_t *time, struct tm *out_tm);

lib/libcrypto/asn1/p5_pbev2.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: p5_pbev2.c,v 1.30 2023/07/07 19:37:52 beck Exp $ */
+/* $OpenBSD: p5_pbev2.c,v 1.31 2024/02/18 15:44:10 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999-2004.
  */
@@ -218,7 +218,7 @@ PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, unsigned char *salt,
 			arc4random_buf(iv, EVP_CIPHER_iv_length(cipher));
 	}
 
-	EVP_CIPHER_CTX_init(&ctx);
+	EVP_CIPHER_CTX_legacy_clear(&ctx);
 
 	/* Dummy cipherinit to just setup the IV, and PRF */
 	if (!EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0))

lib/libcrypto/asn1/posix_time.h

@@ -0,0 +1,54 @@
+/*	$OpenBSD: posix_time.h,v 1.1 2024/02/18 16:28:38 tb Exp $ */
+/*
+ * Copyright (c) 2022, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef OPENSSL_HEADER_POSIX_TIME_H
+#define OPENSSL_HEADER_POSIX_TIME_H
+
+#include <stdint.h>
+#include <time.h>
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+/*
+ * OPENSSL_posix_to_tm converts a int64_t POSIX time value in |time|, which must
+ * be in the range of year 0000 to 9999, to a broken out time value in |tm|. It
+ * returns one on success and zero on error.
+ */
+int OPENSSL_posix_to_tm(int64_t time, struct tm *out_tm);
+
+/*
+ * OPENSSL_tm_to_posix converts a time value between the years 0 and 9999 in
+ * |tm| to a POSIX time value in |out|. One is returned on success, zero is
+ * returned on failure. It is a failure if |tm| contains out of range values.
+ */
+int OPENSSL_tm_to_posix(const struct tm *tm, int64_t *out);
+
+/*
+ * OPENSSL_timegm converts a time value between the years 0 and 9999 in |tm| to
+ * a time_t value in |out|. One is returned on success, zero is returned on
+ * failure. It is a failure if the converted time can not be represented in a
+ * time_t, or if the tm contains out of range values.
+ */
+int OPENSSL_timegm(const struct tm *tm, time_t *out);
+
+#if defined(__cplusplus)
+}  /* extern C */
+#endif
+
+#endif  /* OPENSSL_HEADER_POSIX_TIME_H */

lib/libcrypto/crypto.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: crypto.h,v 1.63 2023/07/28 10:19:20 tb Exp $ */
+/* $OpenBSD: crypto.h,v 1.64 2024/02/18 16:28:37 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
  *
@@ -522,6 +522,14 @@ int CRYPTO_memcmp(const void *a, const void *b, size_t len);
 int OPENSSL_init_crypto(uint64_t opts, const void *settings);
 void OPENSSL_cleanup(void);
 
+/*
+ * OpenSSL helpfully put OPENSSL_gmtime() here because all other time related
+ * functions are in asn1.h.
+ */
+#if defined(LIBRESSL_INTERNAL) || defined(LIBRESSL_NEXT_API)
+struct tm *OPENSSL_gmtime(const time_t *time, struct tm *out_tm);
+#endif
+
 void ERR_load_CRYPTO_strings(void);
 
 /* Error codes for the CRYPTO functions. */

lib/libcrypto/evp/bio_enc.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: bio_enc.c,v 1.29 2023/07/07 19:37:53 beck Exp $ */
+/* $OpenBSD: bio_enc.c,v 1.30 2024/02/18 15:44:10 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -115,7 +115,7 @@ enc_new(BIO *bi)
 	ctx = malloc(sizeof(BIO_ENC_CTX));
 	if (ctx == NULL)
 		return (0);
-	EVP_CIPHER_CTX_init(&ctx->cipher);
+	EVP_CIPHER_CTX_legacy_clear(&ctx->cipher);
 
 	ctx->buf_len = 0;
 	ctx->buf_off = 0;
@@ -360,7 +360,7 @@ again:
 	case BIO_CTRL_DUP:
 		dbio = (BIO *)ptr;
 		dctx = (BIO_ENC_CTX *)dbio->ptr;
-		EVP_CIPHER_CTX_init(&dctx->cipher);
+		EVP_CIPHER_CTX_legacy_clear(&dctx->cipher);
 		ret = EVP_CIPHER_CTX_copy(&dctx->cipher, &ctx->cipher);
 		if (ret)
 			dbio->init = 1;

lib/libcrypto/evp/evp.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: evp.h,v 1.120 2023/10/18 17:26:06 tb Exp $ */
+/* $OpenBSD: evp.h,v 1.121 2024/02/18 15:47:48 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -472,7 +472,9 @@ int EVP_Cipher(EVP_CIPHER_CTX *c, unsigned char *out, const unsigned char *in,
 
 EVP_MD_CTX *EVP_MD_CTX_new(void);
 void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
+#ifndef LIBRESSL_INTERNAL
 void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
+#endif
 int EVP_MD_CTX_reset(EVP_MD_CTX *ctx);
 EVP_MD_CTX *EVP_MD_CTX_create(void);
 void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
@@ -584,7 +586,9 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
 int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl);
 int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
 
+#ifndef LIBRESSL_INTERNAL
 void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
+#endif
 int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
 EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
 void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *a);

lib/libcrypto/evp/evp_cipher.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_cipher.c,v 1.17 2024/01/30 17:41:01 tb Exp $ */
+/* $OpenBSD: evp_cipher.c,v 1.19 2024/02/18 15:53:54 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -615,7 +615,13 @@ EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
 void
 EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
 {
-	memset(ctx, 0, sizeof(EVP_CIPHER_CTX));
+	memset(ctx, 0, sizeof(*ctx));
+}
+
+void
+EVP_CIPHER_CTX_legacy_clear(EVP_CIPHER_CTX *ctx)
+{
+	memset(ctx, 0, sizeof(*ctx));
 }
 
 int

lib/libcrypto/evp/evp_digest.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_digest.c,v 1.8 2024/01/30 17:41:01 tb Exp $ */
+/* $OpenBSD: evp_digest.c,v 1.10 2024/02/18 15:45:42 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -123,7 +123,7 @@
 int
 EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
 {
-	EVP_MD_CTX_init(ctx);
+	EVP_MD_CTX_legacy_clear(ctx);
 	return EVP_DigestInit_ex(ctx, type, NULL);
 }
 
@@ -207,7 +207,7 @@ EVP_Digest(const void *data, size_t count,
 	EVP_MD_CTX ctx;
 	int ret;
 
-	EVP_MD_CTX_init(&ctx);
+	EVP_MD_CTX_legacy_clear(&ctx);
 	EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_ONESHOT);
 	ret = EVP_DigestInit_ex(&ctx, type, NULL) &&
 	    EVP_DigestUpdate(&ctx, data, count) &&
@@ -252,6 +252,12 @@ EVP_MD_CTX_init(EVP_MD_CTX *ctx)
 	memset(ctx, 0, sizeof(*ctx));
 }
 
+void
+EVP_MD_CTX_legacy_clear(EVP_MD_CTX *ctx)
+{
+	memset(ctx, 0, sizeof(*ctx));
+}
+
 int
 EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
 {
@@ -288,7 +294,7 @@ EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
 int
 EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
 {
-	EVP_MD_CTX_init(out);
+	EVP_MD_CTX_legacy_clear(out);
 	return EVP_MD_CTX_copy_ex(out, in);
 }
 

lib/libcrypto/evp/evp_key.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_key.c,v 1.33 2024/01/05 10:18:52 tb Exp $ */
+/* $OpenBSD: evp_key.c,v 1.34 2024/02/18 15:45:42 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -156,7 +156,7 @@ EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
 	if (data == NULL)
 		return nkey;
 
-	EVP_MD_CTX_init(&c);
+	EVP_MD_CTX_legacy_clear(&c);
 	for (;;) {
 		if (!EVP_DigestInit_ex(&c, md, NULL))
 			goto err;

lib/libcrypto/evp/evp_local.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_local.h,v 1.14 2024/01/27 23:34:18 tb Exp $ */
+/* $OpenBSD: evp_local.h,v 1.16 2024/02/18 15:43:21 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -377,6 +377,9 @@ int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str);
 int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex);
 int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md_name);
 
+void EVP_CIPHER_CTX_legacy_clear(EVP_CIPHER_CTX *ctx);
+void EVP_MD_CTX_legacy_clear(EVP_MD_CTX *ctx);
+
 __END_HIDDEN_DECLS
 
 #endif /* !HEADER_EVP_LOCAL_H */

lib/libcrypto/evp/evp_pbe.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_pbe.c,v 1.41 2024/02/01 17:11:58 tb Exp $ */
+/* $OpenBSD: evp_pbe.c,v 1.42 2024/02/18 15:45:42 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -266,7 +266,7 @@ PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
 	else if (passlen == -1)
 		passlen = strlen(pass);
 
-	EVP_MD_CTX_init(&ctx);
+	EVP_MD_CTX_legacy_clear(&ctx);
 
 	if (!EVP_DigestInit_ex(&ctx, md, NULL))
 		goto err;

lib/libcrypto/evp/m_sigver.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: m_sigver.c,v 1.14 2023/11/29 21:35:57 tb Exp $ */
+/* $OpenBSD: m_sigver.c,v 1.15 2024/02/18 15:45:42 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -171,7 +171,7 @@ EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen)
 		EVP_MD_CTX tmp_ctx;
 		unsigned char md[EVP_MAX_MD_SIZE];
 		unsigned int mdlen = 0;
-		EVP_MD_CTX_init(&tmp_ctx);
+		EVP_MD_CTX_legacy_clear(&tmp_ctx);
 		if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx))
 			return 0;
 		if (sctx)
@@ -228,7 +228,7 @@ EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, size_t siglen)
 		vctx = 1;
 	else
 		vctx = 0;
-	EVP_MD_CTX_init(&tmp_ctx);
+	EVP_MD_CTX_legacy_clear(&tmp_ctx);
 	if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx))
 		return -1;
 	if (vctx) {

lib/libcrypto/evp/p_legacy.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: p_legacy.c,v 1.2 2023/12/20 13:52:17 tb Exp $ */
+/*	$OpenBSD: p_legacy.c,v 1.3 2024/02/18 15:44:10 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -99,7 +99,7 @@ EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
 	int i, size = 0, ret = 0;
 
 	if (type) {
-		EVP_CIPHER_CTX_init(ctx);
+		EVP_CIPHER_CTX_legacy_clear(ctx);
 		if (!EVP_DecryptInit_ex(ctx, type, NULL, NULL, NULL))
 			return 0;
 	}
@@ -154,7 +154,7 @@ EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek,
 	int i, iv_len;
 
 	if (type) {
-		EVP_CIPHER_CTX_init(ctx);
+		EVP_CIPHER_CTX_legacy_clear(ctx);
 		if (!EVP_EncryptInit_ex(ctx, type, NULL, NULL, NULL))
 			return 0;
 	}

lib/libcrypto/evp/p_sign.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: p_sign.c,v 1.19 2023/07/07 19:37:54 beck Exp $ */
+/* $OpenBSD: p_sign.c,v 1.20 2024/02/18 15:45:42 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -77,7 +77,7 @@ EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
 	int ret = 0;
 
 	*siglen = 0;
-	EVP_MD_CTX_init(&tmp_ctx);
+	EVP_MD_CTX_legacy_clear(&tmp_ctx);
 	if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx))
 		goto err;
 	if (!EVP_DigestFinal_ex(&tmp_ctx, &(m[0]), &m_len))

lib/libcrypto/evp/p_verify.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: p_verify.c,v 1.18 2023/07/07 19:37:54 beck Exp $ */
+/* $OpenBSD: p_verify.c,v 1.19 2024/02/18 15:45:42 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -75,7 +75,7 @@ EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
 	EVP_PKEY_CTX *pkctx = NULL;
 	int ret = 0;
 
-	EVP_MD_CTX_init(&tmp_ctx);
+	EVP_MD_CTX_legacy_clear(&tmp_ctx);
 	if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx))
 		goto err;
 	if (!EVP_DigestFinal_ex(&tmp_ctx, &(m[0]), &m_len))

lib/libcrypto/hidden/openssl/posix_time.h

@@ -0,0 +1,32 @@
+/* $OpenBSD: posix_time.h,v 1.1 2024/02/18 16:28:38 tb Exp $ */
+/*
+ * Copyright (c) 2024 Bob Beck <beck@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _LIBCRYPTO_POSIX_TIME_H
+#define _LIBCRYPTO_POSIX_TIME_H
+
+#ifndef _MSC_VER
+#include_next <openssl/posix_time.h>
+#else
+#include "../include/openssl/posix_time.h"
+#endif
+#include "crypto_namespace.h"
+
+LCRYPTO_USED(OPENSSL_posix_to_tm);
+LCRYPTO_USED(OPENSSL_tm_to_posix);
+LCRYPTO_USED(OPENSSL_timegm);
+
+#endif /* _LIBCRYPTO_POSIX_TIME_H */

lib/libcrypto/hmac/hmac.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: hmac.c,v 1.31 2023/02/16 08:38:17 tb Exp $ */
+/* $OpenBSD: hmac.c,v 1.32 2024/02/18 15:45:42 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -214,9 +214,9 @@ HMAC_CTX_reset(HMAC_CTX *ctx)
 void
 HMAC_CTX_init(HMAC_CTX *ctx)
 {
-	EVP_MD_CTX_init(&ctx->i_ctx);
-	EVP_MD_CTX_init(&ctx->o_ctx);
-	EVP_MD_CTX_init(&ctx->md_ctx);
+	EVP_MD_CTX_legacy_clear(&ctx->i_ctx);
+	EVP_MD_CTX_legacy_clear(&ctx->o_ctx);
+	EVP_MD_CTX_legacy_clear(&ctx->md_ctx);
 	ctx->md = NULL;
 }
 

lib/libcrypto/man/ASN1_TIME_set.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: ASN1_TIME_set.3,v 1.21 2023/11/16 14:20:49 tb Exp $
+.\" $OpenBSD: ASN1_TIME_set.3,v 1.22 2024/02/18 16:30:17 tb Exp $
 .\" full merge up to: OpenSSL 3d0f1cb9 Jul 11 03:01:24 2017 +0800
 .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
@@ -68,7 +68,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: November 16 2023 $
+.Dd $Mdocdate: February 18 2024 $
 .Dt ASN1_TIME_SET 3
 .Os
 .Sh NAME
@@ -96,7 +96,9 @@
 .Nm ASN1_TIME_compare ,
 .Nm ASN1_TIME_to_generalizedtime ,
 .Nm OPENSSL_gmtime ,
-.Nm OPENSSL_timegm
+.Nm OPENSSL_timegm ,
+.Nm OPENSSL_posix_to_tm ,
+.Nm OPENSSL_tm_to_posix
 .Nd ASN.1 Time functions
 .Sh SYNOPSIS
 .In openssl/asn1.h
@@ -219,16 +221,28 @@
 .Fa "const ASN1_TIME *t"
 .Fa "ASN1_GENERALIZEDTIME **out"
 .Fc
+.In openssl/crypto.h
 .Ft struct tm *
 .Fo OPENSSL_gmtime
 .Fa "const time_t *time"
 .Fa "struct tm *out_tm"
 .Fc
+.In openssl/posix_time.h
 .Ft int
 .Fo OPENSSL_timegm
 .Fa "const struct tm *tm"
 .Fa "time_t *out_time"
 .Fc
+.Ft int
+.Fo OPENSSL_posix_to_tm
+.Fa "int64_t time"
+.Fa "struct tm *out_tm"
+.Fc
+.Ft int
+.Fo OPENSSL_tm_to_posix
+.Fa "struct tm *t_tm"
+.Fa "int64_t *out"
+.Fc
 .Sh DESCRIPTION
 An
 .Vt ASN1_TIME
@@ -529,6 +543,21 @@ converts a time structure in UTC time in
 .Fa tm
 to a time_t value in
 .Fa out_time .
+.Pp
+.Fn OPENSSL_posix_to_tm
+converts an
+.Vt int64_t
+POSIX time value in
+.Fa time ,
+which must be in the range of year 0 to 9999,
+to a broken out time value in
+.Fa tm .
+.Pp
+.Fn OPENSSL_tm_to_posix
+converts a time value between the years 0 and 9999 in
+.Fa tm
+to a POSIX time value in
+.Fa out .
 .Sh RETURN VALUES
 .Fn ASN1_TIME_set ,
 .Fn ASN1_UTCTIME_set ,
@@ -599,6 +628,12 @@ returns
 on success or NULL for failure.
 It can fail if the time is not representable in a struct tm,
 or falls outside the range allowed in RFC 5280 times.
+.Pp
+.Fn OPENSSL_posix_to_tm
+and
+.Fn OPENSSL_tm_to_posix
+return 1 for success or 0 on failure.
+It is a failure if the year is less than 0 or more than 9999.
 .Sh EXAMPLES
 Set a time object to one hour after the current time and print it
 out:
@@ -690,9 +725,13 @@ first appeared in OpenSSL 1.1.1 and have been available since
 .Ox 7.2 .
 .Pp
 .Fn OPENSSL_gmtime
+first appeared in OpenSSL 0.9.7.
+.Fn OPENSSL_timegm ,
+.Fn OPENSSL_posix_to_tm ,
 and
-.Fn OPENSSL_timegm
-first appeared in BoringSSL and have been available since
+.Fn OPENSSL_tm_to_posix
+first appeared in BoringSSL;
+all these functions have been available since
 .Ox 7.5 .
 .Sh CAVEATS
 Some applications add offset times directly to a

lib/libcrypto/pem/pem_lib.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: pem_lib.c,v 1.55 2023/11/29 21:35:57 tb Exp $ */
+/* $OpenBSD: pem_lib.c,v 1.56 2024/02/18 15:44:10 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -412,7 +412,7 @@ PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x,
 		PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv);
 		/* k=strlen(buf); */
 
-		EVP_CIPHER_CTX_init(&ctx);
+		EVP_CIPHER_CTX_legacy_clear(&ctx);
 		ret = 1;
 		if (!EVP_EncryptInit_ex(&ctx, enc, NULL, key, iv) ||
 		    !EVP_EncryptUpdate(&ctx, data, &j, data, i) ||
@@ -466,7 +466,7 @@ PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
 		return 0;
 
 	j = (int)len;
-	EVP_CIPHER_CTX_init(&ctx);
+	EVP_CIPHER_CTX_legacy_clear(&ctx);
 	o = EVP_DecryptInit_ex(&ctx, cipher->cipher, NULL, key,
 	    &(cipher->iv[0]));
 	if (o)

lib/libcrypto/pem/pvkfmt.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: pvkfmt.c,v 1.27 2023/07/07 13:40:44 beck Exp $ */
+/* $OpenBSD: pvkfmt.c,v 1.28 2024/02/18 15:45:42 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2005.
  */
@@ -713,7 +713,7 @@ derive_pvk_key(unsigned char *key, const unsigned char *salt,
 	EVP_MD_CTX mctx;
 	int rv = 1;
 
-	EVP_MD_CTX_init(&mctx);
+	EVP_MD_CTX_legacy_clear(&mctx);
 	if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL) ||
 	    !EVP_DigestUpdate(&mctx, salt, saltlen) ||
 	    !EVP_DigestUpdate(&mctx, pass, passlen) ||

lib/libcrypto/pkcs12/p12_decr.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_decr.c,v 1.24 2023/02/16 08:38:17 tb Exp $ */
+/* $OpenBSD: p12_decr.c,v 1.25 2024/02/18 15:44:10 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -77,7 +77,7 @@ PKCS12_pbe_crypt(const X509_ALGOR *algor, const char *pass, int passlen,
 	int outlen, i;
 	EVP_CIPHER_CTX ctx;
 
-	EVP_CIPHER_CTX_init(&ctx);
+	EVP_CIPHER_CTX_legacy_clear(&ctx);
 	/* Decrypt data */
 	if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
 	    algor->parameter, &ctx, en_de)) {

lib/libcrypto/pkcs7/pk7_doit.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: pk7_doit.c,v 1.55 2024/01/25 13:44:08 tb Exp $ */
+/* $OpenBSD: pk7_doit.c,v 1.56 2024/02/18 15:45:42 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -711,7 +711,7 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
 		return 0;
 	}
 
-	EVP_MD_CTX_init(&ctx_tmp);
+	EVP_MD_CTX_legacy_clear(&ctx_tmp);
 	i = OBJ_obj2nid(p7->type);
 	p7->state = PKCS7_S_HEADER;
 
@@ -879,7 +879,7 @@ PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
 	if (md == NULL)
 		return 0;
 
-	EVP_MD_CTX_init(&mctx);
+	EVP_MD_CTX_legacy_clear(&mctx);
 	if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0)
 		goto err;
 
@@ -997,7 +997,7 @@ PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, X509 *x509)
 	BIO *btmp;
 	EVP_PKEY *pkey;
 
-	EVP_MD_CTX_init(&mdc_tmp);
+	EVP_MD_CTX_legacy_clear(&mdc_tmp);
 
 	if (!PKCS7_type_is_signed(p7) &&
 	    !PKCS7_type_is_signedAndEnveloped(p7)) {

lib/libcrypto/rsa/rsa_oaep.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_oaep.c,v 1.37 2023/07/08 12:26:45 beck Exp $ */
+/* $OpenBSD: rsa_oaep.c,v 1.38 2024/02/18 15:45:42 tb Exp $ */
 /*
  * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
@@ -331,7 +331,7 @@ PKCS1_MGF1(unsigned char *mask, long len, const unsigned char *seed,
 	int mdlen;
 	int rv = -1;
 
-	EVP_MD_CTX_init(&c);
+	EVP_MD_CTX_legacy_clear(&c);
 	mdlen = EVP_MD_size(dgst);
 	if (mdlen < 0)
 		goto err;

lib/libcrypto/rsa/rsa_pss.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_pss.c,v 1.17 2023/07/08 12:26:45 beck Exp $ */
+/* $OpenBSD: rsa_pss.c,v 1.18 2024/02/18 15:45:42 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2005.
  */
@@ -92,7 +92,7 @@ RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
 	EVP_MD_CTX ctx;
 	unsigned char H_[EVP_MAX_MD_SIZE];
 
-	EVP_MD_CTX_init(&ctx);
+	EVP_MD_CTX_legacy_clear(&ctx);
 
 	if (mgf1Hash == NULL)
 		mgf1Hash = Hash;
@@ -200,7 +200,7 @@ RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
 	unsigned char *H, *salt = NULL, *p;
 	EVP_MD_CTX ctx;
 
-	EVP_MD_CTX_init(&ctx);
+	EVP_MD_CTX_legacy_clear(&ctx);
 
 	if (mgf1Hash == NULL)
 		mgf1Hash = Hash;

lib/libcrypto/x509/x509_cmp.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_cmp.c,v 1.42 2023/02/16 08:38:17 tb Exp $ */
+/* $OpenBSD: x509_cmp.c,v 1.43 2024/02/18 15:45:42 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -95,7 +95,7 @@ X509_issuer_and_serial_hash(X509 *a)
 	unsigned char md[16];
 	char *f;
 
-	EVP_MD_CTX_init(&ctx);
+	EVP_MD_CTX_legacy_clear(&ctx);
 	f = X509_NAME_oneline(a->cert_info->issuer, NULL, 0);
 	if (f == NULL)
 		goto err;
@@ -291,7 +291,7 @@ X509_NAME_hash_old(X509_NAME *x)
 
 	/* Make sure X509_NAME structure contains valid cached encoding */
 	i2d_X509_NAME(x, NULL);
-	EVP_MD_CTX_init(&md_ctx);
+	EVP_MD_CTX_legacy_clear(&md_ctx);
 	if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL) &&
 	    EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length) &&
 	    EVP_DigestFinal_ex(&md_ctx, md, NULL))

regress/lib/libcrypto/asn1/Makefile

@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.26 2023/12/15 22:24:15 tb Exp $
+#	$OpenBSD: Makefile,v 1.27 2024/02/18 16:32:29 tb Exp $
 
 PROGS = \
 	asn1api \
@@ -24,5 +24,6 @@ CFLAGS+=	-I${.CURDIR}/../../../../lib/libcrypto/bytestring
 
 LDADD_asn1basic = ${CRYPTO_INT}
 LDADD_asn1object = ${CRYPTO_INT}
+LDADD_asn1time = ${CRYPTO_INT}
 
 .include <bsd.regress.mk>

regress/lib/libcrypto/asn1/asn1time.c

@@ -1,6 +1,7 @@
-/* $OpenBSD: asn1time.c,v 1.21 2023/10/05 07:59:41 tb Exp $ */
+/* $OpenBSD: asn1time.c,v 1.24 2024/02/18 17:13:29 tb Exp $ */
 /*
  * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
+ * Copyright (c) 2024 Google Inc.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -16,11 +17,15 @@
  */
 
 #include <openssl/asn1.h>
+#include <openssl/posix_time.h>
 
 #include <err.h>
+#include <limits.h>
 #include <stdio.h>
 #include <string.h>
 
+#include "asn1_local.h"
+
 int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
 
 struct asn1_time_test {
@@ -567,6 +572,205 @@ asn1_time_compare_test(void)
 	return failed;
 }
 
+static int
+asn1_time_overflow(void)
+{
+	struct tm overflow_year = {0}, overflow_month = {0};
+	struct tm copy, max_time = {0}, min_time = {0}, zero = {0};
+	int64_t valid_time_range = INT64_C(315569519999);
+	int64_t posix_u64;
+	time_t posix_time;
+	int days, secs;
+	int failed = 1;
+
+	overflow_year.tm_year = INT_MAX - 1899;
+	overflow_year.tm_mday = 1;
+
+	overflow_month.tm_mon = INT_MAX;
+	overflow_month.tm_mday = 1;
+
+	if (OPENSSL_tm_to_posix(&overflow_year, &posix_u64)) {
+		fprintf(stderr, "FAIL: OPENSSL_tm_to_posix didn't fail on "
+		    "overflow of years\n");
+		goto err;
+	}
+	if (OPENSSL_tm_to_posix(&overflow_month, &posix_u64)) {
+		fprintf(stderr, "FAIL: OPENSSL_tm_to_posix didn't fail on "
+		    "overflow of months\n");
+		goto err;
+	}
+	if (OPENSSL_timegm(&overflow_year, &posix_time)) {
+		fprintf(stderr, "FAIL: OPENSSL_timegm didn't fail on "
+		    "overflow of years\n");
+		goto err;
+	}
+	if (OPENSSL_timegm(&overflow_month, &posix_time)) {
+		fprintf(stderr, "FAIL: OPENSSL_timegm didn't fail on "
+		    "overflow of months\n");
+		goto err;
+	}
+	if (OPENSSL_gmtime_adj(&overflow_year, 0, 0)) {
+		fprintf(stderr, "FAIL: OPENSSL_gmtime_adj didn't fail on "
+		    "overflow of years\n");
+		goto err;
+	}
+	if (OPENSSL_gmtime_adj(&overflow_month, 0, 0)) {
+		fprintf(stderr, "FAIL: OPENSSL_gmtime_adj didn't fail on "
+		    "overflow of months\n");
+		goto err;
+	}
+	if (OPENSSL_gmtime_diff(&days, &secs, &overflow_year, &overflow_year)) {
+		fprintf(stderr, "FAIL: OPENSSL_gmtime_diff didn't fail on "
+		    "overflow of years\n");
+		goto err;
+	}
+	if (OPENSSL_gmtime_diff(&days, &secs, &overflow_month, &overflow_month)) {
+		fprintf(stderr, "FAIL: OPENSSL_gmtime_diff didn't fail on "
+		    "overflow of months\n");
+		goto err;
+	}
+
+	/* Input time is in range but adding one second puts it out of range. */
+	max_time.tm_year = 9999 - 1900;
+	max_time.tm_mon = 12 - 1;
+	max_time.tm_mday = 31;
+	max_time.tm_hour = 23;
+	max_time.tm_min = 59;
+	max_time.tm_sec = 59;
+
+	copy = max_time;
+	if (!OPENSSL_gmtime_adj(&copy, 0, 0)) {
+		fprintf(stderr, "FAIL: OPENSSL_gmtime_adj by 0 sec didn't "
+		    "succeed for maximum time\n");
+		goto err;
+	}
+	if (memcmp(&copy, &max_time, sizeof(max_time)) != 0) {
+		fprintf(stderr, "FAIL: OPENSSL_gmtime_adj by 0 sec didn't "
+		    "leave copy of max_time unmodified\n");
+		goto err;
+	}
+	if (OPENSSL_gmtime_adj(&copy, 0, 1)) {
+		fprintf(stderr, "FAIL: OPENSSL_gmtime_adj by 1 sec didn't "
+		    "fail for maximum time\n");
+		goto err;
+	}
+	if (memcmp(&zero, &copy, sizeof(copy)) != 0) {
+		fprintf(stderr, "FAIL: failing OPENSSL_gmtime_adj didn't "
+		    "zero out max_time\n");
+		goto err;
+	}
+
+	min_time.tm_year = 0 - 1900;
+	min_time.tm_mon = 1 - 1;
+	min_time.tm_mday = 1;
+	min_time.tm_hour = 0;
+	min_time.tm_min = 0;
+	min_time.tm_sec = 0;
+
+	copy = min_time;
+	if (!OPENSSL_gmtime_adj(&copy, 0, 0)) {
+		fprintf(stderr, "FAIL: OPENSSL_gmtime_adj by 0 sec didn't "
+		    "succeed for minimum time\n");
+		goto err;
+	}
+	if (memcmp(&copy, &min_time, sizeof(min_time)) != 0) {
+		fprintf(stderr, "FAIL: OPENSSL_gmtime_adj by 0 sec didn't "
+		    "leave copy of min_time unmodified\n");
+		goto err;
+	}
+	if (OPENSSL_gmtime_adj(&copy, 0, -1)) {
+		fprintf(stderr, "FAIL: OPENSSL_gmtime_adj by 1 sec didn't "
+		    "fail for minimum time\n");
+		goto err;
+	}
+	if (memcmp(&zero, &copy, sizeof(copy)) != 0) {
+		fprintf(stderr, "FAIL: failing OPENSSL_gmtime_adj didn't "
+		    "zero out max_time\n");
+		goto err;
+	}
+
+	copy = min_time;
+	/* Test that we can offset by the valid minimum and maximum times. */
+	if (!OPENSSL_gmtime_adj(&copy, 0, valid_time_range)) {
+		fprintf(stderr, "FAIL: OPENSSL_gmtime_adj by maximum range "
+		    "failed\n");
+		goto err;
+	}
+	if (memcmp(&copy, &max_time, sizeof(max_time)) != 0) {
+		fprintf(stderr, "FAIL: maximally adjusted copy didn't match "
+		    "max_time\n");
+		hexdump((unsigned char *)&max_time, sizeof(max_time));
+		hexdump((unsigned char *)&copy, sizeof(copy));
+		goto err;
+	}
+	if (!OPENSSL_gmtime_adj(&copy, 0, -valid_time_range)) {
+		fprintf(stderr, "FAIL: OPENSSL_gmtime_adj by maximum range "
+		    "failed\n");
+		goto err;
+	}
+	if (memcmp(&copy, &min_time, sizeof(min_time)) != 0) {
+		fprintf(stderr, "FAIL: maximally adjusted copy didn't match "
+		    "min_time\n");
+		goto err;
+	}
+
+	/*
+	 * The second offset may even exceed the valid_time_range if it is
+	 * cancelled out by offset_day.
+	 */
+	if (!OPENSSL_gmtime_adj(&copy, -1, valid_time_range + 24 * 3600)) {
+		fprintf(stderr, "FAIL: OPENSSL_gmtime_adj by maximum range "
+		    "failed\n");
+		goto err;
+	}
+	if (memcmp(&copy, &max_time, sizeof(max_time)) != 0) {
+		fprintf(stderr, "FAIL: excess maximally adjusted copy didn't "
+		    "match max_time\n");
+		goto err;
+	}
+	if (!OPENSSL_gmtime_adj(&copy, 1, -valid_time_range - 24 * 3600)) {
+		fprintf(stderr, "FAIL: OPENSSL_gmtime_adj by maximum range "
+		    "failed\n");
+		goto err;
+	}
+	if (memcmp(&copy, &min_time, sizeof(min_time)) != 0) {
+		fprintf(stderr, "FAIL: excess maximally adjusted copy didn't "
+		    "match min_time\n");
+		goto err;
+	}
+
+	copy = max_time;
+	if (OPENSSL_gmtime_adj(&copy, INT_MAX, INT64_MAX)) {
+		fprintf(stderr, "FAIL: maximal adjustments in OPENSSL_gmtime_adj"
+		    "didn't fail\n");
+		goto err;
+	}
+	copy = min_time;
+	if (OPENSSL_gmtime_adj(&copy, INT_MIN, INT64_MIN)) {
+		fprintf(stderr, "FAIL: minimal adjustments in OPENSSL_gmtime_adj"
+		    "didn't fail\n");
+		goto err;
+	}
+
+	/* Test we can diff between maximum time and minimum time. */
+	if (!OPENSSL_gmtime_diff(&days, &secs, &max_time, &min_time)) {
+		fprintf(stderr, "FAIL: OPENSSL_gmtime_diff between maximum and "
+		    "minimum time failed\n");
+		goto err;
+	}
+	if (!OPENSSL_gmtime_diff(&days, &secs, &min_time, &max_time)) {
+		fprintf(stderr, "FAIL: OPENSSL_gmtime_diff between minimum and "
+		    "maximum time failed\n");
+		goto err;
+	}
+
+
+	failed = 0;
+
+ err:
+	return failed;
+}
+
 int
 main(int argc, char **argv)
 {
@@ -614,5 +818,8 @@ main(int argc, char **argv)
 	/* Check for a leak in ASN1_TIME_normalize(). */
 	failed |= ASN1_TIME_normalize(NULL) != 0;
 
+	fprintf(stderr, "Time overflow tests...\n");
+	failed |= asn1_time_overflow();
+
 	return (failed);
 }