Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(442)

Delta Between Two Patch Sets: ssh/certs.go

Issue 15520047: code review 15520047: go.crypto/ssh: Implement CertTime to fix an issue with ... (Closed)
Left Patch Set: diff -r 32844aa1ae54 https://code.google.com/p/go.crypto Created 10 years, 5 months ago
Right Patch Set: diff -r 32844aa1ae54 https://code.google.com/p/go.crypto Created 10 years, 5 months ago
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
Left: Side by side diff | Download
Right: Side by side diff | Download
« no previous file with change/comment | « no previous file | ssh/keys_test.go » ('j') | no next file with change/comment »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
LEFTRIGHT
1 // Copyright 2012 The Go Authors. All rights reserved. 1 // Copyright 2012 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style 2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file. 3 // license that can be found in the LICENSE file.
4 4
5 package ssh 5 package ssh
6 6
7 import ( 7 import (
8 "time" 8 "time"
9 ) 9 )
10 10
(...skipping 22 matching lines...) Expand all
33 type tuple struct { 33 type tuple struct {
34 Name string 34 Name string
35 Data string 35 Data string
36 } 36 }
37 37
38 const ( 38 const (
39 maxUint64 = 1<<64 - 1 39 maxUint64 = 1<<64 - 1
40 maxInt64 = 1<<63 - 1 40 maxInt64 = 1<<63 - 1
41 ) 41 )
42 42
43 // A time.Time cannot represent seconds higher than maxInt64. However, 43 // CertTime represents an unsigned 64-bit time value in seconds starting from
44 // conversion from uint64 to int64 for values higher than this will result in 44 // UNIX epoch. We use CertTime instead of time.Time in order to properly handle
45 // negative int64 values and result in times before unix epoch that are not 45 // the "infinite" time value ^0, which would become negative when expressed as
46 // intended to be used with certs. maxInt64 in unix seconds would be 46 // an int64.
47 // 292277026596-12-04 15:30:07 +0000 UTC. We are safe until the year
48 // 292,277,026,596 in setting this value to maxInt64 for values above
49 // maxInt64. A use case for this is the "forever" setting where ValidAfter is 0
50 // (all bytes 0x00) and ValidBefore is maxUint64 (all bytes 0xFF). OpenSSH does
51 // something similar to this by clamping to INT_MAX.
52
53 // CertTime represents an unsigned 64bit time value in seconds starting from
54 // unix epoch. We use CertTime instead of time.Time in order to properly
55 // handle time values above what a time.Time can represent and prevent values
hanwen-google 2013/10/23 05:03:28 This comment is too large compared to what we're d
jmpittman 2013/10/23 11:34:48 I wrote two comments. One for the reader of the c
hanwen-google 2013/10/23 15:32:50 ".. to properly handle the "infinite" time value ^
jmpittman 2013/10/23 16:30:34 Done.
56 // before unix epoch.
57 type CertTime uint64 47 type CertTime uint64
58 48
59 func (ct CertTime) Time() time.Time { 49 func (ct CertTime) Time() time.Time {
60 if ct > maxInt64 { 50 if ct > maxInt64 {
61 return time.Unix(maxInt64, 0) 51 return time.Unix(maxInt64, 0)
62 } 52 }
63 return time.Unix(int64(ct), 0) 53 return time.Unix(int64(ct), 0)
64 } 54 }
65 55
66 func (ct CertTime) IsTheEnd() bool { 56 func (ct CertTime) IsInfinite() bool {
hanwen-google 2013/10/23 15:32:50 IsInfinite?
jmpittman 2013/10/23 16:30:34 Done.
67 return ct == maxUint64 57 return ct == maxUint64
68 } 58 }
69 59
70 // An OpenSSHCertV01 represents an OpenSSH certificate as defined in 60 // An OpenSSHCertV01 represents an OpenSSH certificate as defined in
71 // [PROTOCOL.certkeys]?rev=1.8. 61 // [PROTOCOL.certkeys]?rev=1.8.
72 type OpenSSHCertV01 struct { 62 type OpenSSHCertV01 struct {
73 Nonce []byte 63 Nonce []byte
74 Key PublicKey 64 Key PublicKey
75 Serial uint64 65 Serial uint64
76 Type uint32 66 Type uint32
(...skipping 302 matching lines...) Expand 10 before | Expand all | Expand 10 after
379 if sigBytes, rest, ok = parseString(in); !ok { 369 if sigBytes, rest, ok = parseString(in); !ok {
380 return 370 return
381 } 371 }
382 372
383 out, sigBytes, ok = parseSignatureBody(sigBytes) 373 out, sigBytes, ok = parseSignatureBody(sigBytes)
384 if !ok || len(sigBytes) > 0 { 374 if !ok || len(sigBytes) > 0 {
385 return nil, nil, false 375 return nil, nil, false
386 } 376 }
387 return 377 return
388 } 378 }
LEFTRIGHT
« no previous file | ssh/keys_test.go » ('j') | Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Toggle Comments ('s')

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b