new function ASN1_TIME_diff to calculate difference between two ASN1_TIME structures

CHANGES

@@ -4,6 +4,10 @@
 
  Changes between 1.0.x and 1.1.0  [xx XXX xxxx]
 
+  *) New function ASN1_TIME_diff to calculate the difference between two
+     ASN1_TIME structures or one structure and the current time.
+     [Steve Henson]
+
   *) Fixes and wildcard matching support to hostname and email checking
      functions. Add manual page.
      [Florian Weimer (Red Hat Product Security Team)]

crypto/asn1/a_gentm.c

@@ -63,6 +63,7 @@
 #include "cryptlib.h"
 #include "o_time.h"
 #include <openssl/asn1.h>
+#include "asn1_locl.h"
 
 #if 0
 
@@ -115,7 +116,7 @@ err:
 
 #endif
 
-int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *d)
+int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d)
 	{
 	static const int min[9]={ 0, 0, 1, 1, 0, 0, 0, 0, 0};
 	static const int max[9]={99, 99,12,31,23,59,59,12,59};
@@ -135,7 +136,12 @@ int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *d)
 		{
 		if ((i == 6) && ((a[o] == 'Z') ||
 			(a[o] == '+') || (a[o] == '-')))
-			{ i++; break; }
+			{
+			i++;
+			if (tm)
+				tm->tm_sec = 0;
+			break;
+			}
 		if ((a[o] < '0') || (a[o] > '9')) goto err;
 		n= a[o]-'0';
 		if (++o > l) goto err;
@@ -145,6 +151,33 @@ int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *d)
 		if (++o > l) goto err;
 
 		if ((n < min[i]) || (n > max[i])) goto err;
+		if (tm)
+			{
+			switch(i)
+				{
+			case 0:
+				tm->tm_year = n * 100 - 1900;
+				break;
+			case 1:
+				tm->tm_year += n;
+				break;
+			case 2:
+				tm->tm_mon = n - 1;
+				break;
+			case 3:
+				tm->tm_mday = n;
+				break;
+			case 4:
+				tm->tm_hour = n;
+				break;
+			case 5:
+				tm->tm_min = n;
+				break;
+			case 6:
+				tm->tm_sec = n;
+				break;
+				}
+			}
 		}
 	/* Optional fractional seconds: decimal point followed by one
 	 * or more digits.
@@ -163,6 +196,7 @@ int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *d)
 		o++;
 	else if ((a[o] == '+') || (a[o] == '-'))
 		{
+		int offsign = a[o] == '-' ? -1 : 1, offset = 0;
 		o++;
 		if (o+4 > l) goto err;
 		for (i=7; i<9; i++)
@@ -173,10 +207,19 @@ int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *d)
 			if ((a[o] < '0') || (a[o] > '9')) goto err;
 			n=(n*10)+ a[o]-'0';
 			if ((n < min[i]) || (n > max[i])) goto err;
+			if (tm)
+				{
+				if (i == 7)
+					offset = n * 3600;
+				else if (i == 8)
+					offset += n * 60;
+				}
 			o++;
 			}
+		if (offset && !OPENSSL_gmtime_adj(tm, 0, offset * offsign))
+			return 0;
 		}
-	else
+	else if (a[o])
 		{
 		/* Missing time zone information. */
 		goto err;
@@ -186,6 +229,11 @@ err:
 	return(0);
 	}
 
+int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *d)
+	{
+	return asn1_generalizedtime_to_tm(NULL, d);
+	}
+
 int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str)
 	{
 	ASN1_GENERALIZEDTIME t;

crypto/asn1/a_time.c

@@ -66,6 +66,7 @@
 #include "cryptlib.h"
 #include "o_time.h"
 #include <openssl/asn1t.h>
+#include "asn1_locl.h"
 
 IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME)
 
@@ -197,64 +198,32 @@ int ASN1_TIME_set_string(ASN1_TIME *s, const char *str)
 	return 1;
 	}
 
-#if 0
-static int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *s)
+static int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *t)
 	{
-	const unsigned char *p;
-
-	if (!ASN1_TIME_check(s))
-		return 0;
-
-	memset(tm, 0 ,sizeof tm);
-	p = s->data;
-
-#define g2(p) (((p)[0] - '0') * 10 + ((p)[1] - '0'))
-	if (s->type == V_ASN1_GENERALIZEDTIME)
-		{
-		int yr = g2(p) * 100 + g2(p + 2);
-		if (yr < 1900)
-			return 0;
-		tm->tm_year = yr - 1900;
-		p += 4;
-		}
-	else
-		{
-		tm->tm_year=g2(p);
-		if(tm->tm_year < 50)
-			tm->tm_year+=100;
-		p += 2;
-		}
-	tm->tm_mon=g2(p)-1;
-	tm->tm_mday=g2(p + 2);
-	tm->tm_hour=g2(p + 4);
-	tm->tm_min=g2(p + 6);
-	p += 8;
-	/* Seconds optional in UTCTime */
-	if (s->type == V_ASN1_GENERALIZEDTIME || (*p >= '0' && *p <= '9'))
-		{
-		tm->tm_sec=g2(p);
-		p += 2;
-		}
-	else
-		tm->tm_sec = 0;
-	if (s->type == V_ASN1_GENERALIZEDTIME)
+	if (t == NULL)
 		{
-		/* Skip any fractional seconds */
-		if (*p == '.')
-			{
-			p++;
-			while (*p >= '0' && *p <= '9')
-				p++;
-			}
-		}
-	/* Timezone */
-	if(*p != 'Z')
-		{
-		int off_sec = g2(p + 1) * 3600 + g2(p + 3) * 60;
-		if(*p == '-')
-			off_sec = -off_sec;
-		OPENSSL_gmtime_adj(tm, 0, off_sec);
+		time_t now_t;
+		time(&now_t);
+		if (OPENSSL_gmtime(&now_t, tm))
+			return 1;
+		return 0;
 		}
-	return 1;
+		
+	if (t->type == V_ASN1_UTCTIME)
+		return asn1_utctime_to_tm(tm, t);
+	else if (t->type == V_ASN1_GENERALIZEDTIME)
+		return asn1_generalizedtime_to_tm(tm, t);
+
+	return 0;
 	}
-#endif
+
+int ASN1_TIME_diff(int *pyear, int *psec,
+			const ASN1_TIME *from, const ASN1_TIME *to)
+	{
+	struct tm tm_from, tm_to;
+	if (!asn1_time_to_tm(&tm_from, from))
+		return 0;
+	if (!asn1_time_to_tm(&tm_to, to))
+		return 0;
+	return OPENSSL_gmtime_diff(&tm_from, &tm_to, pyear, psec);
+	}	

crypto/asn1/a_utctm.c

@@ -61,6 +61,7 @@
 #include "cryptlib.h"
 #include "o_time.h"
 #include <openssl/asn1.h>
+#include "asn1_locl.h"
 
 #if 0
 int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **pp)
@@ -112,7 +113,7 @@ err:
 
 #endif
 
-int ASN1_UTCTIME_check(const ASN1_UTCTIME *d)
+int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d)
 	{
 	static const int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0};
 	static const int max[8]={99,12,31,23,59,59,12,59};
@@ -129,7 +130,12 @@ int ASN1_UTCTIME_check(const ASN1_UTCTIME *d)
 		{
 		if ((i == 5) && ((a[o] == 'Z') ||
 			(a[o] == '+') || (a[o] == '-')))
-			{ i++; break; }
+			{
+			i++;
+			if (tm)
+				tm->tm_sec = 0;
+			break;
+			}
 		if ((a[o] < '0') || (a[o] > '9')) goto err;
 		n= a[o]-'0';
 		if (++o > l) goto err;
@@ -139,11 +145,36 @@ int ASN1_UTCTIME_check(const ASN1_UTCTIME *d)
 		if (++o > l) goto err;
 
 		if ((n < min[i]) || (n > max[i])) goto err;
+		if (tm)
+			{
+			switch(i)
+				{
+			case 0:
+				tm->tm_year = n < 50 ? n + 100 : n;
+				break;
+			case 1:
+				tm->tm_mon = n - 1;
+				break;
+			case 2:
+				tm->tm_mday = n;
+				break;
+			case 3:
+				tm->tm_hour = n;
+				break;
+			case 4:
+				tm->tm_min = n;
+				break;
+			case 5:
+				tm->tm_sec = n;
+				break;
+				}
+			}
 		}
 	if (a[o] == 'Z')
 		o++;
 	else if ((a[o] == '+') || (a[o] == '-'))
 		{
+		int offsign = a[o] == '-' ? -1 : 1, offset = 0;
 		o++;
 		if (o+4 > l) goto err;
 		for (i=6; i<8; i++)
@@ -154,12 +185,26 @@ int ASN1_UTCTIME_check(const ASN1_UTCTIME *d)
 			if ((a[o] < '0') || (a[o] > '9')) goto err;
 			n=(n*10)+ a[o]-'0';
 			if ((n < min[i]) || (n > max[i])) goto err;
+			if (tm)
+				{
+				if (i == 6)
+					offset = n * 3600;
+				else if (i == 7)
+					offset += n * 60;
+				}
 			o++;
 			}
+		if (offset && !OPENSSL_gmtime_adj(tm, 0, offset * offsign))
+			return 0;
 		}
-	return(o == l);
+	return o == l;
 err:
-	return(0);
+	return 0;
+	}
+
+int ASN1_UTCTIME_check(const ASN1_UTCTIME *d)
+	{
+	return asn1_utctime_to_tm(NULL, d);
 	}
 
 int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str)

crypto/asn1/asn1.h

@@ -860,6 +860,8 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t)
 ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
 	     time_t t, int offset_day, long offset_sec);
 int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str);
+int ASN1_TIME_diff(int *pyear, int *psec,
+			const ASN1_TIME *from, const ASN1_TIME *to);
 
 DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
 ASN1_OCTET_STRING *	ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *a);

crypto/asn1/asn1_locl.h

@@ -58,6 +58,9 @@
 
 /* Internal ASN1 structures and functions: not for application use */
 
+int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d);
+int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d);
+
 /* ASN1 print context structure */
 
 struct asn1_pctx_st