static int tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore, time_t *notafter) { struct tm before_tm, after_tm; ASN1_TIME *before, *after; int rv = -1; memset(&before_tm, 0, sizeof(before_tm)); memset(&after_tm, 0, sizeof(after_tm)); if (ctx->ssl_peer_cert != NULL) { if ((before = X509_get_notBefore(ctx->ssl_peer_cert)) == NULL) goto err; if ((after = X509_get_notAfter(ctx->ssl_peer_cert)) == NULL) goto err; if (asn1_time_parse((char*)before->data, before->length, &before_tm, 0) == -1) goto err; if (asn1_time_parse((char*)after->data, after->length, &after_tm, 0) == -1) goto err; if ((*notbefore = timegm(&before_tm)) == -1) goto err; if ((*notafter = timegm(&after_tm)) == -1) goto err; } rv = 0; err: return (rv); }
int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d) { if (d->type != V_ASN1_GENERALIZEDTIME) return (0); return (d->type == asn1_time_parse(d->data, d->length, NULL, d->type)); }
ASN1_GENERALIZEDTIME * ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out) { ASN1_GENERALIZEDTIME *tmp = NULL; struct tm tm; char *str; if (t->type != V_ASN1_GENERALIZEDTIME && t->type != V_ASN1_UTCTIME) return (NULL); memset(&tm, 0, sizeof(tm)); if (t->type != asn1_time_parse(t->data, t->length, &tm, t->type)) return (NULL); if ((str = gentime_string_from_tm(&tm)) == NULL) return (NULL); if (out != NULL) tmp = *out; if (tmp == NULL && (tmp = ASN1_GENERALIZEDTIME_new()) == NULL) { free(str); return (NULL); } if (out != NULL) *out = tmp; free(tmp->data); tmp->data = str; tmp->length = strlen(str); return (tmp); }
int ASN1_TIME_check(ASN1_TIME *t) { if (t->type != V_ASN1_GENERALIZEDTIME && t->type != V_ASN1_UTCTIME) return (0); return (t->type == asn1_time_parse(t->data, t->length, NULL, t->type)); }
int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t2) { struct tm tm1, tm2; /* * This function has never handled failure conditions properly * and should be deprecated. The OpenSSL version used to * simply follow NULL pointers on failure. BoringSSL and * OpenSSL now make it return -2 on failure. * * The danger is that users of this function will not * differentiate the -2 failure case from t1 < t2. */ if (asn1_time_parse(s->data, s->length, &tm1, V_ASN1_UTCTIME) == -1) return (-2); /* XXX */ if (gmtime_r(&t2, &tm2) == NULL) return (-2); /* XXX */ return asn1_tm_cmp(&tm1, &tm2); }
static int ASN1_TIME_set_string_internal(ASN1_TIME *s, const char *str, int mode) { int type; char *tmp; if ((type = asn1_time_parse(str, strlen(str), NULL, mode)) == -1) return (0); if (mode != 0 && mode != type) return (0); if (s == NULL) return (1); if ((tmp = strdup(str)) == NULL) return (0); free(s->data); s->data = tmp; s->length = strlen(tmp); s->type = type; return (1); }
int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t2) { struct tm tm1; time_t t1; /* * This function has never handled failure conditions properly * and should be deprecated. BoringSSL makes it return -2 on * failures, the OpenSSL version follows NULL pointers instead. */ if (asn1_time_parse(s->data, s->length, &tm1, V_ASN1_UTCTIME) == -1) return (-2); /* XXX */ if ((t1 = timegm(&tm1)) == -1) return (-2); /* XXX */ if (t1 < t2) return (-1); if (t1 > t2) return (1); return (0); }