[tls] Parse X.509 validity times into seconds since the Epoch

Signed-off-by: Michael Brown <mcb30@ipxe.org>

diff --git a/src/crypto/x509.c b/src/crypto/x509.c
index 2a5e72ba0fbc75a243a41d1592bf43ccd1335e82..3303ae226fffa9dab61aca684f5083e197020bd5 100644 (file)
--- a/src/crypto/x509.c
+++ b/src/crypto/x509.c
@@ -20,6 +20,7 @@ FILE_LICENCE ( GPL2_OR_LATER );
 
 #include <string.h>
 #include <ctype.h>
+#include <time.h>
 #include <errno.h>
 #include <assert.h>
 #include <ipxe/asn1.h>
@@ -331,6 +332,7 @@ static int x509_parse_time ( struct x509_certificate *cert,
                } __attribute__ (( packed )) named;
                uint8_t raw[7];
        } pairs;
+       struct tm tm;
        const uint8_t *data;
        size_t remaining;
        unsigned int tens;
@@ -395,12 +397,16 @@ static int x509_parse_time ( struct x509_certificate *cert,
        }
 
        /* Fill in time */
-       time->year = ( ( pairs.named.century * 100 ) + pairs.named.year );
-       time->month = pairs.named.month;
-       time->day = pairs.named.day;
-       time->hour = pairs.named.hour;
-       time->minute = pairs.named.minute;
-       time->second = pairs.named.second;
+       tm.tm_year = ( ( ( pairs.named.century - 19 ) * 100 ) +
+                      pairs.named.year );
+       tm.tm_mon = ( pairs.named.month - 1 );
+       tm.tm_mday = pairs.named.day;
+       tm.tm_hour = pairs.named.hour;
+       tm.tm_min = pairs.named.minute;
+       tm.tm_sec = pairs.named.second;
+
+       /* Convert to seconds since the Epoch */
+       time->time = mktime ( &tm );
 
        return 0;
 }
@@ -492,17 +498,13 @@ static int x509_parse_validity ( struct x509_certificate *cert,
        /* Parse notBefore */
        if ( ( rc = x509_parse_time ( cert, not_before, &cursor ) ) != 0 )
                return rc;
-       DBGC ( cert, "X509 %p valid from %04d-%02d-%02d %02d:%02d:%02d\n",
-              cert, not_before->year, not_before->month, not_before->day,
-              not_before->hour, not_before->minute, not_before->second );
+       DBGC ( cert, "X509 %p valid from time %lld\n", cert, not_before->time );
        asn1_skip_any ( &cursor );
 
        /* Parse notAfter */
        if ( ( rc = x509_parse_time ( cert, not_after, &cursor ) ) != 0 )
                return rc;
-       DBGC ( cert, "X509 %p valid until %04d-%02d-%02d %02d:%02d:%02d\n",
-              cert, not_after->year, not_after->month, not_after->day,
-              not_after->hour, not_after->minute, not_after->second );
+       DBGC ( cert, "X509 %p valid until time %lld\n", cert, not_after->time );
 
        return 0;
 }

diff --git a/src/include/ipxe/x509.h b/src/include/ipxe/x509.h
index 4da4539f27cd253a78abfaf66f86bc1b6f51d943..f290a76e34067dcf092db5658791fd9373a22a07 100644 (file)
--- a/src/include/ipxe/x509.h
+++ b/src/include/ipxe/x509.h
@@ -11,6 +11,7 @@ FILE_LICENCE ( GPL2_OR_LATER );
 
 #include <stdint.h>
 #include <stddef.h>
+#include <time.h>
 #include <ipxe/asn1.h>
 
 /** ASN.1 OID for joint-iso-itu-t(2) ds(5) attributeType(4) */
@@ -70,18 +71,8 @@ struct x509_issuer {
 
 /** An X.509 time */
 struct x509_time {
-       /** Year */
-       uint16_t year;
-       /** Month */
-       uint8_t month;
-       /** Day */
-       uint8_t day;
-       /** Hour */
-       uint8_t hour;
-       /** Minute */
-       uint8_t minute;
-       /** Second */
-       uint8_t second;
+       /** Seconds since the Epoch */
+       time_t time;
 };
 
 /** An X.509 certificate validity period */