Fix ASN1_TIME_diff() with NULL times

The ASN1_TIME_diff() API accepts NULL ASN1_TIMEs and interprets them
as "now". This is used in sysutils/monit, as found by semarie with a
crash after update. Implement this behavior by porting a version of
ASN1_TIME_to_tm() to LibreSSL and using it in ASN1_TIME_diff().

Tested by semarie

ok beck jsing semarie

1 files changed, 18 insertions, 3 deletions

diff --git a/lib/libcrypto/asn1/a_time.c b/lib/libcrypto/asn1/a_time.c
index aa6f1c07731..6e4f1a8065f 100644
--- a/lib/libcrypto/asn1/a_time.c
+++ b/lib/libcrypto/asn1/a_time.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_time.c,v 1.30 2021/10/28 14:24:08 tb Exp $ */
+/* $OpenBSD: a_time.c,v 1.31 2021/11/03 13:44:15 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
@@ -106,14 +106,29 @@ ASN1_TIME_free(ASN1_TIME *a)
 	ASN1_item_free((ASN1_VALUE *)a, &ASN1_TIME_it);
 }
 
+/* Public API in OpenSSL. Kept internal for now. */
+static int
+ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm)
+{
+	time_t now;
+
+	if (s != NULL)
+		return ASN1_time_parse(s->data, s->length, tm, 0) != -1;
+
+	time(&now);
+	memset(tm, 0, sizeof(*tm));
+
+	return gmtime_r(&now, tm) != NULL;
+}
+
 int
 ASN1_TIME_diff(int *pday, int *psec, const ASN1_TIME *from, const ASN1_TIME *to)
 {
     struct tm tm_from, tm_to;
 
-    if (ASN1_time_parse(from->data, from->length, &tm_from, 0) == -1)
+    if (!ASN1_TIME_to_tm(from, &tm_from))
 	    return 0;
-    if (ASN1_time_parse(to->data, to->length, &tm_to, 0) == -1)
+    if (!ASN1_TIME_to_tm(to, &tm_to))
 	    return 0;
 
     return OPENSSL_gmtime_diff(pday, psec, &tm_from, &tm_to);