ASN1_TIME to time_t

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

ASN1_TIME to time_t

Dmitry Belyavsky-3
Hello,

Is there a way to convert ASN1_TIME to time_t or smth compatible? Quick googling does not show good results.

Thank you!

--
SY, Dmitry Belyavsky

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: ASN1_TIME to time_t

Matt Caswell-2


On 06/09/17 09:12, Dmitry Belyavsky wrote:
> Hello,
>
> Is there a way to convert ASN1_TIME to time_t or smth compatible? Quick
> googling does not show good results.

In master you can use ASN1_TIME_to_tm() which will give you a struct tm.
Not available in released versions yet though.

Matt

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: ASN1_TIME to time_t

Dmitry Belyavsky-3
Dear Matt,

On Wed, Sep 6, 2017 at 11:16 AM, Matt Caswell <[hidden email]> wrote:


On 06/09/17 09:12, Dmitry Belyavsky wrote:
> Hello,
>
> Is there a way to convert ASN1_TIME to time_t or smth compatible? Quick
> googling does not show good results.

In master you can use ASN1_TIME_to_tm() which will give you a struct tm.
Not available in released versions yet though.

Is it implementable via API in 1.0.2?


--
SY, Dmitry Belyavsky

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: ASN1_TIME to time_t

Matt Caswell-2


On 06/09/17 09:20, Dmitry Belyavsky wrote:

> Dear Matt,
>
> On Wed, Sep 6, 2017 at 11:16 AM, Matt Caswell <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>
>
>     On 06/09/17 09:12, Dmitry Belyavsky wrote:
>     > Hello,
>     >
>     > Is there a way to convert ASN1_TIME to time_t or smth compatible? Quick
>     > googling does not show good results.
>
>     In master you can use ASN1_TIME_to_tm() which will give you a struct tm.
>     Not available in released versions yet though.
>
>
> Is it implementable via API in 1.0.2?

Probably (not checked in detail), but you'd have to copy the
implementation into your code. See asn1_time_to_tm() in
crypto/asn1/a_time.c in master.

Matt

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: ASN1_TIME to time_t

Michael Wojcik
In reply to this post by Dmitry Belyavsky-3
> From: openssl-users [mailto:[hidden email]] On Behalf Of Dmitry Belyavsky
> Sent: Wednesday, September 06, 2017 04:12

> Is there a way to convert ASN1_TIME to time_t or smth compatible? Quick googling does not show good results.

We just implemented it ourselves, by parsing the data field of the (1.0.2) OpenSSL ASN1_TIME structure into a struct tm and using mktime.

That's not ideal, since it's looking at an internal representation. Also, for some reason, 1.0.2 seems to keep the year as a two-digit value for ASN.1 UTC Time, with a window centered on 1970, while it uses a 4-digit year for ASN.1 Generalized Time. The code handles that but it makes me nervous - it's the sort of internal detail that seems likely to change.

struct tm is local time, so you need to adjust for timezone. With Generalized Time you need to parse the offset from UTC; then you adjust your struct tm based on the difference between the ASN.1 time's offset and your local offset.

I should really review that code at some point. But for now it appears to work.

Michael Wojcik
Distinguished Engineer, Micro Focus



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: ASN1_TIME to time_t

Jakob Bohm-7
On 06/09/2017 14:17, Michael Wojcik wrote:
>> From: openssl-users [mailto:[hidden email]] On Behalf Of Dmitry Belyavsky
>> Sent: Wednesday, September 06, 2017 04:12
>> Is there a way to convert ASN1_TIME to time_t or smth compatible? Quick googling does not show good results.
> We just implemented it ourselves, by parsing the data field of the (1.0.2) OpenSSL ASN1_TIME structure into a struct tm and using mktime.
>
> That's not ideal, since it's looking at an internal representation. Also, for some reason, 1.0.2 seems to keep the year as a two-digit value for ASN.1 UTC Time, with a window centered on 1970, while it uses a 4-digit year for ASN.1 Generalized Time. The code handles that but it makes me nervous - it's the sort of internal detail that seems likely to change.
Really?  I thought the standard window for the two-digit representation
in the DER/BER encoding was centered on 2000, at least in certificates.
But I may be mistaken.

> struct tm is local time, so you need to adjust for timezone. With Generalized Time you need to parse the offset from UTC; then you adjust your struct tm based on the difference between the ASN.1 time's offset and your local offset.
It's not as much struct tm, as it is the mktime() API.  If
available, try the BSD/GNU API timegm(), although that is
officially "obsolete".

Or you could go pure C and use the integer arithmetic that
converts broken-down Gregorian dates to a day count since an
arbitrary base, either the Gauss formula, or something based on:

  ((month < 3u ? month - 3u : month + 9u) * 367u + Yu) / 12u + mday

(Y is a single digit constant, forgot which).

(That particular formula is my reconstruction of how the calendar
was probably designed by the advisor to Julius Caesar: Worst case
year is 367 days, divide equally among 12 months, restart about 20
days before spring equinox, use a historic rounding rule represented
by Y. Of cause with Roman numerals, they would have used (month - 2)).

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: ASN1_TIME to time_t

Dr. Stephen Henson
In reply to this post by Dmitry Belyavsky-3
On Wed, Sep 06, 2017, Dmitry Belyavsky wrote:

> Dear Matt,
>
> On Wed, Sep 6, 2017 at 11:16 AM, Matt Caswell <[hidden email]> wrote:
>
> >
> >
> > On 06/09/17 09:12, Dmitry Belyavsky wrote:
> > > Hello,
> > >
> > > Is there a way to convert ASN1_TIME to time_t or smth compatible? Quick
> > > googling does not show good results.
> >
> > In master you can use ASN1_TIME_to_tm() which will give you a struct tm.
> > Not available in released versions yet though.
> >
>
> Is it implementable via API in 1.0.2?
>

No but there is a a round about way of achieving the same result. The
ASN1_TIME_diff() function will determine the difference between two ASN1_TIME
structures and return the result as a number of days and seconds.

So if you set one to the epoch time you can then calculate the time_t from the
difference.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: ASN1_TIME to time_t

Michael Wojcik
In reply to this post by Jakob Bohm-7
> From: openssl-users [mailto:[hidden email]] On Behalf
> Of Jakob Bohm
> Sent: Wednesday, September 06, 2017 09:27
>
> On 06/09/2017 14:17, Michael Wojcik wrote:
>
> > struct tm is local time, so you need to adjust for timezone.
>
> It's not as much struct tm, as it is the mktime() API.

Of course you're right.

>  If available, try the BSD/GNU API timegm(), although that is
> officially "obsolete".

We need much wider platform compatibility. It's not a big deal, though.

--
Michael Wojcik
Distinguished Engineer, Micro Focus



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: ASN1_TIME to time_t

Michael Wojcik
In reply to this post by Dr. Stephen Henson
> From: openssl-users [mailto:[hidden email]] On Behalf
> Of Dr. Stephen Henson
> Sent: Wednesday, September 06, 2017 10:26
>
> No but there is a a round about way of achieving the same result. The
> ASN1_TIME_diff() function will determine the difference between two
> ASN1_TIME structures and return the result as a number of days and seconds.
>
> So if you set one to the epoch time you can then calculate the time_t from
> the difference.

That's almost certainly a much better approach than the one I described in my previous email.

I assume ASN1_TIME_diff takes into account ASN.1 UTC Time versus Generalized Time, and timezone information. Though it wouldn't be hard to have a few different ASN1_TIME structures for the various permutations.

--
Michael Wojcik
Distinguished Engineer, Micro Focus



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: ASN1_TIME to time_t

Dr. Stephen Henson
On Wed, Sep 06, 2017, Michael Wojcik wrote:

> > From: openssl-users [mailto:[hidden email]] On Behalf
> > Of Dr. Stephen Henson
> > Sent: Wednesday, September 06, 2017 10:26
> >
> > No but there is a a round about way of achieving the same result. The
> > ASN1_TIME_diff() function will determine the difference between two
> > ASN1_TIME structures and return the result as a number of days and seconds.
> >
> > So if you set one to the epoch time you can then calculate the time_t from
> > the difference.
>
> That's almost certainly a much better approach than the one I described in my previous email.
>
> I assume ASN1_TIME_diff takes into account ASN.1 UTC Time versus Generalized Time, and timezone information. Though it wouldn't be hard to have a few different ASN1_TIME structures for the various permutations.
>

Yes ASN1_TIME corresponds to the ASN.1 Time structure which ia a choice of
UTCTime and GeneralizedTime it acts in an appropriate way depending on the
type that has been passed in. Timezones should be handled properly though
there was a recent bug fixed: timezones are only rarely encountered in
practice and not legal in many standards (e.g. RFC5280).

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users