From 6e6aa5b0c16081170312980db5cc48e15b3d2398 Mon Sep 17 00:00:00 2001
From: Hayden Roche <hayden@wolfssl.com>
Date: Tue, 15 Mar 2022 10:50:23 -0700
Subject: [PATCH] Fix bug in wolfSSL_ASN1_TIME_diff.

This function should not error out if one of the passed in times is the Unix
epoch. This amounts to erroring out when the XMKTIME returns < 0, rather than
<= 0.
---
 src/ssl.c   |  4 ++--
 tests/api.c | 14 +++++++++++---
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 295eadc3b..59533817f 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -32084,7 +32084,7 @@ int wolfSSL_ASN1_TIME_diff(int *days, int *secs, const WOLFSSL_ASN1_TIME *from,
     }
 
     fromSecs = XMKTIME(fromTm);
-    if (fromSecs <= 0) {
+    if (fromSecs < 0) {
         WOLFSSL_MSG("XMKTIME for from time failed.");
         return WOLFSSL_FAILURE;
     }
@@ -32103,7 +32103,7 @@ int wolfSSL_ASN1_TIME_diff(int *days, int *secs, const WOLFSSL_ASN1_TIME *from,
     }
 
     toSecs = XMKTIME(toTm);
-    if (toSecs <= 0) {
+    if (toSecs < 0) {
         WOLFSSL_MSG("XMKTIME for to time failed.");
         return WOLFSSL_FAILURE;
     }
diff --git a/tests/api.c b/tests/api.c
index 68b8dd6a4..7df51c2e6 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -30618,15 +30618,23 @@ static void test_wolfSSL_ASN1_TIME_diff(void)
 
     AssertNotNull((fromTime = ASN1_TIME_new()));
     /* Feb 22, 2003, 21:15:15 */
-    AssertIntEQ(ASN1_TIME_set_string(fromTime, "030222211515Z"), 1);
+    AssertIntEQ(ASN1_TIME_set_string(fromTime, "030222211515Z"), WOLFSSL_SUCCESS);
     AssertNotNull((toTime = ASN1_TIME_new()));
     /* Dec 19, 2010, 18:10:11 */
-    AssertIntEQ(ASN1_TIME_set_string(toTime, "101219181011Z"), 1);
-    AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), 1);
+    AssertIntEQ(ASN1_TIME_set_string(toTime, "101219181011Z"), WOLFSSL_SUCCESS);
+    AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), WOLFSSL_SUCCESS);
 
     AssertIntEQ(daysDiff, 2856);
     AssertIntEQ(secsDiff, 75296);
 
+    /* Edge case with Unix epoch. */
+    AssertNotNull(ASN1_TIME_set_string(fromTime, "19700101000000Z"));
+    AssertNotNull(ASN1_TIME_set_string(toTime, "19800101000000Z"));
+    AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), WOLFSSL_SUCCESS);
+
+    AssertIntEQ(daysDiff, 3652);
+    AssertIntEQ(secsDiff, 0);
+
     ASN1_TIME_free(fromTime);
     ASN1_TIME_free(toTime);