[thirdparty/openssl.git] / crypto / asn1 / a_time.c

/*
 * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*-
 * This is an implementation of the ASN1 Time structure which is:
 *    Time ::= CHOICE {
 *      utcTime        UTCTime,
 *      generalTime    GeneralizedTime }
 */

#include <stdio.h>
#include <time.h>
#include "crypto/ctype.h"
#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
#include "asn1_local.h"

IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME)

IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME)
IMPLEMENT_ASN1_DUP_FUNCTION(ASN1_TIME)

static int is_utc(const int year)
{
    if (50 <= year && year <= 149)
        return 1;
    return 0;
}

static int leap_year(const int year)
{
    if (year % 400 == 0 || (year % 100 != 0 && year % 4 == 0))
        return 1;
    return 0;
}

/*
 * Compute the day of the week and the day of the year from the year, month
 * and day.  The day of the year is straightforward, the day of the week uses
 * a form of Zeller's congruence.  For this months start with March and are
 * numbered 4 through 15.
 */
static void determine_days(struct tm *tm)
{
    static const int ydays[12] = {
        0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
    };
    int y = tm->tm_year + 1900;
    int m = tm->tm_mon;
    int d = tm->tm_mday;
    int c;

    tm->tm_yday = ydays[m] + d - 1;
    if (m >= 2) {
        /* March and onwards can be one day further into the year */
        tm->tm_yday += leap_year(y);
        m += 2;
    } else {
        /* Treat January and February as part of the previous year */
        m += 14;
        y--;
    }
    c = y / 100;
    y %= 100;
    /* Zeller's congruence */
    tm->tm_wday = (d + (13 * m) / 5 + y + y / 4 + c / 4 + 5 * c + 6) % 7;
}

int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d)
{
    static const int min[9] = { 0, 0, 1, 1, 0, 0, 0, 0, 0 };
    static const int max[9] = { 99, 99, 12, 31, 23, 59, 59, 12, 59 };
    static const int mdays[12] = { 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 };
    char *a;
    int n, i, i2, l, o, min_l = 11, strict = 0, end = 6, btz = 5, md;
    struct tm tmp;
#if defined(CHARSET_EBCDIC)
    const char upper_z = 0x5A, num_zero = 0x30, period = 0x2E, minus = 0x2D, plus = 0x2B;
#else
    const char upper_z = 'Z', num_zero = '0', period = '.', minus = '-', plus = '+';
#endif
    /*
     * ASN1_STRING_FLAG_X509_TIME is used to enforce RFC 5280
     * time string format, in which:
     *
     * 1. "seconds" is a 'MUST'
     * 2. "Zulu" timezone is a 'MUST'
     * 3. "+|-" is not allowed to indicate a time zone
     */
    if (d->type == V_ASN1_UTCTIME) {
        if (d->flags & ASN1_STRING_FLAG_X509_TIME) {
            min_l = 13;
            strict = 1;
        }
    } else if (d->type == V_ASN1_GENERALIZEDTIME) {
        end = 7;
        btz = 6;
        if (d->flags & ASN1_STRING_FLAG_X509_TIME) {
            min_l = 15;
            strict = 1;
        } else {
            min_l = 13;
        }
    } else {
        return 0;
    }

    l = d->length;
    a = (char *)d->data;
    o = 0;
    memset(&tmp, 0, sizeof(tmp));

    /*
     * GENERALIZEDTIME is similar to UTCTIME except the year is represented
     * as YYYY. This stuff treats everything as a two digit field so make
     * first two fields 00 to 99
     */

    if (l < min_l)
        goto err;
    for (i = 0; i < end; i++) {
        if (!strict && (i == btz) && ((a[o] == upper_z) || (a[o] == plus) || (a[o] == minus))) {
            i++;
            break;
        }
        if (!ascii_isdigit(a[o]))
            goto err;
        n = a[o] - num_zero;
        /* incomplete 2-digital number */
        if (++o == l)
            goto err;

        if (!ascii_isdigit(a[o]))
            goto err;
        n = (n * 10) + a[o] - num_zero;
        /* no more bytes to read, but we haven't seen time-zone yet */
        if (++o == l)
            goto err;

        i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i;

        if ((n < min[i2]) || (n > max[i2]))
            goto err;
        switch (i2) {
        case 0:
            /* UTC will never be here */
            tmp.tm_year = n * 100 - 1900;
            break;
        case 1:
            if (d->type == V_ASN1_UTCTIME)
                tmp.tm_year = n < 50 ? n + 100 : n;
            else
                tmp.tm_year += n;
            break;
        case 2:
            tmp.tm_mon = n - 1;
            break;
        case 3:
            /* check if tm_mday is valid in tm_mon */
            if (tmp.tm_mon == 1) {
                /* it's February */
                md = mdays[1] + leap_year(tmp.tm_year + 1900);
            } else {
                md = mdays[tmp.tm_mon];
            }
            if (n > md)
                goto err;
            tmp.tm_mday = n;
            determine_days(&tmp);
            break;
        case 4:
            tmp.tm_hour = n;
            break;
        case 5:
            tmp.tm_min = n;
            break;
        case 6:
            tmp.tm_sec = n;
            break;
        }
    }

    /*
     * Optional fractional seconds: decimal point followed by one or more
     * digits.
     */
    if (d->type == V_ASN1_GENERALIZEDTIME && a[o] == period) {
        if (strict)
            /* RFC 5280 forbids fractional seconds */
            goto err;
        if (++o == l)
            goto err;
        i = o;
        while ((o < l) && ascii_isdigit(a[o]))
            o++;
        /* Must have at least one digit after decimal point */
        if (i == o)
            goto err;
        /* no more bytes to read, but we haven't seen time-zone yet */
        if (o == l)
            goto err;
    }

    /*
     * 'o' will never point to '\0' at this point, the only chance
     * 'o' can point to '\0' is either the subsequent if or the first
     * else if is true.
     */
    if (a[o] == upper_z) {
        o++;
    } else if (!strict && ((a[o] == plus) || (a[o] == minus))) {
        int offsign = a[o] == minus ? 1 : -1;
        int offset = 0;

        o++;
        /*
         * if not equal, no need to do subsequent checks
         * since the following for-loop will add 'o' by 4
         * and the final return statement will check if 'l'
         * and 'o' are equal.
         */
        if (o + 4 != l)
            goto err;
        for (i = end; i < end + 2; i++) {
            if (!ascii_isdigit(a[o]))
                goto err;
            n = a[o] - num_zero;
            o++;
            if (!ascii_isdigit(a[o]))
                goto err;
            n = (n * 10) + a[o] - num_zero;
            i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i;
            if ((n < min[i2]) || (n > max[i2]))
                goto err;
            /* if tm is NULL, no need to adjust */
            if (tm != NULL) {
                if (i == end)
                    offset = n * 3600;
                else if (i == end + 1)
                    offset += n * 60;
            }
            o++;
        }
        if (offset && !OPENSSL_gmtime_adj(&tmp, 0, offset * offsign))
            goto err;
    } else {
        /* not Z, or not +/- in non-strict mode */
        goto err;
    }
    if (o == l) {
        /* success, check if tm should be filled */
        if (tm != NULL)
            *tm = tmp;
        return 1;
    }
 err:
    return 0;
}

ASN1_TIME *asn1_time_from_tm(ASN1_TIME *s, struct tm *ts, int type)
{
    char* p;
    ASN1_TIME *tmps = NULL;
    const size_t len = 20;

    if (type == V_ASN1_UNDEF) {
        if (is_utc(ts->tm_year))
            type = V_ASN1_UTCTIME;
        else
            type = V_ASN1_GENERALIZEDTIME;
    } else if (type == V_ASN1_UTCTIME) {
        if (!is_utc(ts->tm_year))
            goto err;
    } else if (type != V_ASN1_GENERALIZEDTIME) {
        goto err;
    }

    if (s == NULL)
        tmps = ASN1_STRING_new();
    else
        tmps = s;
    if (tmps == NULL)
        return NULL;

    if (!ASN1_STRING_set(tmps, NULL, len))
        goto err;

    tmps->type = type;
    p = (char*)tmps->data;

    if (type == V_ASN1_GENERALIZEDTIME)
        tmps->length = BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ",
                                    ts->tm_year + 1900, ts->tm_mon + 1,
                                    ts->tm_mday, ts->tm_hour, ts->tm_min,
                                    ts->tm_sec);
    else
        tmps->length = BIO_snprintf(p, len, "%02d%02d%02d%02d%02d%02dZ",
                                    ts->tm_year % 100, ts->tm_mon + 1,
                                    ts->tm_mday, ts->tm_hour, ts->tm_min,
                                    ts->tm_sec);

#ifdef CHARSET_EBCDIC
    ebcdic2ascii(tmps->data, tmps->data, tmps->length);
#endif
    return tmps;
 err:
    if (tmps != s)
        ASN1_STRING_free(tmps);
    return NULL;
}

ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
{
    return ASN1_TIME_adj(s, t, 0, 0);
}

ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t,
                         int offset_day, long offset_sec)
{
    struct tm *ts;
    struct tm data;

    ts = OPENSSL_gmtime(&t, &data);
    if (ts == NULL) {
        ERR_raise(ERR_LIB_ASN1, ASN1_R_ERROR_GETTING_TIME);
        return NULL;
    }
    if (offset_day || offset_sec) {
        if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
            return NULL;
    }
    return asn1_time_from_tm(s, ts, V_ASN1_UNDEF);
}

int ASN1_TIME_check(const ASN1_TIME *t)
{
    if (t->type == V_ASN1_GENERALIZEDTIME)
        return ASN1_GENERALIZEDTIME_check(t);
    else if (t->type == V_ASN1_UTCTIME)
        return ASN1_UTCTIME_check(t);
    return 0;
}

/* Convert an ASN1_TIME structure to GeneralizedTime */
ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t,
                                                   ASN1_GENERALIZEDTIME **out)
{
    ASN1_GENERALIZEDTIME *ret = NULL;
    struct tm tm;

    if (!ASN1_TIME_to_tm(t, &tm))
        return NULL;

    if (out != NULL)
        ret = *out;

    ret = asn1_time_from_tm(ret, &tm, V_ASN1_GENERALIZEDTIME);

    if (out != NULL && ret != NULL)
        *out = ret;

    return ret;
}

int ASN1_TIME_set_string(ASN1_TIME *s, const char *str)
{
    /* Try UTC, if that fails, try GENERALIZED */
    if (ASN1_UTCTIME_set_string(s, str))
        return 1;
    return ASN1_GENERALIZEDTIME_set_string(s, str);
}

int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str)
{
    ASN1_TIME t;
    struct tm tm;
    int rv = 0;

    t.length = strlen(str);
    t.data = (unsigned char *)str;
    t.flags = ASN1_STRING_FLAG_X509_TIME;

    t.type = V_ASN1_UTCTIME;

    if (!ASN1_TIME_check(&t)) {
        t.type = V_ASN1_GENERALIZEDTIME;
        if (!ASN1_TIME_check(&t))
            goto out;
    }

    /*
     * Per RFC 5280 (section 4.1.2.5.), the valid input time
     * strings should be encoded with the following rules:
     *
     * 1. UTC: YYMMDDHHMMSSZ, if YY < 50 (20YY) --> UTC: YYMMDDHHMMSSZ
     * 2. UTC: YYMMDDHHMMSSZ, if YY >= 50 (19YY) --> UTC: YYMMDDHHMMSSZ
     * 3. G'd: YYYYMMDDHHMMSSZ, if YYYY >= 2050 --> G'd: YYYYMMDDHHMMSSZ
     * 4. G'd: YYYYMMDDHHMMSSZ, if YYYY < 2050 --> UTC: YYMMDDHHMMSSZ
     *
     * Only strings of the 4th rule should be reformatted, but since a
     * UTC can only present [1950, 2050), so if the given time string
     * is less than 1950 (e.g. 19230419000000Z), we do nothing...
     */

    if (s != NULL && t.type == V_ASN1_GENERALIZEDTIME) {
        if (!asn1_time_to_tm(&tm, &t))
            goto out;
        if (is_utc(tm.tm_year)) {
            t.length -= 2;
            /*
             * it's OK to let original t.data go since that's assigned
             * to a piece of memory allocated outside of this function.
             * new t.data would be freed after ASN1_STRING_copy is done.
             */
            t.data = OPENSSL_zalloc(t.length + 1);
            if (t.data == NULL)
                goto out;
            memcpy(t.data, str + 2, t.length);
            t.type = V_ASN1_UTCTIME;
        }
    }

    if (s == NULL || ASN1_STRING_copy((ASN1_STRING *)s, (ASN1_STRING *)&t))
        rv = 1;

    if (t.data != (unsigned char *)str)
        OPENSSL_free(t.data);
out:
    return rv;
}

int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm)
{
    if (s == NULL) {
        time_t now_t;

        time(&now_t);
        memset(tm, 0, sizeof(*tm));
        if (OPENSSL_gmtime(&now_t, tm) != NULL)
            return 1;
        return 0;
    }

    return asn1_time_to_tm(tm, s);
}

int ASN1_TIME_diff(int *pday, int *psec,
                   const ASN1_TIME *from, const ASN1_TIME *to)
{
    struct tm tm_from, tm_to;

    if (!ASN1_TIME_to_tm(from, &tm_from))
        return 0;
    if (!ASN1_TIME_to_tm(to, &tm_to))
        return 0;
    return OPENSSL_gmtime_diff(pday, psec, &tm_from, &tm_to);
}

static const char _asn1_mon[12][4] = {
    "Jan", "Feb", "Mar", "Apr", "May", "Jun",
    "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
};

int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm)
{
    char *v;
    int gmt = 0, l;
    struct tm stm;
    const char upper_z = 0x5A, period = 0x2E;

    if (!asn1_time_to_tm(&stm, tm)) {
        /* asn1_time_to_tm will check the time type */
        (void)BIO_write(bp, "Bad time value", 14);
        return 0;
        /* It would have been more consistent to return BIO_write(...) */
    }

    l = tm->length;
    v = (char *)tm->data;
    if (v[l - 1] == upper_z)
        gmt = 1;

    if (tm->type == V_ASN1_GENERALIZEDTIME) {
        char *f = NULL;
        int f_len = 0;

        /*
         * Try to parse fractional seconds. '14' is the place of
         * 'fraction point' in a GeneralizedTime string.
         */
        if (tm->length > 15 && v[14] == period) {
            f = &v[14];
            f_len = 1;
            while (14 + f_len < l && ascii_isdigit(f[f_len]))
                ++f_len;
        }

        return BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s",
                          _asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour,
                          stm.tm_min, stm.tm_sec, f_len, f, stm.tm_year + 1900,
                          (gmt ? " GMT" : "")) > 0;
    } else {
        return BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s",
                          _asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour,
                          stm.tm_min, stm.tm_sec, stm.tm_year + 1900,
                          (gmt ? " GMT" : "")) > 0;
    }
}

int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t)
{
    struct tm stm, ttm;
    int day, sec;

    if (!ASN1_TIME_to_tm(s, &stm))
        return -2;

    if (!OPENSSL_gmtime(&t, &ttm))
        return -2;

    if (!OPENSSL_gmtime_diff(&day, &sec, &ttm, &stm))
        return -2;

    if (day > 0 || sec > 0)
        return 1;
    if (day < 0 || sec < 0)
        return -1;
    return 0;
}

int ASN1_TIME_normalize(ASN1_TIME *t)
{
    struct tm tm;

    if (!ASN1_TIME_to_tm(t, &tm))
        return 0;

    return asn1_time_from_tm(t, &tm, V_ASN1_UNDEF) != NULL;
}

int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b)
{
    int day, sec;

    if (!ASN1_TIME_diff(&day, &sec, b, a))
        return -2;
    if (day > 0 || sec > 0)
        return 1;
    if (day < 0 || sec < 0)
        return -1;
    return 0;
}
Commit	Line	Data
2039c421	1	/*
33388b44	2	* Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
f6aed2cd	3	*
365a2d99	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
2039c421 RS	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
f6aed2cd DSH	8	*/
f6aed2cd DSH	9
1d97c843 TH	10	/*-
1d97c843 TH	11	* This is an implementation of the ASN1 Time structure which is:
f6aed2cd DSH	12	* Time ::= CHOICE {
	13	* utcTime UTCTime,
	14	* generalTime GeneralizedTime }
f6aed2cd DSH	15	*/
	16
	17	#include <stdio.h>
	18	#include <time.h>
25f2138b	19	#include "crypto/ctype.h"
b39fc560	20	#include "internal/cryptlib.h"
9d6b1ce6	21	#include <openssl/asn1t.h>
706457b7	22	#include "asn1_local.h"
f6aed2cd	23
9d6b1ce6	24	IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME)
08e9c1af	25
9d6b1ce6	26	IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME)
fe4309b0	27	IMPLEMENT_ASN1_DUP_FUNCTION(ASN1_TIME)
08e9c1af	28
cf37aaa3 TS	29	static int is_utc(const int year)
	30	{
	31	if (50 <= year && year <= 149)
	32	return 1;
	33	return 0;
	34	}
	35
3d0f1cb9 PY	36	static int leap_year(const int year)
	37	{
	38	if (year % 400 == 0 \|\| (year % 100 != 0 && year % 4 == 0))
	39	return 1;
	40	return 0;
	41	}
	42
1a68e5b0 P	43	/*
	44	* Compute the day of the week and the day of the year from the year, month
	45	* and day. The day of the year is straightforward, the day of the week uses
	46	* a form of Zeller's congruence. For this months start with March and are
	47	* numbered 4 through 15.
	48	*/
	49	static void determine_days(struct tm *tm)
	50	{
	51	static const int ydays[12] = {
	52	0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
	53	};
	54	int y = tm->tm_year + 1900;
	55	int m = tm->tm_mon;
	56	int d = tm->tm_mday;
	57	int c;
	58
	59	tm->tm_yday = ydays[m] + d - 1;
	60	if (m >= 2) {
	61	/* March and onwards can be one day further into the year */
	62	tm->tm_yday += leap_year(y);
	63	m += 2;
	64	} else {
	65	/* Treat January and February as part of the previous year */
	66	m += 14;
	67	y--;
	68	}
	69	c = y / 100;
	70	y %= 100;
c2969ff6	71	/* Zeller's congruence */
1a68e5b0 P	72	tm->tm_wday = (d + (13 * m) / 5 + y + y / 4 + c / 4 + 5 * c + 6) % 7;
	73	}
	74
3d0f1cb9 PY	75	int asn1_time_to_tm(struct tm tm, const ASN1_TIME d)
	76	{
	77	static const int min[9] = { 0, 0, 1, 1, 0, 0, 0, 0, 0 };
	78	static const int max[9] = { 99, 99, 12, 31, 23, 59, 59, 12, 59 };
	79	static const int mdays[12] = { 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 };
	80	char *a;
	81	int n, i, i2, l, o, min_l = 11, strict = 0, end = 6, btz = 5, md;
	82	struct tm tmp;
48102247	83	#if defined(CHARSET_EBCDIC)
	84	const char upper_z = 0x5A, num_zero = 0x30, period = 0x2E, minus = 0x2D, plus = 0x2B;
	85	#else
	86	const char upper_z = 'Z', num_zero = '0', period = '.', minus = '-', plus = '+';
	87	#endif
3d0f1cb9 PY	88	/*
	89	* ASN1_STRING_FLAG_X509_TIME is used to enforce RFC 5280
	90	* time string format, in which:
	91	*
	92	* 1. "seconds" is a 'MUST'
	93	* 2. "Zulu" timezone is a 'MUST'
	94	* 3. "+\|-" is not allowed to indicate a time zone
	95	*/
	96	if (d->type == V_ASN1_UTCTIME) {
	97	if (d->flags & ASN1_STRING_FLAG_X509_TIME) {
	98	min_l = 13;
	99	strict = 1;
	100	}
	101	} else if (d->type == V_ASN1_GENERALIZEDTIME) {
	102	end = 7;
	103	btz = 6;
	104	if (d->flags & ASN1_STRING_FLAG_X509_TIME) {
	105	min_l = 15;
	106	strict = 1;
	107	} else {
	108	min_l = 13;
	109	}
	110	} else {
	111	return 0;
	112	}
	113
	114	l = d->length;
	115	a = (char *)d->data;
	116	o = 0;
	117	memset(&tmp, 0, sizeof(tmp));
	118
	119	/*
	120	* GENERALIZEDTIME is similar to UTCTIME except the year is represented
	121	* as YYYY. This stuff treats everything as a two digit field so make
	122	* first two fields 00 to 99
	123	*/
	124
	125	if (l < min_l)
	126	goto err;
	127	for (i = 0; i < end; i++) {
48102247	128	if (!strict && (i == btz) && ((a[o] == upper_z) \|\| (a[o] == plus) \|\| (a[o] == minus))) {
3d0f1cb9 PY	129	i++;
	130	break;
	131	}
48102247	132	if (!ascii_isdigit(a[o]))
3d0f1cb9	133	goto err;
48102247	134	n = a[o] - num_zero;
3d0f1cb9 PY	135	/* incomplete 2-digital number */
	136	if (++o == l)
	137	goto err;
	138
48102247	139	if (!ascii_isdigit(a[o]))
3d0f1cb9	140	goto err;
48102247	141	n = (n * 10) + a[o] - num_zero;
3d0f1cb9 PY	142	/* no more bytes to read, but we haven't seen time-zone yet */
	143	if (++o == l)
	144	goto err;
	145
	146	i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i;
	147
	148	if ((n < min[i2]) \|\| (n > max[i2]))
	149	goto err;
	150	switch (i2) {
	151	case 0:
	152	/* UTC will never be here */
	153	tmp.tm_year = n * 100 - 1900;
	154	break;
	155	case 1:
	156	if (d->type == V_ASN1_UTCTIME)
	157	tmp.tm_year = n < 50 ? n + 100 : n;
	158	else
	159	tmp.tm_year += n;
	160	break;
	161	case 2:
	162	tmp.tm_mon = n - 1;
	163	break;
	164	case 3:
	165	/* check if tm_mday is valid in tm_mon */
	166	if (tmp.tm_mon == 1) {
	167	/* it's February */
	168	md = mdays[1] + leap_year(tmp.tm_year + 1900);
	169	} else {
	170	md = mdays[tmp.tm_mon];
	171	}
	172	if (n > md)
	173	goto err;
	174	tmp.tm_mday = n;
1a68e5b0	175	determine_days(&tmp);
3d0f1cb9 PY	176	break;
	177	case 4:
	178	tmp.tm_hour = n;
	179	break;
	180	case 5:
	181	tmp.tm_min = n;
	182	break;
	183	case 6:
	184	tmp.tm_sec = n;
	185	break;
	186	}
	187	}
	188
	189	/*
	190	* Optional fractional seconds: decimal point followed by one or more
	191	* digits.
	192	*/
48102247	193	if (d->type == V_ASN1_GENERALIZEDTIME && a[o] == period) {
3d0f1cb9 PY	194	if (strict)
	195	/* RFC 5280 forbids fractional seconds */
	196	goto err;
	197	if (++o == l)
	198	goto err;
	199	i = o;
48102247	200	while ((o < l) && ascii_isdigit(a[o]))
3d0f1cb9 PY	201	o++;
	202	/* Must have at least one digit after decimal point */
	203	if (i == o)
	204	goto err;
	205	/* no more bytes to read, but we haven't seen time-zone yet */
	206	if (o == l)
	207	goto err;
	208	}
	209
	210	/*
	211	* 'o' will never point to '\0' at this point, the only chance
	212	* 'o' can point to '\0' is either the subsequent if or the first
	213	* else if is true.
	214	*/
48102247	215	if (a[o] == upper_z) {
3d0f1cb9	216	o++;
48102247	217	} else if (!strict && ((a[o] == plus) \|\| (a[o] == minus))) {
48102247	218	int offsign = a[o] == minus ? 1 : -1;
3d0f1cb9 PY	219	int offset = 0;
	220
	221	o++;
	222	/*
	223	* if not equal, no need to do subsequent checks
	224	* since the following for-loop will add 'o' by 4
	225	* and the final return statement will check if 'l'
	226	* and 'o' are equal.
	227	*/
	228	if (o + 4 != l)
	229	goto err;
	230	for (i = end; i < end + 2; i++) {
48102247	231	if (!ascii_isdigit(a[o]))
3d0f1cb9	232	goto err;
48102247	233	n = a[o] - num_zero;
3d0f1cb9	234	o++;
48102247	235	if (!ascii_isdigit(a[o]))
3d0f1cb9	236	goto err;
48102247	237	n = (n * 10) + a[o] - num_zero;
3d0f1cb9 PY	238	i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i;
	239	if ((n < min[i2]) \|\| (n > max[i2]))
	240	goto err;
	241	/* if tm is NULL, no need to adjust */
	242	if (tm != NULL) {
	243	if (i == end)
	244	offset = n * 3600;
	245	else if (i == end + 1)
	246	offset += n * 60;
	247	}
	248	o++;
	249	}
	250	if (offset && !OPENSSL_gmtime_adj(&tmp, 0, offset * offsign))
	251	goto err;
	252	} else {
	253	/* not Z, or not +/- in non-strict mode */
	254	goto err;
	255	}
	256	if (o == l) {
	257	/* success, check if tm should be filled */
	258	if (tm != NULL)
	259	*tm = tmp;
	260	return 1;
	261	}
	262	err:
	263	return 0;
	264	}
	265
cf37aaa3 TS	266	ASN1_TIME asn1_time_from_tm(ASN1_TIME s, struct tm *ts, int type)
	267	{
	268	char* p;
	269	ASN1_TIME *tmps = NULL;
	270	const size_t len = 20;
	271
	272	if (type == V_ASN1_UNDEF) {
	273	if (is_utc(ts->tm_year))
	274	type = V_ASN1_UTCTIME;
	275	else
	276	type = V_ASN1_GENERALIZEDTIME;
	277	} else if (type == V_ASN1_UTCTIME) {
	278	if (!is_utc(ts->tm_year))
	279	goto err;
	280	} else if (type != V_ASN1_GENERALIZEDTIME) {
	281	goto err;
	282	}
	283
	284	if (s == NULL)
	285	tmps = ASN1_STRING_new();
	286	else
	287	tmps = s;
	288	if (tmps == NULL)
	289	return NULL;
	290
	291	if (!ASN1_STRING_set(tmps, NULL, len))
	292	goto err;
	293
	294	tmps->type = type;
	295	p = (char*)tmps->data;
	296
	297	if (type == V_ASN1_GENERALIZEDTIME)
	298	tmps->length = BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ",
	299	ts->tm_year + 1900, ts->tm_mon + 1,
	300	ts->tm_mday, ts->tm_hour, ts->tm_min,
	301	ts->tm_sec);
	302	else
	303	tmps->length = BIO_snprintf(p, len, "%02d%02d%02d%02d%02d%02dZ",
	304	ts->tm_year % 100, ts->tm_mon + 1,
	305	ts->tm_mday, ts->tm_hour, ts->tm_min,
	306	ts->tm_sec);
	307
48102247	308	#ifdef CHARSET_EBCDIC
cf37aaa3 TS	309	ebcdic2ascii(tmps->data, tmps->data, tmps->length);
	310	#endif
	311	return tmps;
	312	err:
	313	if (tmps != s)
	314	ASN1_STRING_free(tmps);
	315	return NULL;
	316	}
	317
6b691a5c	318	ASN1_TIME ASN1_TIME_set(ASN1_TIME s, time_t t)
0f113f3e MC	319	{
	320	return ASN1_TIME_adj(s, t, 0, 0);
	321	}
87d3a0cd DSH	322
87d3a0cd DSH	323	ASN1_TIME ASN1_TIME_adj(ASN1_TIME s, time_t t,
0f113f3e MC	324	int offset_day, long offset_sec)
	325	{
	326	struct tm *ts;
	327	struct tm data;
	328
	329	ts = OPENSSL_gmtime(&t, &data);
	330	if (ts == NULL) {
9311d0c4	331	ERR_raise(ERR_LIB_ASN1, ASN1_R_ERROR_GETTING_TIME);
0f113f3e MC	332	return NULL;
	333	}
	334	if (offset_day \|\| offset_sec) {
	335	if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
	336	return NULL;
	337	}
cf37aaa3	338	return asn1_time_from_tm(s, ts, V_ASN1_UNDEF);
0f113f3e	339	}
02e4fbed	340
359b0c9f	341	int ASN1_TIME_check(const ASN1_TIME *t)
0f113f3e MC	342	{
	343	if (t->type == V_ASN1_GENERALIZEDTIME)
	344	return ASN1_GENERALIZEDTIME_check(t);
	345	else if (t->type == V_ASN1_UTCTIME)
	346	return ASN1_UTCTIME_check(t);
	347	return 0;
	348	}
02e4fbed DSH	349
02e4fbed DSH	350	/* Convert an ASN1_TIME structure to GeneralizedTime */
9bfeeef8	351	ASN1_GENERALIZEDTIME ASN1_TIME_to_generalizedtime(const ASN1_TIME t,
0f113f3e MC	352	ASN1_GENERALIZEDTIME **out)
0f113f3e MC	353	{
4483e234	354	ASN1_GENERALIZEDTIME *ret = NULL;
cf37aaa3	355	struct tm tm;
0f113f3e	356
cf37aaa3	357	if (!ASN1_TIME_to_tm(t, &tm))
0f113f3e MC	358	return NULL;
0f113f3e MC	359
cf37aaa3	360	if (out != NULL)
0f113f3e MC	361	ret = *out;
0f113f3e MC	362
cf37aaa3	363	ret = asn1_time_from_tm(ret, &tm, V_ASN1_GENERALIZEDTIME);
0f113f3e	364
cf37aaa3 TS	365	if (out != NULL && ret != NULL)
cf37aaa3 TS	366	*out = ret;
0f113f3e	367
cf37aaa3	368	return ret;
0f113f3e	369	}
33ab2e31 DSH	370
33ab2e31 DSH	371	int ASN1_TIME_set_string(ASN1_TIME s, const char str)
0f113f3e	372	{
cf37aaa3 TS	373	/* Try UTC, if that fails, try GENERALIZED */
	374	if (ASN1_UTCTIME_set_string(s, str))
	375	return 1;
	376	return ASN1_GENERALIZEDTIME_set_string(s, str);
0f113f3e	377	}
359b0c9f	378
04e62715 RS	379	int ASN1_TIME_set_string_X509(ASN1_TIME s, const char str)
	380	{
	381	ASN1_TIME t;
	382	struct tm tm;
	383	int rv = 0;
	384
	385	t.length = strlen(str);
	386	t.data = (unsigned char *)str;
	387	t.flags = ASN1_STRING_FLAG_X509_TIME;
	388
	389	t.type = V_ASN1_UTCTIME;
	390
	391	if (!ASN1_TIME_check(&t)) {
	392	t.type = V_ASN1_GENERALIZEDTIME;
	393	if (!ASN1_TIME_check(&t))
	394	goto out;
	395	}
	396
	397	/*
	398	* Per RFC 5280 (section 4.1.2.5.), the valid input time
	399	* strings should be encoded with the following rules:
	400	*
	401	* 1. UTC: YYMMDDHHMMSSZ, if YY < 50 (20YY) --> UTC: YYMMDDHHMMSSZ
	402	* 2. UTC: YYMMDDHHMMSSZ, if YY >= 50 (19YY) --> UTC: YYMMDDHHMMSSZ
	403	* 3. G'd: YYYYMMDDHHMMSSZ, if YYYY >= 2050 --> G'd: YYYYMMDDHHMMSSZ
	404	* 4. G'd: YYYYMMDDHHMMSSZ, if YYYY < 2050 --> UTC: YYMMDDHHMMSSZ
	405	*
	406	* Only strings of the 4th rule should be reformatted, but since a
	407	* UTC can only present [1950, 2050), so if the given time string
	408	* is less than 1950 (e.g. 19230419000000Z), we do nothing...
	409	*/
	410
	411	if (s != NULL && t.type == V_ASN1_GENERALIZEDTIME) {
3d0f1cb9	412	if (!asn1_time_to_tm(&tm, &t))
04e62715	413	goto out;
cf37aaa3	414	if (is_utc(tm.tm_year)) {
04e62715 RS	415	t.length -= 2;
	416	/*
	417	* it's OK to let original t.data go since that's assigned
	418	* to a piece of memory allocated outside of this function.
	419	* new t.data would be freed after ASN1_STRING_copy is done.
	420	*/
	421	t.data = OPENSSL_zalloc(t.length + 1);
	422	if (t.data == NULL)
	423	goto out;
	424	memcpy(t.data, str + 2, t.length);
	425	t.type = V_ASN1_UTCTIME;
	426	}
	427	}
	428
	429	if (s == NULL \|\| ASN1_STRING_copy((ASN1_STRING )s, (ASN1_STRING )&t))
	430	rv = 1;
	431
	432	if (t.data != (unsigned char *)str)
	433	OPENSSL_free(t.data);
	434	out:
	435	return rv;
	436	}
	437
1c036c64	438	int ASN1_TIME_to_tm(const ASN1_TIME s, struct tm tm)
0f113f3e	439	{
1c036c64	440	if (s == NULL) {
0f113f3e	441	time_t now_t;
1c036c64	442
0f113f3e	443	time(&now_t);
1c036c64	444	memset(tm, 0, sizeof(*tm));
52b6e17d	445	if (OPENSSL_gmtime(&now_t, tm) != NULL)
0f113f3e MC	446	return 1;
	447	return 0;
	448	}
	449
3d0f1cb9	450	return asn1_time_to_tm(tm, s);
0f113f3e	451	}
1c455bc0	452
360ef676	453	int ASN1_TIME_diff(int pday, int psec,
0f113f3e MC	454	const ASN1_TIME from, const ASN1_TIME to)
	455	{
	456	struct tm tm_from, tm_to;
1c036c64 TS	457
1c036c64 TS	458	if (!ASN1_TIME_to_tm(from, &tm_from))
0f113f3e	459	return 0;
1c036c64	460	if (!ASN1_TIME_to_tm(to, &tm_to))
0f113f3e MC	461	return 0;
	462	return OPENSSL_gmtime_diff(pday, psec, &tm_from, &tm_to);
	463	}
0d0099ea	464
f673c4f8 PY	465	static const char _asn1_mon[12][4] = {
	466	"Jan", "Feb", "Mar", "Apr", "May", "Jun",
	467	"Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
	468	};
	469
0d0099ea DSH	470	int ASN1_TIME_print(BIO bp, const ASN1_TIME tm)
0d0099ea DSH	471	{
f673c4f8	472	char *v;
b7e011f8	473	int gmt = 0, l;
f673c4f8	474	struct tm stm;
48102247	475	const char upper_z = 0x5A, period = 0x2E;
f673c4f8 PY	476
	477	if (!asn1_time_to_tm(&stm, tm)) {
	478	/* asn1_time_to_tm will check the time type */
b09aa550 DDO	479	(void)BIO_write(bp, "Bad time value", 14);
	480	return 0;
	481	/* It would have been more consistent to return BIO_write(...) */
f673c4f8 PY	482	}
	483
	484	l = tm->length;
	485	v = (char *)tm->data;
48102247	486	if (v[l - 1] == upper_z)
f673c4f8	487	gmt = 1;
f673c4f8	488
b7e011f8 AP	489	if (tm->type == V_ASN1_GENERALIZEDTIME) {
	490	char *f = NULL;
	491	int f_len = 0;
	492
	493	/*
	494	* Try to parse fractional seconds. '14' is the place of
	495	* 'fraction point' in a GeneralizedTime string.
	496	*/
48102247	497	if (tm->length > 15 && v[14] == period) {
b7e011f8 AP	498	f = &v[14];
b7e011f8 AP	499	f_len = 1;
48102247	500	while (14 + f_len < l && ascii_isdigit(f[f_len]))
b7e011f8 AP	501	++f_len;
	502	}
	503
f673c4f8 PY	504	return BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s",
	505	_asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour,
	506	stm.tm_min, stm.tm_sec, f_len, f, stm.tm_year + 1900,
b7e011f8 AP	507	(gmt ? " GMT" : "")) > 0;
b7e011f8 AP	508	} else {
f673c4f8 PY	509	return BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s",
	510	_asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour,
	511	stm.tm_min, stm.tm_sec, stm.tm_year + 1900,
b7e011f8 AP	512	(gmt ? " GMT" : "")) > 0;
b7e011f8 AP	513	}
0d0099ea	514	}
cf37aaa3 TS	515
	516	int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t)
	517	{
	518	struct tm stm, ttm;
	519	int day, sec;
	520
	521	if (!ASN1_TIME_to_tm(s, &stm))
	522	return -2;
	523
	524	if (!OPENSSL_gmtime(&t, &ttm))
	525	return -2;
	526
	527	if (!OPENSSL_gmtime_diff(&day, &sec, &ttm, &stm))
	528	return -2;
	529
	530	if (day > 0 \|\| sec > 0)
	531	return 1;
	532	if (day < 0 \|\| sec < 0)
	533	return -1;
	534	return 0;
	535	}
	536
	537	int ASN1_TIME_normalize(ASN1_TIME *t)
	538	{
	539	struct tm tm;
	540
	541	if (!ASN1_TIME_to_tm(t, &tm))
	542	return 0;
	543
	544	return asn1_time_from_tm(t, &tm, V_ASN1_UNDEF) != NULL;
	545	}
	546
	547	int ASN1_TIME_compare(const ASN1_TIME a, const ASN1_TIME b)
	548	{
	549	int day, sec;
	550
e44d3761	551	if (!ASN1_TIME_diff(&day, &sec, b, a))
cf37aaa3 TS	552	return -2;
	553	if (day > 0 \|\| sec > 0)
	554	return 1;
	555	if (day < 0 \|\| sec < 0)
	556	return -1;
	557	return 0;
	558	}