[thirdparty/openssl.git] / crypto / asn1 / a_time.c

/*
 * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*-
 * This is an implementation of the ASN1 Time structure which is:
 *    Time ::= CHOICE {
 *      utcTime        UTCTime,
 *      generalTime    GeneralizedTime }
 */

#include <stdio.h>
#include <time.h>
#include "internal/ctype.h"
#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
#include "asn1_locl.h"

IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME)

IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME)

static int is_utc(const int year)
{
    if (50 <= year && year <= 149)
        return 1;
    return 0;
}

static int leap_year(const int year)
{
    if (year % 400 == 0 || (year % 100 != 0 && year % 4 == 0))
        return 1;
    return 0;
}

/*
 * Compute the day of the week and the day of the year from the year, month
 * and day.  The day of the year is straightforward, the day of the week uses
 * a form of Zeller's congruence.  For this months start with March and are
 * numbered 4 through 15.
 */
static void determine_days(struct tm *tm)
{
    static const int ydays[12] = {
        0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
    };
    int y = tm->tm_year + 1900;
    int m = tm->tm_mon;
    int d = tm->tm_mday;
    int c;

    tm->tm_yday = ydays[m] + d - 1;
    if (m >= 2) {
        /* March and onwards can be one day further into the year */
        tm->tm_yday += leap_year(y);
        m += 2;
    } else {
        /* Treat January and February as part of the previous year */
        m += 14;
        y--;
    }
    c = y / 100;
    y %= 100;
    /* Zeller's congruance */
    tm->tm_wday = (d + (13 * m) / 5 + y + y / 4 + c / 4 + 5 * c + 6) % 7;
}

int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d)
{
    static const int min[9] = { 0, 0, 1, 1, 0, 0, 0, 0, 0 };
    static const int max[9] = { 99, 99, 12, 31, 23, 59, 59, 12, 59 };
    static const int mdays[12] = { 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 };
    char *a;
    int n, i, i2, l, o, min_l = 11, strict = 0, end = 6, btz = 5, md;
    struct tm tmp;

    /*
     * ASN1_STRING_FLAG_X509_TIME is used to enforce RFC 5280
     * time string format, in which:
     *
     * 1. "seconds" is a 'MUST'
     * 2. "Zulu" timezone is a 'MUST'
     * 3. "+|-" is not allowed to indicate a time zone
     */
    if (d->type == V_ASN1_UTCTIME) {
        if (d->flags & ASN1_STRING_FLAG_X509_TIME) {
            min_l = 13;
            strict = 1;
        }
    } else if (d->type == V_ASN1_GENERALIZEDTIME) {
        end = 7;
        btz = 6;
        if (d->flags & ASN1_STRING_FLAG_X509_TIME) {
            min_l = 15;
            strict = 1;
        } else {
            min_l = 13;
        }
    } else {
        return 0;
    }

    l = d->length;
    a = (char *)d->data;
    o = 0;
    memset(&tmp, 0, sizeof(tmp));

    /*
     * GENERALIZEDTIME is similar to UTCTIME except the year is represented
     * as YYYY. This stuff treats everything as a two digit field so make
     * first two fields 00 to 99
     */

    if (l < min_l)
        goto err;
    for (i = 0; i < end; i++) {
        if (!strict && (i == btz) && ((a[o] == 'Z') || (a[o] == '+') || (a[o] == '-'))) {
            i++;
            break;
        }
        if (!ossl_isdigit(a[o]))
            goto err;
        n = a[o] - '0';
        /* incomplete 2-digital number */
        if (++o == l)
            goto err;

        if (!ossl_isdigit(a[o]))
            goto err;
        n = (n * 10) + a[o] - '0';
        /* no more bytes to read, but we haven't seen time-zone yet */
        if (++o == l)
            goto err;

        i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i;

        if ((n < min[i2]) || (n > max[i2]))
            goto err;
        switch (i2) {
        case 0:
            /* UTC will never be here */
            tmp.tm_year = n * 100 - 1900;
            break;
        case 1:
            if (d->type == V_ASN1_UTCTIME)
                tmp.tm_year = n < 50 ? n + 100 : n;
            else
                tmp.tm_year += n;
            break;
        case 2:
            tmp.tm_mon = n - 1;
            break;
        case 3:
            /* check if tm_mday is valid in tm_mon */
            if (tmp.tm_mon == 1) {
                /* it's February */
                md = mdays[1] + leap_year(tmp.tm_year + 1900);
            } else {
                md = mdays[tmp.tm_mon];
            }
            if (n > md)
                goto err;
            tmp.tm_mday = n;
            determine_days(&tmp);
            break;
        case 4:
            tmp.tm_hour = n;
            break;
        case 5:
            tmp.tm_min = n;
            break;
        case 6:
            tmp.tm_sec = n;
            break;
        }
    }

    /*
     * Optional fractional seconds: decimal point followed by one or more
     * digits.
     */
    if (d->type == V_ASN1_GENERALIZEDTIME && a[o] == '.') {
        if (strict)
            /* RFC 5280 forbids fractional seconds */
            goto err;
        if (++o == l)
            goto err;
        i = o;
        while ((o < l) && ossl_isdigit(a[o]))
            o++;
        /* Must have at least one digit after decimal point */
        if (i == o)
            goto err;
        /* no more bytes to read, but we haven't seen time-zone yet */
        if (o == l)
            goto err;
    }

    /*
     * 'o' will never point to '\0' at this point, the only chance
     * 'o' can point to '\0' is either the subsequent if or the first
     * else if is true.
     */
    if (a[o] == 'Z') {
        o++;
    } else if (!strict && ((a[o] == '+') || (a[o] == '-'))) {
        int offsign = a[o] == '-' ? 1 : -1;
        int offset = 0;

        o++;
        /*
         * if not equal, no need to do subsequent checks
         * since the following for-loop will add 'o' by 4
         * and the final return statement will check if 'l'
         * and 'o' are equal.
         */
        if (o + 4 != l)
            goto err;
        for (i = end; i < end + 2; i++) {
            if (!ossl_isdigit(a[o]))
                goto err;
            n = a[o] - '0';
            o++;
            if (!ossl_isdigit(a[o]))
                goto err;
            n = (n * 10) + a[o] - '0';
            i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i;
            if ((n < min[i2]) || (n > max[i2]))
                goto err;
            /* if tm is NULL, no need to adjust */
            if (tm != NULL) {
                if (i == end)
                    offset = n * 3600;
                else if (i == end + 1)
                    offset += n * 60;
            }
            o++;
        }
        if (offset && !OPENSSL_gmtime_adj(&tmp, 0, offset * offsign))
            goto err;
    } else {
        /* not Z, or not +/- in non-strict mode */
        goto err;
    }
    if (o == l) {
        /* success, check if tm should be filled */
        if (tm != NULL)
            *tm = tmp;
        return 1;
    }
 err:
    return 0;
}

ASN1_TIME *asn1_time_from_tm(ASN1_TIME *s, struct tm *ts, int type)
{
    char* p;
    ASN1_TIME *tmps = NULL;
    const size_t len = 20;

    if (type == V_ASN1_UNDEF) {
        if (is_utc(ts->tm_year))
            type = V_ASN1_UTCTIME;
        else
            type = V_ASN1_GENERALIZEDTIME;
    } else if (type == V_ASN1_UTCTIME) {
        if (!is_utc(ts->tm_year))
            goto err;
    } else if (type != V_ASN1_GENERALIZEDTIME) {
        goto err;
    }

    if (s == NULL)
        tmps = ASN1_STRING_new();
    else
        tmps = s;
    if (tmps == NULL)
        return NULL;

    if (!ASN1_STRING_set(tmps, NULL, len))
        goto err;

    tmps->type = type;
    p = (char*)tmps->data;

    if (type == V_ASN1_GENERALIZEDTIME)
        tmps->length = BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ",
                                    ts->tm_year + 1900, ts->tm_mon + 1,
                                    ts->tm_mday, ts->tm_hour, ts->tm_min,
                                    ts->tm_sec);
    else
        tmps->length = BIO_snprintf(p, len, "%02d%02d%02d%02d%02d%02dZ",
                                    ts->tm_year % 100, ts->tm_mon + 1,
                                    ts->tm_mday, ts->tm_hour, ts->tm_min,
                                    ts->tm_sec);

#ifdef CHARSET_EBCDIC_not
    ebcdic2ascii(tmps->data, tmps->data, tmps->length);
#endif
    return tmps;
 err:
    if (tmps != s)
        ASN1_STRING_free(tmps);
    return NULL;
}

ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
{
    return ASN1_TIME_adj(s, t, 0, 0);
}

ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t,
                         int offset_day, long offset_sec)
{
    struct tm *ts;
    struct tm data;

    ts = OPENSSL_gmtime(&t, &data);
    if (ts == NULL) {
        ASN1err(ASN1_F_ASN1_TIME_ADJ, ASN1_R_ERROR_GETTING_TIME);
        return NULL;
    }
    if (offset_day || offset_sec) {
        if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
            return NULL;
    }
    return asn1_time_from_tm(s, ts, V_ASN1_UNDEF);
}

int ASN1_TIME_check(const ASN1_TIME *t)
{
    if (t->type == V_ASN1_GENERALIZEDTIME)
        return ASN1_GENERALIZEDTIME_check(t);
    else if (t->type == V_ASN1_UTCTIME)
        return ASN1_UTCTIME_check(t);
    return 0;
}

/* Convert an ASN1_TIME structure to GeneralizedTime */
ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t,
                                                   ASN1_GENERALIZEDTIME **out)
{
    ASN1_GENERALIZEDTIME *ret = NULL;
    struct tm tm;

    if (!ASN1_TIME_to_tm(t, &tm))
        return NULL;

    if (out != NULL)
        ret = *out;

    ret = asn1_time_from_tm(ret, &tm, V_ASN1_GENERALIZEDTIME);

    if (out != NULL && ret != NULL)
        *out = ret;

    return ret;
}

int ASN1_TIME_set_string(ASN1_TIME *s, const char *str)
{
    /* Try UTC, if that fails, try GENERALIZED */
    if (ASN1_UTCTIME_set_string(s, str))
        return 1;
    return ASN1_GENERALIZEDTIME_set_string(s, str);
}

int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str)
{
    ASN1_TIME t;
    struct tm tm;
    int rv = 0;

    t.length = strlen(str);
    t.data = (unsigned char *)str;
    t.flags = ASN1_STRING_FLAG_X509_TIME;

    t.type = V_ASN1_UTCTIME;

    if (!ASN1_TIME_check(&t)) {
        t.type = V_ASN1_GENERALIZEDTIME;
        if (!ASN1_TIME_check(&t))
            goto out;
    }

    /*
     * Per RFC 5280 (section 4.1.2.5.), the valid input time
     * strings should be encoded with the following rules:
     *
     * 1. UTC: YYMMDDHHMMSSZ, if YY < 50 (20YY) --> UTC: YYMMDDHHMMSSZ
     * 2. UTC: YYMMDDHHMMSSZ, if YY >= 50 (19YY) --> UTC: YYMMDDHHMMSSZ
     * 3. G'd: YYYYMMDDHHMMSSZ, if YYYY >= 2050 --> G'd: YYYYMMDDHHMMSSZ
     * 4. G'd: YYYYMMDDHHMMSSZ, if YYYY < 2050 --> UTC: YYMMDDHHMMSSZ
     *
     * Only strings of the 4th rule should be reformatted, but since a
     * UTC can only present [1950, 2050), so if the given time string
     * is less than 1950 (e.g. 19230419000000Z), we do nothing...
     */

    if (s != NULL && t.type == V_ASN1_GENERALIZEDTIME) {
        if (!asn1_time_to_tm(&tm, &t))
            goto out;
        if (is_utc(tm.tm_year)) {
            t.length -= 2;
            /*
             * it's OK to let original t.data go since that's assigned
             * to a piece of memory allocated outside of this function.
             * new t.data would be freed after ASN1_STRING_copy is done.
             */
            t.data = OPENSSL_zalloc(t.length + 1);
            if (t.data == NULL)
                goto out;
            memcpy(t.data, str + 2, t.length);
            t.type = V_ASN1_UTCTIME;
        }
    }

    if (s == NULL || ASN1_STRING_copy((ASN1_STRING *)s, (ASN1_STRING *)&t))
        rv = 1;

    if (t.data != (unsigned char *)str)
        OPENSSL_free(t.data);
out:
    return rv;
}

int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm)
{
    if (s == NULL) {
        time_t now_t;

        time(&now_t);
        memset(tm, 0, sizeof(*tm));
        if (OPENSSL_gmtime(&now_t, tm) != NULL)
            return 1;
        return 0;
    }

    return asn1_time_to_tm(tm, s);
}

int ASN1_TIME_diff(int *pday, int *psec,
                   const ASN1_TIME *from, const ASN1_TIME *to)
{
    struct tm tm_from, tm_to;

    if (!ASN1_TIME_to_tm(from, &tm_from))
        return 0;
    if (!ASN1_TIME_to_tm(to, &tm_to))
        return 0;
    return OPENSSL_gmtime_diff(pday, psec, &tm_from, &tm_to);
}

static const char _asn1_mon[12][4] = {
    "Jan", "Feb", "Mar", "Apr", "May", "Jun",
    "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
};

int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm)
{
    char *v;
    int gmt = 0, l;
    struct tm stm;

    if (!asn1_time_to_tm(&stm, tm)) {
        /* asn1_time_to_tm will check the time type */
        goto err;
    }

    l = tm->length;
    v = (char *)tm->data;
    if (v[l - 1] == 'Z')
        gmt = 1;

    if (tm->type == V_ASN1_GENERALIZEDTIME) {
        char *f = NULL;
        int f_len = 0;

        /*
         * Try to parse fractional seconds. '14' is the place of
         * 'fraction point' in a GeneralizedTime string.
         */
        if (tm->length > 15 && v[14] == '.') {
            f = &v[14];
            f_len = 1;
            while (14 + f_len < l && ossl_isdigit(f[f_len]))
                ++f_len;
        }

        return BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s",
                          _asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour,
                          stm.tm_min, stm.tm_sec, f_len, f, stm.tm_year + 1900,
                          (gmt ? " GMT" : "")) > 0;
    } else {
        return BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s",
                          _asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour,
                          stm.tm_min, stm.tm_sec, stm.tm_year + 1900,
                          (gmt ? " GMT" : "")) > 0;
    }
 err:
    BIO_write(bp, "Bad time value", 14);
    return 0;
}

int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t)
{
    struct tm stm, ttm;
    int day, sec;

    if (!ASN1_TIME_to_tm(s, &stm))
        return -2;

    if (!OPENSSL_gmtime(&t, &ttm))
        return -2;

    if (!OPENSSL_gmtime_diff(&day, &sec, &ttm, &stm))
        return -2;

    if (day > 0 || sec > 0)
        return 1;
    if (day < 0 || sec < 0)
        return -1;
    return 0;
}

int ASN1_TIME_normalize(ASN1_TIME *t)
{
    struct tm tm;

    if (!ASN1_TIME_to_tm(t, &tm))
        return 0;

    return asn1_time_from_tm(t, &tm, V_ASN1_UNDEF) != NULL;
}

int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b)
{
    int day, sec;

    if (!ASN1_TIME_diff(&day, &sec, b, a))
        return -2;
    if (day > 0 || sec > 0)
        return 1;
    if (day < 0 || sec < 0)
        return -1;
    return 0;
}
Commit	Line	Data
2039c421	1	/*
60eba30f	2	* Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
f6aed2cd	3	*
2039c421 RS	4	* Licensed under the OpenSSL license (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
f6aed2cd DSH	8	*/
f6aed2cd DSH	9
1d97c843 TH	10	/*-
1d97c843 TH	11	* This is an implementation of the ASN1 Time structure which is:
f6aed2cd DSH	12	* Time ::= CHOICE {
	13	* utcTime UTCTime,
	14	* generalTime GeneralizedTime }
f6aed2cd DSH	15	*/
	16
	17	#include <stdio.h>
	18	#include <time.h>
a1df06b3	19	#include "internal/ctype.h"
b39fc560	20	#include "internal/cryptlib.h"
9d6b1ce6	21	#include <openssl/asn1t.h>
1c455bc0	22	#include "asn1_locl.h"
f6aed2cd	23
9d6b1ce6	24	IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME)
08e9c1af	25
9d6b1ce6	26	IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME)
08e9c1af	27
cf37aaa3 TS	28	static int is_utc(const int year)
	29	{
	30	if (50 <= year && year <= 149)
	31	return 1;
	32	return 0;
	33	}
	34
3d0f1cb9 PY	35	static int leap_year(const int year)
	36	{
	37	if (year % 400 == 0 \|\| (year % 100 != 0 && year % 4 == 0))
	38	return 1;
	39	return 0;
	40	}
	41
1a68e5b0 P	42	/*
	43	* Compute the day of the week and the day of the year from the year, month
	44	* and day. The day of the year is straightforward, the day of the week uses
	45	* a form of Zeller's congruence. For this months start with March and are
	46	* numbered 4 through 15.
	47	*/
	48	static void determine_days(struct tm *tm)
	49	{
	50	static const int ydays[12] = {
	51	0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
	52	};
	53	int y = tm->tm_year + 1900;
	54	int m = tm->tm_mon;
	55	int d = tm->tm_mday;
	56	int c;
	57
	58	tm->tm_yday = ydays[m] + d - 1;
	59	if (m >= 2) {
	60	/* March and onwards can be one day further into the year */
	61	tm->tm_yday += leap_year(y);
	62	m += 2;
	63	} else {
	64	/* Treat January and February as part of the previous year */
	65	m += 14;
	66	y--;
	67	}
	68	c = y / 100;
	69	y %= 100;
	70	/* Zeller's congruance */
	71	tm->tm_wday = (d + (13 * m) / 5 + y + y / 4 + c / 4 + 5 * c + 6) % 7;
	72	}
	73
3d0f1cb9 PY	74	int asn1_time_to_tm(struct tm tm, const ASN1_TIME d)
	75	{
	76	static const int min[9] = { 0, 0, 1, 1, 0, 0, 0, 0, 0 };
	77	static const int max[9] = { 99, 99, 12, 31, 23, 59, 59, 12, 59 };
	78	static const int mdays[12] = { 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 };
	79	char *a;
	80	int n, i, i2, l, o, min_l = 11, strict = 0, end = 6, btz = 5, md;
	81	struct tm tmp;
	82
	83	/*
	84	* ASN1_STRING_FLAG_X509_TIME is used to enforce RFC 5280
	85	* time string format, in which:
	86	*
	87	* 1. "seconds" is a 'MUST'
	88	* 2. "Zulu" timezone is a 'MUST'
	89	* 3. "+\|-" is not allowed to indicate a time zone
	90	*/
	91	if (d->type == V_ASN1_UTCTIME) {
	92	if (d->flags & ASN1_STRING_FLAG_X509_TIME) {
	93	min_l = 13;
	94	strict = 1;
	95	}
	96	} else if (d->type == V_ASN1_GENERALIZEDTIME) {
	97	end = 7;
	98	btz = 6;
	99	if (d->flags & ASN1_STRING_FLAG_X509_TIME) {
	100	min_l = 15;
	101	strict = 1;
	102	} else {
	103	min_l = 13;
	104	}
	105	} else {
	106	return 0;
	107	}
	108
	109	l = d->length;
	110	a = (char *)d->data;
	111	o = 0;
	112	memset(&tmp, 0, sizeof(tmp));
	113
	114	/*
	115	* GENERALIZEDTIME is similar to UTCTIME except the year is represented
	116	* as YYYY. This stuff treats everything as a two digit field so make
	117	* first two fields 00 to 99
	118	*/
	119
	120	if (l < min_l)
	121	goto err;
	122	for (i = 0; i < end; i++) {
	123	if (!strict && (i == btz) && ((a[o] == 'Z') \|\| (a[o] == '+') \|\| (a[o] == '-'))) {
	124	i++;
	125	break;
	126	}
a1df06b3	127	if (!ossl_isdigit(a[o]))
3d0f1cb9 PY	128	goto err;
	129	n = a[o] - '0';
	130	/* incomplete 2-digital number */
	131	if (++o == l)
	132	goto err;
	133
a1df06b3	134	if (!ossl_isdigit(a[o]))
3d0f1cb9 PY	135	goto err;
	136	n = (n * 10) + a[o] - '0';
	137	/* no more bytes to read, but we haven't seen time-zone yet */
	138	if (++o == l)
	139	goto err;
	140
	141	i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i;
	142
	143	if ((n < min[i2]) \|\| (n > max[i2]))
	144	goto err;
	145	switch (i2) {
	146	case 0:
	147	/* UTC will never be here */
	148	tmp.tm_year = n * 100 - 1900;
	149	break;
	150	case 1:
	151	if (d->type == V_ASN1_UTCTIME)
	152	tmp.tm_year = n < 50 ? n + 100 : n;
	153	else
	154	tmp.tm_year += n;
	155	break;
	156	case 2:
	157	tmp.tm_mon = n - 1;
	158	break;
	159	case 3:
	160	/* check if tm_mday is valid in tm_mon */
	161	if (tmp.tm_mon == 1) {
	162	/* it's February */
	163	md = mdays[1] + leap_year(tmp.tm_year + 1900);
	164	} else {
	165	md = mdays[tmp.tm_mon];
	166	}
	167	if (n > md)
	168	goto err;
	169	tmp.tm_mday = n;
1a68e5b0	170	determine_days(&tmp);
3d0f1cb9 PY	171	break;
	172	case 4:
	173	tmp.tm_hour = n;
	174	break;
	175	case 5:
	176	tmp.tm_min = n;
	177	break;
	178	case 6:
	179	tmp.tm_sec = n;
	180	break;
	181	}
	182	}
	183
	184	/*
	185	* Optional fractional seconds: decimal point followed by one or more
	186	* digits.
	187	*/
	188	if (d->type == V_ASN1_GENERALIZEDTIME && a[o] == '.') {
	189	if (strict)
	190	/* RFC 5280 forbids fractional seconds */
	191	goto err;
	192	if (++o == l)
	193	goto err;
	194	i = o;
a1df06b3	195	while ((o < l) && ossl_isdigit(a[o]))
3d0f1cb9 PY	196	o++;
	197	/* Must have at least one digit after decimal point */
	198	if (i == o)
	199	goto err;
	200	/* no more bytes to read, but we haven't seen time-zone yet */
	201	if (o == l)
	202	goto err;
	203	}
	204
	205	/*
	206	* 'o' will never point to '\0' at this point, the only chance
	207	* 'o' can point to '\0' is either the subsequent if or the first
	208	* else if is true.
	209	*/
	210	if (a[o] == 'Z') {
	211	o++;
	212	} else if (!strict && ((a[o] == '+') \|\| (a[o] == '-'))) {
	213	int offsign = a[o] == '-' ? 1 : -1;
	214	int offset = 0;
	215
	216	o++;
	217	/*
	218	* if not equal, no need to do subsequent checks
	219	* since the following for-loop will add 'o' by 4
	220	* and the final return statement will check if 'l'
	221	* and 'o' are equal.
	222	*/
	223	if (o + 4 != l)
	224	goto err;
	225	for (i = end; i < end + 2; i++) {
a1df06b3	226	if (!ossl_isdigit(a[o]))
3d0f1cb9 PY	227	goto err;
	228	n = a[o] - '0';
	229	o++;
a1df06b3	230	if (!ossl_isdigit(a[o]))
3d0f1cb9 PY	231	goto err;
	232	n = (n * 10) + a[o] - '0';
	233	i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i;
	234	if ((n < min[i2]) \|\| (n > max[i2]))
	235	goto err;
	236	/* if tm is NULL, no need to adjust */
	237	if (tm != NULL) {
	238	if (i == end)
	239	offset = n * 3600;
	240	else if (i == end + 1)
	241	offset += n * 60;
	242	}
	243	o++;
	244	}
	245	if (offset && !OPENSSL_gmtime_adj(&tmp, 0, offset * offsign))
	246	goto err;
	247	} else {
	248	/* not Z, or not +/- in non-strict mode */
	249	goto err;
	250	}
	251	if (o == l) {
	252	/* success, check if tm should be filled */
	253	if (tm != NULL)
	254	*tm = tmp;
	255	return 1;
	256	}
	257	err:
	258	return 0;
	259	}
	260
cf37aaa3 TS	261	ASN1_TIME asn1_time_from_tm(ASN1_TIME s, struct tm *ts, int type)
	262	{
	263	char* p;
	264	ASN1_TIME *tmps = NULL;
	265	const size_t len = 20;
	266
	267	if (type == V_ASN1_UNDEF) {
	268	if (is_utc(ts->tm_year))
	269	type = V_ASN1_UTCTIME;
	270	else
	271	type = V_ASN1_GENERALIZEDTIME;
	272	} else if (type == V_ASN1_UTCTIME) {
	273	if (!is_utc(ts->tm_year))
	274	goto err;
	275	} else if (type != V_ASN1_GENERALIZEDTIME) {
	276	goto err;
	277	}
	278
	279	if (s == NULL)
	280	tmps = ASN1_STRING_new();
	281	else
	282	tmps = s;
	283	if (tmps == NULL)
	284	return NULL;
	285
	286	if (!ASN1_STRING_set(tmps, NULL, len))
	287	goto err;
	288
	289	tmps->type = type;
	290	p = (char*)tmps->data;
	291
	292	if (type == V_ASN1_GENERALIZEDTIME)
	293	tmps->length = BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ",
	294	ts->tm_year + 1900, ts->tm_mon + 1,
	295	ts->tm_mday, ts->tm_hour, ts->tm_min,
	296	ts->tm_sec);
	297	else
	298	tmps->length = BIO_snprintf(p, len, "%02d%02d%02d%02d%02d%02dZ",
	299	ts->tm_year % 100, ts->tm_mon + 1,
	300	ts->tm_mday, ts->tm_hour, ts->tm_min,
	301	ts->tm_sec);
	302
	303	#ifdef CHARSET_EBCDIC_not
	304	ebcdic2ascii(tmps->data, tmps->data, tmps->length);
	305	#endif
	306	return tmps;
	307	err:
	308	if (tmps != s)
	309	ASN1_STRING_free(tmps);
	310	return NULL;
	311	}
	312
6b691a5c	313	ASN1_TIME ASN1_TIME_set(ASN1_TIME s, time_t t)
0f113f3e MC	314	{
	315	return ASN1_TIME_adj(s, t, 0, 0);
	316	}
87d3a0cd DSH	317
87d3a0cd DSH	318	ASN1_TIME ASN1_TIME_adj(ASN1_TIME s, time_t t,
0f113f3e MC	319	int offset_day, long offset_sec)
	320	{
	321	struct tm *ts;
	322	struct tm data;
	323
	324	ts = OPENSSL_gmtime(&t, &data);
	325	if (ts == NULL) {
	326	ASN1err(ASN1_F_ASN1_TIME_ADJ, ASN1_R_ERROR_GETTING_TIME);
	327	return NULL;
	328	}
	329	if (offset_day \|\| offset_sec) {
	330	if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
	331	return NULL;
	332	}
cf37aaa3	333	return asn1_time_from_tm(s, ts, V_ASN1_UNDEF);
0f113f3e	334	}
02e4fbed	335
359b0c9f	336	int ASN1_TIME_check(const ASN1_TIME *t)
0f113f3e MC	337	{
	338	if (t->type == V_ASN1_GENERALIZEDTIME)
	339	return ASN1_GENERALIZEDTIME_check(t);
	340	else if (t->type == V_ASN1_UTCTIME)
	341	return ASN1_UTCTIME_check(t);
	342	return 0;
	343	}
02e4fbed DSH	344
02e4fbed DSH	345	/* Convert an ASN1_TIME structure to GeneralizedTime */
9bfeeef8	346	ASN1_GENERALIZEDTIME ASN1_TIME_to_generalizedtime(const ASN1_TIME t,
0f113f3e MC	347	ASN1_GENERALIZEDTIME **out)
0f113f3e MC	348	{
4483e234	349	ASN1_GENERALIZEDTIME *ret = NULL;
cf37aaa3	350	struct tm tm;
0f113f3e	351
cf37aaa3	352	if (!ASN1_TIME_to_tm(t, &tm))
0f113f3e MC	353	return NULL;
0f113f3e MC	354
cf37aaa3	355	if (out != NULL)
0f113f3e MC	356	ret = *out;
0f113f3e MC	357
cf37aaa3	358	ret = asn1_time_from_tm(ret, &tm, V_ASN1_GENERALIZEDTIME);
0f113f3e	359
cf37aaa3 TS	360	if (out != NULL && ret != NULL)
cf37aaa3 TS	361	*out = ret;
0f113f3e	362
cf37aaa3	363	return ret;
0f113f3e	364	}
33ab2e31 DSH	365
33ab2e31 DSH	366	int ASN1_TIME_set_string(ASN1_TIME s, const char str)
0f113f3e	367	{
cf37aaa3 TS	368	/* Try UTC, if that fails, try GENERALIZED */
	369	if (ASN1_UTCTIME_set_string(s, str))
	370	return 1;
	371	return ASN1_GENERALIZEDTIME_set_string(s, str);
0f113f3e	372	}
359b0c9f	373
04e62715 RS	374	int ASN1_TIME_set_string_X509(ASN1_TIME s, const char str)
	375	{
	376	ASN1_TIME t;
	377	struct tm tm;
	378	int rv = 0;
	379
	380	t.length = strlen(str);
	381	t.data = (unsigned char *)str;
	382	t.flags = ASN1_STRING_FLAG_X509_TIME;
	383
	384	t.type = V_ASN1_UTCTIME;
	385
	386	if (!ASN1_TIME_check(&t)) {
	387	t.type = V_ASN1_GENERALIZEDTIME;
	388	if (!ASN1_TIME_check(&t))
	389	goto out;
	390	}
	391
	392	/*
	393	* Per RFC 5280 (section 4.1.2.5.), the valid input time
	394	* strings should be encoded with the following rules:
	395	*
	396	* 1. UTC: YYMMDDHHMMSSZ, if YY < 50 (20YY) --> UTC: YYMMDDHHMMSSZ
	397	* 2. UTC: YYMMDDHHMMSSZ, if YY >= 50 (19YY) --> UTC: YYMMDDHHMMSSZ
	398	* 3. G'd: YYYYMMDDHHMMSSZ, if YYYY >= 2050 --> G'd: YYYYMMDDHHMMSSZ
	399	* 4. G'd: YYYYMMDDHHMMSSZ, if YYYY < 2050 --> UTC: YYMMDDHHMMSSZ
	400	*
	401	* Only strings of the 4th rule should be reformatted, but since a
	402	* UTC can only present [1950, 2050), so if the given time string
	403	* is less than 1950 (e.g. 19230419000000Z), we do nothing...
	404	*/
	405
	406	if (s != NULL && t.type == V_ASN1_GENERALIZEDTIME) {
3d0f1cb9	407	if (!asn1_time_to_tm(&tm, &t))
04e62715	408	goto out;
cf37aaa3	409	if (is_utc(tm.tm_year)) {
04e62715 RS	410	t.length -= 2;
	411	/*
	412	* it's OK to let original t.data go since that's assigned
	413	* to a piece of memory allocated outside of this function.
	414	* new t.data would be freed after ASN1_STRING_copy is done.
	415	*/
	416	t.data = OPENSSL_zalloc(t.length + 1);
	417	if (t.data == NULL)
	418	goto out;
	419	memcpy(t.data, str + 2, t.length);
	420	t.type = V_ASN1_UTCTIME;
	421	}
	422	}
	423
	424	if (s == NULL \|\| ASN1_STRING_copy((ASN1_STRING )s, (ASN1_STRING )&t))
	425	rv = 1;
	426
	427	if (t.data != (unsigned char *)str)
	428	OPENSSL_free(t.data);
	429	out:
	430	return rv;
	431	}
	432
1c036c64	433	int ASN1_TIME_to_tm(const ASN1_TIME s, struct tm tm)
0f113f3e	434	{
1c036c64	435	if (s == NULL) {
0f113f3e	436	time_t now_t;
1c036c64	437
0f113f3e	438	time(&now_t);
1c036c64	439	memset(tm, 0, sizeof(*tm));
52b6e17d	440	if (OPENSSL_gmtime(&now_t, tm) != NULL)
0f113f3e MC	441	return 1;
	442	return 0;
	443	}
	444
3d0f1cb9	445	return asn1_time_to_tm(tm, s);
0f113f3e	446	}
1c455bc0	447
360ef676	448	int ASN1_TIME_diff(int pday, int psec,
0f113f3e MC	449	const ASN1_TIME from, const ASN1_TIME to)
	450	{
	451	struct tm tm_from, tm_to;
1c036c64 TS	452
1c036c64 TS	453	if (!ASN1_TIME_to_tm(from, &tm_from))
0f113f3e	454	return 0;
1c036c64	455	if (!ASN1_TIME_to_tm(to, &tm_to))
0f113f3e MC	456	return 0;
	457	return OPENSSL_gmtime_diff(pday, psec, &tm_from, &tm_to);
	458	}
0d0099ea	459
f673c4f8 PY	460	static const char _asn1_mon[12][4] = {
	461	"Jan", "Feb", "Mar", "Apr", "May", "Jun",
	462	"Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
	463	};
	464
0d0099ea DSH	465	int ASN1_TIME_print(BIO bp, const ASN1_TIME tm)
0d0099ea DSH	466	{
f673c4f8	467	char *v;
b7e011f8	468	int gmt = 0, l;
f673c4f8 PY	469	struct tm stm;
	470
	471	if (!asn1_time_to_tm(&stm, tm)) {
	472	/* asn1_time_to_tm will check the time type */
	473	goto err;
	474	}
	475
	476	l = tm->length;
	477	v = (char *)tm->data;
	478	if (v[l - 1] == 'Z')
	479	gmt = 1;
f673c4f8	480
b7e011f8 AP	481	if (tm->type == V_ASN1_GENERALIZEDTIME) {
	482	char *f = NULL;
	483	int f_len = 0;
	484
	485	/*
	486	* Try to parse fractional seconds. '14' is the place of
	487	* 'fraction point' in a GeneralizedTime string.
	488	*/
	489	if (tm->length > 15 && v[14] == '.') {
	490	f = &v[14];
	491	f_len = 1;
a1df06b3	492	while (14 + f_len < l && ossl_isdigit(f[f_len]))
b7e011f8 AP	493	++f_len;
	494	}
	495
f673c4f8 PY	496	return BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s",
	497	_asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour,
	498	stm.tm_min, stm.tm_sec, f_len, f, stm.tm_year + 1900,
b7e011f8 AP	499	(gmt ? " GMT" : "")) > 0;
b7e011f8 AP	500	} else {
f673c4f8 PY	501	return BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s",
	502	_asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour,
	503	stm.tm_min, stm.tm_sec, stm.tm_year + 1900,
b7e011f8 AP	504	(gmt ? " GMT" : "")) > 0;
b7e011f8 AP	505	}
f673c4f8	506	err:
0d0099ea	507	BIO_write(bp, "Bad time value", 14);
52b6e17d	508	return 0;
0d0099ea	509	}
cf37aaa3 TS	510
	511	int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t)
	512	{
	513	struct tm stm, ttm;
	514	int day, sec;
	515
	516	if (!ASN1_TIME_to_tm(s, &stm))
	517	return -2;
	518
	519	if (!OPENSSL_gmtime(&t, &ttm))
	520	return -2;
	521
	522	if (!OPENSSL_gmtime_diff(&day, &sec, &ttm, &stm))
	523	return -2;
	524
	525	if (day > 0 \|\| sec > 0)
	526	return 1;
	527	if (day < 0 \|\| sec < 0)
	528	return -1;
	529	return 0;
	530	}
	531
	532	int ASN1_TIME_normalize(ASN1_TIME *t)
	533	{
	534	struct tm tm;
	535
	536	if (!ASN1_TIME_to_tm(t, &tm))
	537	return 0;
	538
	539	return asn1_time_from_tm(t, &tm, V_ASN1_UNDEF) != NULL;
	540	}
	541
	542	int ASN1_TIME_compare(const ASN1_TIME a, const ASN1_TIME b)
	543	{
	544	int day, sec;
	545
e44d3761	546	if (!ASN1_TIME_diff(&day, &sec, b, a))
cf37aaa3 TS	547	return -2;
	548	if (day > 0 \|\| sec > 0)
	549	return 1;
	550	if (day < 0 \|\| sec < 0)
	551	return -1;
	552	return 0;
	553	}