[thirdparty/openssl.git] / crypto / asn1 / a_time.c

/*
 * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*-
 * This is an implementation of the ASN1 Time structure which is:
 *    Time ::= CHOICE {
 *      utcTime        UTCTime,
 *      generalTime    GeneralizedTime }
 */

#define _XOPEN_SOURCE            /* To get a definition of timezone */

#include <stdio.h>
#include <time.h>
#include "crypto/asn1.h"
#include "crypto/ctype.h"
#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
#include "asn1_local.h"

IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME)

IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME)
IMPLEMENT_ASN1_DUP_FUNCTION(ASN1_TIME)

static int is_utc(const int year)
{
    if (50 <= year && year <= 149)
        return 1;
    return 0;
}

static int leap_year(const int year)
{
    if (year % 400 == 0 || (year % 100 != 0 && year % 4 == 0))
        return 1;
    return 0;
}

/*
 * Compute the day of the week and the day of the year from the year, month
 * and day.  The day of the year is straightforward, the day of the week uses
 * a form of Zeller's congruence.  For this months start with March and are
 * numbered 4 through 15.
 */
static void determine_days(struct tm *tm)
{
    static const int ydays[12] = {
        0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
    };
    int y = tm->tm_year + 1900;
    int m = tm->tm_mon;
    int d = tm->tm_mday;
    int c;

    tm->tm_yday = ydays[m] + d - 1;
    if (m >= 2) {
        /* March and onwards can be one day further into the year */
        tm->tm_yday += leap_year(y);
        m += 2;
    } else {
        /* Treat January and February as part of the previous year */
        m += 14;
        y--;
    }
    c = y / 100;
    y %= 100;
    /* Zeller's congruence */
    tm->tm_wday = (d + (13 * m) / 5 + y + y / 4 + c / 4 + 5 * c + 6) % 7;
}

int ossl_asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d)
{
    static const int min[9] = { 0, 0, 1, 1, 0, 0, 0, 0, 0 };
    static const int max[9] = { 99, 99, 12, 31, 23, 59, 59, 12, 59 };
    static const int mdays[12] = { 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 };
    char *a;
    int n, i, i2, l, o, min_l, strict = 0, end = 6, btz = 5, md;
    struct tm tmp;
#if defined(CHARSET_EBCDIC)
    const char upper_z = 0x5A, num_zero = 0x30, period = 0x2E, minus = 0x2D, plus = 0x2B;
#else
    const char upper_z = 'Z', num_zero = '0', period = '.', minus = '-', plus = '+';
#endif
    /*
     * ASN1_STRING_FLAG_X509_TIME is used to enforce RFC 5280
     * time string format, in which:
     *
     * 1. "seconds" is a 'MUST'
     * 2. "Zulu" timezone is a 'MUST'
     * 3. "+|-" is not allowed to indicate a timezone
     */
    if (d->type == V_ASN1_UTCTIME) {
        min_l = 13;
        if (d->flags & ASN1_STRING_FLAG_X509_TIME) {
            strict = 1;
        }
    } else if (d->type == V_ASN1_GENERALIZEDTIME) {
        end = 7;
        btz = 6;
        min_l = 15;
        if (d->flags & ASN1_STRING_FLAG_X509_TIME) {
            strict = 1;
        }
    } else {
        return 0;
    }

    l = d->length;
    a = (char *)d->data;
    o = 0;
    memset(&tmp, 0, sizeof(tmp));

    /*
     * GENERALIZEDTIME is similar to UTCTIME except the year is represented
     * as YYYY. This stuff treats everything as a two digit field so make
     * first two fields 00 to 99
     */

    if (l < min_l)
        goto err;
    for (i = 0; i < end; i++) {
        if (!strict && (i == btz) && ((a[o] == upper_z) || (a[o] == plus) || (a[o] == minus))) {
            i++;
            break;
        }
        if (!ossl_ascii_isdigit(a[o]))
            goto err;
        n = a[o] - num_zero;
        /* incomplete 2-digital number */
        if (++o == l)
            goto err;

        if (!ossl_ascii_isdigit(a[o]))
            goto err;
        n = (n * 10) + a[o] - num_zero;
        /* no more bytes to read, but we haven't seen time-zone yet */
        if (++o == l)
            goto err;

        i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i;

        if ((n < min[i2]) || (n > max[i2]))
            goto err;
        switch (i2) {
        case 0:
            /* UTC will never be here */
            tmp.tm_year = n * 100 - 1900;
            break;
        case 1:
            if (d->type == V_ASN1_UTCTIME)
                tmp.tm_year = n < 50 ? n + 100 : n;
            else
                tmp.tm_year += n;
            break;
        case 2:
            tmp.tm_mon = n - 1;
            break;
        case 3:
            /* check if tm_mday is valid in tm_mon */
            if (tmp.tm_mon == 1) {
                /* it's February */
                md = mdays[1] + leap_year(tmp.tm_year + 1900);
            } else {
                md = mdays[tmp.tm_mon];
            }
            if (n > md)
                goto err;
            tmp.tm_mday = n;
            determine_days(&tmp);
            break;
        case 4:
            tmp.tm_hour = n;
            break;
        case 5:
            tmp.tm_min = n;
            break;
        case 6:
            tmp.tm_sec = n;
            break;
        }
    }

    /*
     * Optional fractional seconds: decimal point followed by one or more
     * digits.
     */
    if (d->type == V_ASN1_GENERALIZEDTIME && a[o] == period) {
        if (strict)
            /* RFC 5280 forbids fractional seconds */
            goto err;
        if (++o == l)
            goto err;
        i = o;
        while ((o < l) && ossl_ascii_isdigit(a[o]))
            o++;
        /* Must have at least one digit after decimal point */
        if (i == o)
            goto err;
        /* no more bytes to read, but we haven't seen time-zone yet */
        if (o == l)
            goto err;
    }

    /*
     * 'o' will never point to '\0' at this point, the only chance
     * 'o' can point to '\0' is either the subsequent if or the first
     * else if is true.
     */
    if (a[o] == upper_z) {
        o++;
    } else if (!strict && ((a[o] == plus) || (a[o] == minus))) {
        int offsign = a[o] == minus ? 1 : -1;
        int offset = 0;

        o++;
        /*
         * if not equal, no need to do subsequent checks
         * since the following for-loop will add 'o' by 4
         * and the final return statement will check if 'l'
         * and 'o' are equal.
         */
        if (o + 4 != l)
            goto err;
        for (i = end; i < end + 2; i++) {
            if (!ossl_ascii_isdigit(a[o]))
                goto err;
            n = a[o] - num_zero;
            o++;
            if (!ossl_ascii_isdigit(a[o]))
                goto err;
            n = (n * 10) + a[o] - num_zero;
            i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i;
            if ((n < min[i2]) || (n > max[i2]))
                goto err;
            /* if tm is NULL, no need to adjust */
            if (tm != NULL) {
                if (i == end)
                    offset = n * 3600;
                else if (i == end + 1)
                    offset += n * 60;
            }
            o++;
        }
        if (offset && !OPENSSL_gmtime_adj(&tmp, 0, offset * offsign))
            goto err;
    } else {
        /* not Z, or not +/- in non-strict mode */
        goto err;
    }
    if (o == l) {
        /* success, check if tm should be filled */
        if (tm != NULL)
            *tm = tmp;
        return 1;
    }
 err:
    return 0;
}

ASN1_TIME *ossl_asn1_time_from_tm(ASN1_TIME *s, struct tm *ts, int type)
{
    char* p;
    ASN1_TIME *tmps = NULL;
    const size_t len = 20;

    if (type == V_ASN1_UNDEF) {
        if (is_utc(ts->tm_year))
            type = V_ASN1_UTCTIME;
        else
            type = V_ASN1_GENERALIZEDTIME;
    } else if (type == V_ASN1_UTCTIME) {
        if (!is_utc(ts->tm_year))
            goto err;
    } else if (type != V_ASN1_GENERALIZEDTIME) {
        goto err;
    }

    if (s == NULL)
        tmps = ASN1_STRING_new();
    else
        tmps = s;
    if (tmps == NULL)
        return NULL;

    if (!ASN1_STRING_set(tmps, NULL, len))
        goto err;

    tmps->type = type;
    p = (char*)tmps->data;

    if (ts->tm_mon > INT_MAX - 1)
        goto err;

    if (type == V_ASN1_GENERALIZEDTIME) {
        if (ts->tm_year > INT_MAX - 1900)
            goto err;
        tmps->length = BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ",
                                    ts->tm_year + 1900, ts->tm_mon + 1,
                                    ts->tm_mday, ts->tm_hour, ts->tm_min,
                                    ts->tm_sec);
    } else {
        tmps->length = BIO_snprintf(p, len, "%02d%02d%02d%02d%02d%02dZ",
                                    ts->tm_year % 100, ts->tm_mon + 1,
                                    ts->tm_mday, ts->tm_hour, ts->tm_min,
                                    ts->tm_sec);
    }

#ifdef CHARSET_EBCDIC
    ebcdic2ascii(tmps->data, tmps->data, tmps->length);
#endif
    return tmps;
 err:
    if (tmps != s)
        ASN1_STRING_free(tmps);
    return NULL;
}

ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
{
    return ASN1_TIME_adj(s, t, 0, 0);
}

ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t,
                         int offset_day, long offset_sec)
{
    struct tm *ts;
    struct tm data;

    ts = OPENSSL_gmtime(&t, &data);
    if (ts == NULL) {
        ERR_raise(ERR_LIB_ASN1, ASN1_R_ERROR_GETTING_TIME);
        return NULL;
    }
    if (offset_day || offset_sec) {
        if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
            return NULL;
    }
    return ossl_asn1_time_from_tm(s, ts, V_ASN1_UNDEF);
}

int ASN1_TIME_check(const ASN1_TIME *t)
{
    if (t->type == V_ASN1_GENERALIZEDTIME)
        return ASN1_GENERALIZEDTIME_check(t);
    else if (t->type == V_ASN1_UTCTIME)
        return ASN1_UTCTIME_check(t);
    return 0;
}

/* Convert an ASN1_TIME structure to GeneralizedTime */
ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t,
                                                   ASN1_GENERALIZEDTIME **out)
{
    ASN1_GENERALIZEDTIME *ret = NULL;
    struct tm tm;

    if (!ASN1_TIME_to_tm(t, &tm))
        return NULL;

    if (out != NULL)
        ret = *out;

    ret = ossl_asn1_time_from_tm(ret, &tm, V_ASN1_GENERALIZEDTIME);

    if (out != NULL && ret != NULL)
        *out = ret;

    return ret;
}

int ASN1_TIME_set_string(ASN1_TIME *s, const char *str)
{
    /* Try UTC, if that fails, try GENERALIZED */
    if (ASN1_UTCTIME_set_string(s, str))
        return 1;
    return ASN1_GENERALIZEDTIME_set_string(s, str);
}

int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str)
{
    ASN1_TIME t;
    struct tm tm;
    int rv = 0;

    t.length = strlen(str);
    t.data = (unsigned char *)str;
    t.flags = ASN1_STRING_FLAG_X509_TIME;

    t.type = V_ASN1_UTCTIME;

    if (!ASN1_TIME_check(&t)) {
        t.type = V_ASN1_GENERALIZEDTIME;
        if (!ASN1_TIME_check(&t))
            goto out;
    }

    /*
     * Per RFC 5280 (section 4.1.2.5.), the valid input time
     * strings should be encoded with the following rules:
     *
     * 1. UTC: YYMMDDHHMMSSZ, if YY < 50 (20YY) --> UTC: YYMMDDHHMMSSZ
     * 2. UTC: YYMMDDHHMMSSZ, if YY >= 50 (19YY) --> UTC: YYMMDDHHMMSSZ
     * 3. G'd: YYYYMMDDHHMMSSZ, if YYYY >= 2050 --> G'd: YYYYMMDDHHMMSSZ
     * 4. G'd: YYYYMMDDHHMMSSZ, if YYYY < 2050 --> UTC: YYMMDDHHMMSSZ
     *
     * Only strings of the 4th rule should be reformatted, but since a
     * UTC can only present [1950, 2050), so if the given time string
     * is less than 1950 (e.g. 19230419000000Z), we do nothing...
     */

    if (s != NULL && t.type == V_ASN1_GENERALIZEDTIME) {
        if (!ossl_asn1_time_to_tm(&tm, &t))
            goto out;
        if (is_utc(tm.tm_year)) {
            t.length -= 2;
            /*
             * it's OK to let original t.data go since that's assigned
             * to a piece of memory allocated outside of this function.
             * new t.data would be freed after ASN1_STRING_copy is done.
             */
            t.data = OPENSSL_zalloc(t.length + 1);
            if (t.data == NULL)
                goto out;
            memcpy(t.data, str + 2, t.length);
            t.type = V_ASN1_UTCTIME;
        }
    }

    if (s == NULL || ASN1_STRING_copy((ASN1_STRING *)s, (ASN1_STRING *)&t))
        rv = 1;

    if (t.data != (unsigned char *)str)
        OPENSSL_free(t.data);
out:
    return rv;
}

int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm)
{
    if (s == NULL) {
        time_t now_t;

        time(&now_t);
        memset(tm, 0, sizeof(*tm));
        if (OPENSSL_gmtime(&now_t, tm) != NULL)
            return 1;
        return 0;
    }

    return ossl_asn1_time_to_tm(tm, s);
}

int ASN1_TIME_diff(int *pday, int *psec,
                   const ASN1_TIME *from, const ASN1_TIME *to)
{
    struct tm tm_from, tm_to;

    if (!ASN1_TIME_to_tm(from, &tm_from))
        return 0;
    if (!ASN1_TIME_to_tm(to, &tm_to))
        return 0;
    return OPENSSL_gmtime_diff(pday, psec, &tm_from, &tm_to);
}

static const char _asn1_mon[12][4] = {
    "Jan", "Feb", "Mar", "Apr", "May", "Jun",
    "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
};

/* prints the time with the default date format (RFC 822) */
int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm)
{
    return ASN1_TIME_print_ex(bp, tm, ASN1_DTFLGS_RFC822);
}

/* returns 1 on success, 0 on BIO write error or parse failure */
int ASN1_TIME_print_ex(BIO *bp, const ASN1_TIME *tm, unsigned long flags)
{
    return ossl_asn1_time_print_ex(bp, tm, flags) > 0;
}


/* prints the time with the date format of ISO 8601 */
/* returns 0 on BIO write error, else -1 in case of parse failure, else 1 */
int ossl_asn1_time_print_ex(BIO *bp, const ASN1_TIME *tm, unsigned long flags)
{
    char *v;
    int gmt = 0, l;
    struct tm stm;
    const char upper_z = 0x5A, period = 0x2E;

    /* ossl_asn1_time_to_tm will check the time type */
    if (!ossl_asn1_time_to_tm(&stm, tm))
        return BIO_write(bp, "Bad time value", 14) ? -1 : 0;

    l = tm->length;
    v = (char *)tm->data;
    if (v[l - 1] == upper_z)
        gmt = 1;

    if (tm->type == V_ASN1_GENERALIZEDTIME) {
        char *f = NULL;
        int f_len = 0;

        /*
         * Try to parse fractional seconds. '14' is the place of
         * 'fraction point' in a GeneralizedTime string.
         */
        if (tm->length > 15 && v[14] == period) {
            f = &v[14];
            f_len = 1;
            while (14 + f_len < l && ossl_ascii_isdigit(f[f_len]))
                ++f_len;
        }

        if ((flags & ASN1_DTFLGS_TYPE_MASK) == ASN1_DTFLGS_ISO8601) {
            return BIO_printf(bp, "%4d-%02d-%02d %02d:%02d:%02d%.*s%s",
                          stm.tm_year + 1900, stm.tm_mon + 1,
                          stm.tm_mday, stm.tm_hour,
                          stm.tm_min, stm.tm_sec, f_len, f,
                          (gmt ? "Z" : "")) > 0;
        }
        else {
            return BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s",
                          _asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour,
                          stm.tm_min, stm.tm_sec, f_len, f, stm.tm_year + 1900,
                          (gmt ? " GMT" : "")) > 0;
        }
    } else {
        if ((flags & ASN1_DTFLGS_TYPE_MASK) == ASN1_DTFLGS_ISO8601) {
            return BIO_printf(bp, "%4d-%02d-%02d %02d:%02d:%02d%s",
                          stm.tm_year + 1900, stm.tm_mon + 1,
                          stm.tm_mday, stm.tm_hour,
                          stm.tm_min, stm.tm_sec,
                          (gmt ? "Z" : "")) > 0;
        }
        else {
            return BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s",
                          _asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour,
                          stm.tm_min, stm.tm_sec, stm.tm_year + 1900,
                          (gmt ? " GMT" : "")) > 0;
        }
    }
}

int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t)
{
    struct tm stm, ttm;
    int day, sec;

    if (!ASN1_TIME_to_tm(s, &stm))
        return -2;

    if (!OPENSSL_gmtime(&t, &ttm))
        return -2;

    if (!OPENSSL_gmtime_diff(&day, &sec, &ttm, &stm))
        return -2;

    if (day > 0 || sec > 0)
        return 1;
    if (day < 0 || sec < 0)
        return -1;
    return 0;
}

int ASN1_TIME_normalize(ASN1_TIME *t)
{
    struct tm tm;

    if (t == NULL || !ASN1_TIME_to_tm(t, &tm))
        return 0;

    return ossl_asn1_time_from_tm(t, &tm, V_ASN1_UNDEF) != NULL;
}

int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b)
{
    int day, sec;

    if (!ASN1_TIME_diff(&day, &sec, b, a))
        return -2;
    if (day > 0 || sec > 0)
        return 1;
    if (day < 0 || sec < 0)
        return -1;
    return 0;
}

/*
 * tweak for Windows
 */
#ifdef WIN32
# define timezone _timezone
#endif

#if defined(__FreeBSD__) || defined(__wasi__)
# define USE_TIMEGM
#endif

time_t ossl_asn1_string_to_time_t(const char *asn1_string)
{
    ASN1_TIME *timestamp_asn1 = NULL;
    struct tm *timestamp_tm = NULL;
#if defined(__DJGPP__)
    char *tz = NULL;
#elif !defined(USE_TIMEGM)
    time_t timestamp_local;
#endif
    time_t timestamp_utc;

    timestamp_asn1 = ASN1_TIME_new();
    if (!ASN1_TIME_set_string(timestamp_asn1, asn1_string))
    {
        ASN1_TIME_free(timestamp_asn1);
        return -1;
    }

    timestamp_tm = OPENSSL_malloc(sizeof(*timestamp_tm));
    if (timestamp_tm == NULL) {
        ASN1_TIME_free(timestamp_asn1);
        return -1;
    }
    if (!(ASN1_TIME_to_tm(timestamp_asn1, timestamp_tm))) {
        OPENSSL_free(timestamp_tm);
        ASN1_TIME_free(timestamp_asn1);
        return -1;
    }
    ASN1_TIME_free(timestamp_asn1);

#if defined(__DJGPP__)
    /*
     * This is NOT thread-safe.  Do not use this method for platforms other
     * than djgpp.
     */
    tz = getenv("TZ");
    if (tz != NULL) {
        tz = OPENSSL_strdup(tz);
        if (tz == NULL) {
            OPENSSL_free(timestamp_tm);
            return -1;
        }
    }
    setenv("TZ", "UTC", 1);

    timestamp_utc = mktime(timestamp_tm);

    if (tz != NULL) {
        setenv("TZ", tz, 1);
        OPENSSL_free(tz);
    } else {
        unsetenv("TZ");
    }
#elif defined(USE_TIMEGM)
    timestamp_utc = timegm(timestamp_tm);
#else
    timestamp_local = mktime(timestamp_tm);
    timestamp_utc = timestamp_local - timezone;
#endif
    OPENSSL_free(timestamp_tm);

    return timestamp_utc;
}
Commit	Line	Data
2039c421	1	/*
b6461792	2	* Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
f6aed2cd	3	*
365a2d99	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
2039c421 RS	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
f6aed2cd DSH	8	*/
f6aed2cd DSH	9
1d97c843 TH	10	/*-
1d97c843 TH	11	* This is an implementation of the ASN1 Time structure which is:
f6aed2cd DSH	12	* Time ::= CHOICE {
	13	* utcTime UTCTime,
	14	* generalTime GeneralizedTime }
f6aed2cd DSH	15	*/
f6aed2cd DSH	16
a19553cd RL	17	#define _XOPEN_SOURCE /* To get a definition of timezone */
a19553cd RL	18
f6aed2cd DSH	19	#include <stdio.h>
f6aed2cd DSH	20	#include <time.h>
63162e3d	21	#include "crypto/asn1.h"
25f2138b	22	#include "crypto/ctype.h"
b39fc560	23	#include "internal/cryptlib.h"
9d6b1ce6	24	#include <openssl/asn1t.h>
706457b7	25	#include "asn1_local.h"
f6aed2cd	26
9d6b1ce6	27	IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME)
08e9c1af	28
9d6b1ce6	29	IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME)
fe4309b0	30	IMPLEMENT_ASN1_DUP_FUNCTION(ASN1_TIME)
08e9c1af	31
cf37aaa3 TS	32	static int is_utc(const int year)
	33	{
	34	if (50 <= year && year <= 149)
	35	return 1;
	36	return 0;
	37	}
	38
3d0f1cb9 PY	39	static int leap_year(const int year)
	40	{
	41	if (year % 400 == 0 \|\| (year % 100 != 0 && year % 4 == 0))
	42	return 1;
	43	return 0;
	44	}
	45
1a68e5b0 P	46	/*
	47	* Compute the day of the week and the day of the year from the year, month
	48	* and day. The day of the year is straightforward, the day of the week uses
	49	* a form of Zeller's congruence. For this months start with March and are
	50	* numbered 4 through 15.
	51	*/
	52	static void determine_days(struct tm *tm)
	53	{
	54	static const int ydays[12] = {
	55	0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
	56	};
	57	int y = tm->tm_year + 1900;
	58	int m = tm->tm_mon;
	59	int d = tm->tm_mday;
	60	int c;
	61
	62	tm->tm_yday = ydays[m] + d - 1;
	63	if (m >= 2) {
	64	/* March and onwards can be one day further into the year */
	65	tm->tm_yday += leap_year(y);
	66	m += 2;
	67	} else {
	68	/* Treat January and February as part of the previous year */
	69	m += 14;
	70	y--;
	71	}
	72	c = y / 100;
	73	y %= 100;
c2969ff6	74	/* Zeller's congruence */
1a68e5b0 P	75	tm->tm_wday = (d + (13 * m) / 5 + y + y / 4 + c / 4 + 5 * c + 6) % 7;
	76	}
	77
adf7e6d1	78	int ossl_asn1_time_to_tm(struct tm tm, const ASN1_TIME d)
3d0f1cb9 PY	79	{
	80	static const int min[9] = { 0, 0, 1, 1, 0, 0, 0, 0, 0 };
	81	static const int max[9] = { 99, 99, 12, 31, 23, 59, 59, 12, 59 };
	82	static const int mdays[12] = { 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 };
	83	char *a;
eadd8c47	84	int n, i, i2, l, o, min_l, strict = 0, end = 6, btz = 5, md;
3d0f1cb9	85	struct tm tmp;
48102247	86	#if defined(CHARSET_EBCDIC)
	87	const char upper_z = 0x5A, num_zero = 0x30, period = 0x2E, minus = 0x2D, plus = 0x2B;
	88	#else
	89	const char upper_z = 'Z', num_zero = '0', period = '.', minus = '-', plus = '+';
	90	#endif
3d0f1cb9 PY	91	/*
	92	* ASN1_STRING_FLAG_X509_TIME is used to enforce RFC 5280
	93	* time string format, in which:
	94	*
	95	* 1. "seconds" is a 'MUST'
	96	* 2. "Zulu" timezone is a 'MUST'
1567a821	97	* 3. "+\|-" is not allowed to indicate a timezone
3d0f1cb9 PY	98	*/
3d0f1cb9 PY	99	if (d->type == V_ASN1_UTCTIME) {
eadd8c47	100	min_l = 13;
3d0f1cb9	101	if (d->flags & ASN1_STRING_FLAG_X509_TIME) {
3d0f1cb9 PY	102	strict = 1;
	103	}
	104	} else if (d->type == V_ASN1_GENERALIZEDTIME) {
	105	end = 7;
	106	btz = 6;
eadd8c47	107	min_l = 15;
3d0f1cb9	108	if (d->flags & ASN1_STRING_FLAG_X509_TIME) {
3d0f1cb9	109	strict = 1;
3d0f1cb9 PY	110	}
	111	} else {
	112	return 0;
	113	}
	114
	115	l = d->length;
	116	a = (char *)d->data;
	117	o = 0;
	118	memset(&tmp, 0, sizeof(tmp));
	119
	120	/*
	121	* GENERALIZEDTIME is similar to UTCTIME except the year is represented
	122	* as YYYY. This stuff treats everything as a two digit field so make
	123	* first two fields 00 to 99
	124	*/
	125
	126	if (l < min_l)
	127	goto err;
	128	for (i = 0; i < end; i++) {
48102247	129	if (!strict && (i == btz) && ((a[o] == upper_z) \|\| (a[o] == plus) \|\| (a[o] == minus))) {
3d0f1cb9 PY	130	i++;
	131	break;
	132	}
adf7e6d1	133	if (!ossl_ascii_isdigit(a[o]))
3d0f1cb9	134	goto err;
48102247	135	n = a[o] - num_zero;
3d0f1cb9 PY	136	/* incomplete 2-digital number */
	137	if (++o == l)
	138	goto err;
	139
adf7e6d1	140	if (!ossl_ascii_isdigit(a[o]))
3d0f1cb9	141	goto err;
48102247	142	n = (n * 10) + a[o] - num_zero;
3d0f1cb9 PY	143	/* no more bytes to read, but we haven't seen time-zone yet */
	144	if (++o == l)
	145	goto err;
	146
	147	i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i;
	148
	149	if ((n < min[i2]) \|\| (n > max[i2]))
	150	goto err;
	151	switch (i2) {
	152	case 0:
	153	/* UTC will never be here */
	154	tmp.tm_year = n * 100 - 1900;
	155	break;
	156	case 1:
	157	if (d->type == V_ASN1_UTCTIME)
	158	tmp.tm_year = n < 50 ? n + 100 : n;
	159	else
	160	tmp.tm_year += n;
	161	break;
	162	case 2:
	163	tmp.tm_mon = n - 1;
	164	break;
	165	case 3:
	166	/* check if tm_mday is valid in tm_mon */
	167	if (tmp.tm_mon == 1) {
	168	/* it's February */
	169	md = mdays[1] + leap_year(tmp.tm_year + 1900);
	170	} else {
	171	md = mdays[tmp.tm_mon];
	172	}
	173	if (n > md)
	174	goto err;
	175	tmp.tm_mday = n;
1a68e5b0	176	determine_days(&tmp);
3d0f1cb9 PY	177	break;
	178	case 4:
	179	tmp.tm_hour = n;
	180	break;
	181	case 5:
	182	tmp.tm_min = n;
	183	break;
	184	case 6:
	185	tmp.tm_sec = n;
	186	break;
	187	}
	188	}
	189
	190	/*
	191	* Optional fractional seconds: decimal point followed by one or more
	192	* digits.
	193	*/
48102247	194	if (d->type == V_ASN1_GENERALIZEDTIME && a[o] == period) {
3d0f1cb9 PY	195	if (strict)
	196	/* RFC 5280 forbids fractional seconds */
	197	goto err;
	198	if (++o == l)
	199	goto err;
	200	i = o;
adf7e6d1	201	while ((o < l) && ossl_ascii_isdigit(a[o]))
3d0f1cb9 PY	202	o++;
	203	/* Must have at least one digit after decimal point */
	204	if (i == o)
	205	goto err;
	206	/* no more bytes to read, but we haven't seen time-zone yet */
	207	if (o == l)
	208	goto err;
	209	}
	210
	211	/*
	212	* 'o' will never point to '\0' at this point, the only chance
	213	* 'o' can point to '\0' is either the subsequent if or the first
	214	* else if is true.
	215	*/
48102247	216	if (a[o] == upper_z) {
3d0f1cb9	217	o++;
48102247	218	} else if (!strict && ((a[o] == plus) \|\| (a[o] == minus))) {
48102247	219	int offsign = a[o] == minus ? 1 : -1;
3d0f1cb9 PY	220	int offset = 0;
	221
	222	o++;
	223	/*
	224	* if not equal, no need to do subsequent checks
	225	* since the following for-loop will add 'o' by 4
	226	* and the final return statement will check if 'l'
	227	* and 'o' are equal.
	228	*/
	229	if (o + 4 != l)
	230	goto err;
	231	for (i = end; i < end + 2; i++) {
adf7e6d1	232	if (!ossl_ascii_isdigit(a[o]))
3d0f1cb9	233	goto err;
48102247	234	n = a[o] - num_zero;
3d0f1cb9	235	o++;
adf7e6d1	236	if (!ossl_ascii_isdigit(a[o]))
3d0f1cb9	237	goto err;
48102247	238	n = (n * 10) + a[o] - num_zero;
3d0f1cb9 PY	239	i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i;
	240	if ((n < min[i2]) \|\| (n > max[i2]))
	241	goto err;
	242	/* if tm is NULL, no need to adjust */
	243	if (tm != NULL) {
	244	if (i == end)
	245	offset = n * 3600;
	246	else if (i == end + 1)
	247	offset += n * 60;
	248	}
	249	o++;
	250	}
	251	if (offset && !OPENSSL_gmtime_adj(&tmp, 0, offset * offsign))
	252	goto err;
	253	} else {
	254	/* not Z, or not +/- in non-strict mode */
	255	goto err;
	256	}
	257	if (o == l) {
	258	/* success, check if tm should be filled */
	259	if (tm != NULL)
	260	*tm = tmp;
	261	return 1;
	262	}
	263	err:
	264	return 0;
	265	}
	266
adf7e6d1	267	ASN1_TIME ossl_asn1_time_from_tm(ASN1_TIME s, struct tm *ts, int type)
cf37aaa3 TS	268	{
	269	char* p;
	270	ASN1_TIME *tmps = NULL;
	271	const size_t len = 20;
	272
	273	if (type == V_ASN1_UNDEF) {
	274	if (is_utc(ts->tm_year))
	275	type = V_ASN1_UTCTIME;
	276	else
	277	type = V_ASN1_GENERALIZEDTIME;
	278	} else if (type == V_ASN1_UTCTIME) {
	279	if (!is_utc(ts->tm_year))
	280	goto err;
	281	} else if (type != V_ASN1_GENERALIZEDTIME) {
	282	goto err;
	283	}
	284
	285	if (s == NULL)
	286	tmps = ASN1_STRING_new();
	287	else
	288	tmps = s;
	289	if (tmps == NULL)
	290	return NULL;
	291
	292	if (!ASN1_STRING_set(tmps, NULL, len))
	293	goto err;
	294
	295	tmps->type = type;
	296	p = (char*)tmps->data;
	297
5b2d8bc2 PD	298	if (ts->tm_mon > INT_MAX - 1)
	299	goto err;
	300
	301	if (type == V_ASN1_GENERALIZEDTIME) {
	302	if (ts->tm_year > INT_MAX - 1900)
	303	goto err;
cf37aaa3 TS	304	tmps->length = BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ",
	305	ts->tm_year + 1900, ts->tm_mon + 1,
	306	ts->tm_mday, ts->tm_hour, ts->tm_min,
	307	ts->tm_sec);
5b2d8bc2	308	} else {
cf37aaa3 TS	309	tmps->length = BIO_snprintf(p, len, "%02d%02d%02d%02d%02d%02dZ",
	310	ts->tm_year % 100, ts->tm_mon + 1,
	311	ts->tm_mday, ts->tm_hour, ts->tm_min,
	312	ts->tm_sec);
5b2d8bc2	313	}
cf37aaa3	314
48102247	315	#ifdef CHARSET_EBCDIC
cf37aaa3 TS	316	ebcdic2ascii(tmps->data, tmps->data, tmps->length);
	317	#endif
	318	return tmps;
	319	err:
	320	if (tmps != s)
	321	ASN1_STRING_free(tmps);
	322	return NULL;
	323	}
	324
6b691a5c	325	ASN1_TIME ASN1_TIME_set(ASN1_TIME s, time_t t)
0f113f3e MC	326	{
	327	return ASN1_TIME_adj(s, t, 0, 0);
	328	}
87d3a0cd DSH	329
87d3a0cd DSH	330	ASN1_TIME ASN1_TIME_adj(ASN1_TIME s, time_t t,
0f113f3e MC	331	int offset_day, long offset_sec)
	332	{
	333	struct tm *ts;
	334	struct tm data;
	335
	336	ts = OPENSSL_gmtime(&t, &data);
	337	if (ts == NULL) {
9311d0c4	338	ERR_raise(ERR_LIB_ASN1, ASN1_R_ERROR_GETTING_TIME);
0f113f3e MC	339	return NULL;
	340	}
	341	if (offset_day \|\| offset_sec) {
	342	if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
	343	return NULL;
	344	}
adf7e6d1	345	return ossl_asn1_time_from_tm(s, ts, V_ASN1_UNDEF);
0f113f3e	346	}
02e4fbed	347
359b0c9f	348	int ASN1_TIME_check(const ASN1_TIME *t)
0f113f3e MC	349	{
	350	if (t->type == V_ASN1_GENERALIZEDTIME)
	351	return ASN1_GENERALIZEDTIME_check(t);
	352	else if (t->type == V_ASN1_UTCTIME)
	353	return ASN1_UTCTIME_check(t);
	354	return 0;
	355	}
02e4fbed DSH	356
02e4fbed DSH	357	/* Convert an ASN1_TIME structure to GeneralizedTime */
9bfeeef8	358	ASN1_GENERALIZEDTIME ASN1_TIME_to_generalizedtime(const ASN1_TIME t,
0f113f3e MC	359	ASN1_GENERALIZEDTIME **out)
0f113f3e MC	360	{
4483e234	361	ASN1_GENERALIZEDTIME *ret = NULL;
cf37aaa3	362	struct tm tm;
0f113f3e	363
cf37aaa3	364	if (!ASN1_TIME_to_tm(t, &tm))
0f113f3e MC	365	return NULL;
0f113f3e MC	366
cf37aaa3	367	if (out != NULL)
0f113f3e MC	368	ret = *out;
0f113f3e MC	369
adf7e6d1	370	ret = ossl_asn1_time_from_tm(ret, &tm, V_ASN1_GENERALIZEDTIME);
0f113f3e	371
cf37aaa3 TS	372	if (out != NULL && ret != NULL)
cf37aaa3 TS	373	*out = ret;
0f113f3e	374
cf37aaa3	375	return ret;
0f113f3e	376	}
33ab2e31 DSH	377
33ab2e31 DSH	378	int ASN1_TIME_set_string(ASN1_TIME s, const char str)
0f113f3e	379	{
cf37aaa3 TS	380	/* Try UTC, if that fails, try GENERALIZED */
	381	if (ASN1_UTCTIME_set_string(s, str))
	382	return 1;
	383	return ASN1_GENERALIZEDTIME_set_string(s, str);
0f113f3e	384	}
359b0c9f	385
04e62715 RS	386	int ASN1_TIME_set_string_X509(ASN1_TIME s, const char str)
	387	{
	388	ASN1_TIME t;
	389	struct tm tm;
	390	int rv = 0;
	391
	392	t.length = strlen(str);
	393	t.data = (unsigned char *)str;
	394	t.flags = ASN1_STRING_FLAG_X509_TIME;
	395
	396	t.type = V_ASN1_UTCTIME;
	397
	398	if (!ASN1_TIME_check(&t)) {
	399	t.type = V_ASN1_GENERALIZEDTIME;
	400	if (!ASN1_TIME_check(&t))
	401	goto out;
	402	}
	403
	404	/*
	405	* Per RFC 5280 (section 4.1.2.5.), the valid input time
	406	* strings should be encoded with the following rules:
	407	*
	408	* 1. UTC: YYMMDDHHMMSSZ, if YY < 50 (20YY) --> UTC: YYMMDDHHMMSSZ
	409	* 2. UTC: YYMMDDHHMMSSZ, if YY >= 50 (19YY) --> UTC: YYMMDDHHMMSSZ
	410	* 3. G'd: YYYYMMDDHHMMSSZ, if YYYY >= 2050 --> G'd: YYYYMMDDHHMMSSZ
	411	* 4. G'd: YYYYMMDDHHMMSSZ, if YYYY < 2050 --> UTC: YYMMDDHHMMSSZ
	412	*
	413	* Only strings of the 4th rule should be reformatted, but since a
	414	* UTC can only present [1950, 2050), so if the given time string
	415	* is less than 1950 (e.g. 19230419000000Z), we do nothing...
	416	*/
	417
	418	if (s != NULL && t.type == V_ASN1_GENERALIZEDTIME) {
adf7e6d1	419	if (!ossl_asn1_time_to_tm(&tm, &t))
04e62715	420	goto out;
cf37aaa3	421	if (is_utc(tm.tm_year)) {
04e62715 RS	422	t.length -= 2;
	423	/*
	424	* it's OK to let original t.data go since that's assigned
	425	* to a piece of memory allocated outside of this function.
	426	* new t.data would be freed after ASN1_STRING_copy is done.
	427	*/
	428	t.data = OPENSSL_zalloc(t.length + 1);
e077455e	429	if (t.data == NULL)
04e62715 RS	430	goto out;
	431	memcpy(t.data, str + 2, t.length);
	432	t.type = V_ASN1_UTCTIME;
	433	}
	434	}
	435
	436	if (s == NULL \|\| ASN1_STRING_copy((ASN1_STRING )s, (ASN1_STRING )&t))
	437	rv = 1;
	438
	439	if (t.data != (unsigned char *)str)
	440	OPENSSL_free(t.data);
	441	out:
	442	return rv;
	443	}
	444
1c036c64	445	int ASN1_TIME_to_tm(const ASN1_TIME s, struct tm tm)
0f113f3e	446	{
1c036c64	447	if (s == NULL) {
0f113f3e	448	time_t now_t;
1c036c64	449
0f113f3e	450	time(&now_t);
1c036c64	451	memset(tm, 0, sizeof(*tm));
52b6e17d	452	if (OPENSSL_gmtime(&now_t, tm) != NULL)
0f113f3e MC	453	return 1;
	454	return 0;
	455	}
	456
adf7e6d1	457	return ossl_asn1_time_to_tm(tm, s);
0f113f3e	458	}
1c455bc0	459
360ef676	460	int ASN1_TIME_diff(int pday, int psec,
0f113f3e MC	461	const ASN1_TIME from, const ASN1_TIME to)
	462	{
	463	struct tm tm_from, tm_to;
1c036c64 TS	464
1c036c64 TS	465	if (!ASN1_TIME_to_tm(from, &tm_from))
0f113f3e	466	return 0;
1c036c64	467	if (!ASN1_TIME_to_tm(to, &tm_to))
0f113f3e MC	468	return 0;
	469	return OPENSSL_gmtime_diff(pday, psec, &tm_from, &tm_to);
	470	}
0d0099ea	471
f673c4f8 PY	472	static const char _asn1_mon[12][4] = {
	473	"Jan", "Feb", "Mar", "Apr", "May", "Jun",
	474	"Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
	475	};
	476
8c5bff22	477	/* prints the time with the default date format (RFC 822) */
0d0099ea	478	int ASN1_TIME_print(BIO bp, const ASN1_TIME tm)
63162e3d	479	{
8c5bff22 WE	480	return ASN1_TIME_print_ex(bp, tm, ASN1_DTFLGS_RFC822);
	481	}
	482
	483	/* returns 1 on success, 0 on BIO write error or parse failure */
	484	int ASN1_TIME_print_ex(BIO bp, const ASN1_TIME tm, unsigned long flags)
	485	{
	486	return ossl_asn1_time_print_ex(bp, tm, flags) > 0;
63162e3d DDO	487	}
63162e3d DDO	488
8c5bff22 WE	489
8c5bff22 WE	490	/* prints the time with the date format of ISO 8601 */
63162e3d	491	/* returns 0 on BIO write error, else -1 in case of parse failure, else 1 */
8c5bff22	492	int ossl_asn1_time_print_ex(BIO bp, const ASN1_TIME tm, unsigned long flags)
0d0099ea	493	{
f673c4f8	494	char *v;
b7e011f8	495	int gmt = 0, l;
f673c4f8	496	struct tm stm;
48102247	497	const char upper_z = 0x5A, period = 0x2E;
f673c4f8	498
adf7e6d1 SL	499	/* ossl_asn1_time_to_tm will check the time type */
adf7e6d1 SL	500	if (!ossl_asn1_time_to_tm(&stm, tm))
63162e3d	501	return BIO_write(bp, "Bad time value", 14) ? -1 : 0;
f673c4f8 PY	502
	503	l = tm->length;
	504	v = (char *)tm->data;
48102247	505	if (v[l - 1] == upper_z)
f673c4f8	506	gmt = 1;
f673c4f8	507
b7e011f8 AP	508	if (tm->type == V_ASN1_GENERALIZEDTIME) {
	509	char *f = NULL;
	510	int f_len = 0;
	511
	512	/*
	513	* Try to parse fractional seconds. '14' is the place of
	514	* 'fraction point' in a GeneralizedTime string.
	515	*/
48102247	516	if (tm->length > 15 && v[14] == period) {
b7e011f8 AP	517	f = &v[14];
b7e011f8 AP	518	f_len = 1;
adf7e6d1	519	while (14 + f_len < l && ossl_ascii_isdigit(f[f_len]))
b7e011f8 AP	520	++f_len;
	521	}
	522
8c5bff22 WE	523	if ((flags & ASN1_DTFLGS_TYPE_MASK) == ASN1_DTFLGS_ISO8601) {
	524	return BIO_printf(bp, "%4d-%02d-%02d %02d:%02d:%02d%.*s%s",
	525	stm.tm_year + 1900, stm.tm_mon + 1,
	526	stm.tm_mday, stm.tm_hour,
	527	stm.tm_min, stm.tm_sec, f_len, f,
	528	(gmt ? "Z" : "")) > 0;
	529	}
	530	else {
	531	return BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s",
f673c4f8 PY	532	_asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour,
f673c4f8 PY	533	stm.tm_min, stm.tm_sec, f_len, f, stm.tm_year + 1900,
b7e011f8	534	(gmt ? " GMT" : "")) > 0;
8c5bff22	535	}
b7e011f8	536	} else {
8c5bff22 WE	537	if ((flags & ASN1_DTFLGS_TYPE_MASK) == ASN1_DTFLGS_ISO8601) {
	538	return BIO_printf(bp, "%4d-%02d-%02d %02d:%02d:%02d%s",
	539	stm.tm_year + 1900, stm.tm_mon + 1,
	540	stm.tm_mday, stm.tm_hour,
	541	stm.tm_min, stm.tm_sec,
	542	(gmt ? "Z" : "")) > 0;
	543	}
	544	else {
	545	return BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s",
f673c4f8 PY	546	_asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour,
f673c4f8 PY	547	stm.tm_min, stm.tm_sec, stm.tm_year + 1900,
b7e011f8	548	(gmt ? " GMT" : "")) > 0;
8c5bff22	549	}
b7e011f8	550	}
0d0099ea	551	}
cf37aaa3 TS	552
	553	int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t)
	554	{
	555	struct tm stm, ttm;
	556	int day, sec;
	557
	558	if (!ASN1_TIME_to_tm(s, &stm))
	559	return -2;
	560
	561	if (!OPENSSL_gmtime(&t, &ttm))
	562	return -2;
	563
	564	if (!OPENSSL_gmtime_diff(&day, &sec, &ttm, &stm))
	565	return -2;
	566
	567	if (day > 0 \|\| sec > 0)
	568	return 1;
	569	if (day < 0 \|\| sec < 0)
	570	return -1;
	571	return 0;
	572	}
	573
	574	int ASN1_TIME_normalize(ASN1_TIME *t)
	575	{
	576	struct tm tm;
	577
a33842ef	578	if (t == NULL \|\| !ASN1_TIME_to_tm(t, &tm))
cf37aaa3 TS	579	return 0;
cf37aaa3 TS	580
adf7e6d1	581	return ossl_asn1_time_from_tm(t, &tm, V_ASN1_UNDEF) != NULL;
cf37aaa3 TS	582	}
	583
	584	int ASN1_TIME_compare(const ASN1_TIME a, const ASN1_TIME b)
	585	{
	586	int day, sec;
	587
e44d3761	588	if (!ASN1_TIME_diff(&day, &sec, b, a))
cf37aaa3 TS	589	return -2;
	590	if (day > 0 \|\| sec > 0)
	591	return 1;
	592	if (day < 0 \|\| sec < 0)
	593	return -1;
	594	return 0;
	595	}
065121ff AF	596
	597	/*
	598	* tweak for Windows
	599	*/
	600	#ifdef WIN32
	601	# define timezone _timezone
	602	#endif
	603
66f61ece	604	#if defined(__FreeBSD__) \|\| defined(__wasi__)
0176fc78 JB	605	# define USE_TIMEGM
	606	#endif
	607
6097eb21	608	time_t ossl_asn1_string_to_time_t(const char *asn1_string)
065121ff AF	609	{
	610	ASN1_TIME *timestamp_asn1 = NULL;
	611	struct tm *timestamp_tm = NULL;
cffb65f2 J	612	#if defined(__DJGPP__)
	613	char *tz = NULL;
	614	#elif !defined(USE_TIMEGM)
065121ff	615	time_t timestamp_local;
0176fc78	616	#endif
065121ff AF	617	time_t timestamp_utc;
	618
	619	timestamp_asn1 = ASN1_TIME_new();
	620	if (!ASN1_TIME_set_string(timestamp_asn1, asn1_string))
	621	{
	622	ASN1_TIME_free(timestamp_asn1);
	623	return -1;
	624	}
	625
	626	timestamp_tm = OPENSSL_malloc(sizeof(*timestamp_tm));
8547cd67 JJ	627	if (timestamp_tm == NULL) {
	628	ASN1_TIME_free(timestamp_asn1);
	629	return -1;
	630	}
065121ff AF	631	if (!(ASN1_TIME_to_tm(timestamp_asn1, timestamp_tm))) {
	632	OPENSSL_free(timestamp_tm);
	633	ASN1_TIME_free(timestamp_asn1);
	634	return -1;
	635	}
cffb65f2 J	636	ASN1_TIME_free(timestamp_asn1);
	637
	638	#if defined(__DJGPP__)
	639	/*
	640	* This is NOT thread-safe. Do not use this method for platforms other
	641	* than djgpp.
	642	*/
	643	tz = getenv("TZ");
	644	if (tz != NULL) {
	645	tz = OPENSSL_strdup(tz);
	646	if (tz == NULL) {
	647	OPENSSL_free(timestamp_tm);
	648	return -1;
	649	}
	650	}
	651	setenv("TZ", "UTC", 1);
	652
	653	timestamp_utc = mktime(timestamp_tm);
065121ff	654
cffb65f2 J	655	if (tz != NULL) {
	656	setenv("TZ", tz, 1);
	657	OPENSSL_free(tz);
	658	} else {
	659	unsetenv("TZ");
	660	}
	661	#elif defined(USE_TIMEGM)
0176fc78	662	timestamp_utc = timegm(timestamp_tm);
0176fc78	663	#else
065121ff	664	timestamp_local = mktime(timestamp_tm);
065121ff	665	timestamp_utc = timestamp_local - timezone;
0176fc78	666	#endif
cffb65f2	667	OPENSSL_free(timestamp_tm);
065121ff	668
065121ff AF	669	return timestamp_utc;
065121ff AF	670	}