[thirdparty/openssl.git] / crypto / asn1 / a_time.c

/*
 * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*-
 * This is an implementation of the ASN1 Time structure which is:
 *    Time ::= CHOICE {
 *      utcTime        UTCTime,
 *      generalTime    GeneralizedTime }
 */

#include <stdio.h>
#include <time.h>
#include "crypto/asn1.h"
#include "crypto/ctype.h"
#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
#include "asn1_local.h"

IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME)

IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME)
IMPLEMENT_ASN1_DUP_FUNCTION(ASN1_TIME)

static int is_utc(const int year)
{
    if (50 <= year && year <= 149)
        return 1;
    return 0;
}

static int leap_year(const int year)
{
    if (year % 400 == 0 || (year % 100 != 0 && year % 4 == 0))
        return 1;
    return 0;
}

/*
 * Compute the day of the week and the day of the year from the year, month
 * and day.  The day of the year is straightforward, the day of the week uses
 * a form of Zeller's congruence.  For this months start with March and are
 * numbered 4 through 15.
 */
static void determine_days(struct tm *tm)
{
    static const int ydays[12] = {
        0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
    };
    int y = tm->tm_year + 1900;
    int m = tm->tm_mon;
    int d = tm->tm_mday;
    int c;

    tm->tm_yday = ydays[m] + d - 1;
    if (m >= 2) {
        /* March and onwards can be one day further into the year */
        tm->tm_yday += leap_year(y);
        m += 2;
    } else {
        /* Treat January and February as part of the previous year */
        m += 14;
        y--;
    }
    c = y / 100;
    y %= 100;
    /* Zeller's congruence */
    tm->tm_wday = (d + (13 * m) / 5 + y + y / 4 + c / 4 + 5 * c + 6) % 7;
}

int ossl_asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d)
{
    static const int min[9] = { 0, 0, 1, 1, 0, 0, 0, 0, 0 };
    static const int max[9] = { 99, 99, 12, 31, 23, 59, 59, 12, 59 };
    static const int mdays[12] = { 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 };
    char *a;
    int n, i, i2, l, o, min_l = 11, strict = 0, end = 6, btz = 5, md;
    struct tm tmp;
#if defined(CHARSET_EBCDIC)
    const char upper_z = 0x5A, num_zero = 0x30, period = 0x2E, minus = 0x2D, plus = 0x2B;
#else
    const char upper_z = 'Z', num_zero = '0', period = '.', minus = '-', plus = '+';
#endif
    /*
     * ASN1_STRING_FLAG_X509_TIME is used to enforce RFC 5280
     * time string format, in which:
     *
     * 1. "seconds" is a 'MUST'
     * 2. "Zulu" timezone is a 'MUST'
     * 3. "+|-" is not allowed to indicate a time zone
     */
    if (d->type == V_ASN1_UTCTIME) {
        if (d->flags & ASN1_STRING_FLAG_X509_TIME) {
            min_l = 13;
            strict = 1;
        }
    } else if (d->type == V_ASN1_GENERALIZEDTIME) {
        end = 7;
        btz = 6;
        if (d->flags & ASN1_STRING_FLAG_X509_TIME) {
            min_l = 15;
            strict = 1;
        } else {
            min_l = 13;
        }
    } else {
        return 0;
    }

    l = d->length;
    a = (char *)d->data;
    o = 0;
    memset(&tmp, 0, sizeof(tmp));

    /*
     * GENERALIZEDTIME is similar to UTCTIME except the year is represented
     * as YYYY. This stuff treats everything as a two digit field so make
     * first two fields 00 to 99
     */

    if (l < min_l)
        goto err;
    for (i = 0; i < end; i++) {
        if (!strict && (i == btz) && ((a[o] == upper_z) || (a[o] == plus) || (a[o] == minus))) {
            i++;
            break;
        }
        if (!ossl_ascii_isdigit(a[o]))
            goto err;
        n = a[o] - num_zero;
        /* incomplete 2-digital number */
        if (++o == l)
            goto err;

        if (!ossl_ascii_isdigit(a[o]))
            goto err;
        n = (n * 10) + a[o] - num_zero;
        /* no more bytes to read, but we haven't seen time-zone yet */
        if (++o == l)
            goto err;

        i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i;

        if ((n < min[i2]) || (n > max[i2]))
            goto err;
        switch (i2) {
        case 0:
            /* UTC will never be here */
            tmp.tm_year = n * 100 - 1900;
            break;
        case 1:
            if (d->type == V_ASN1_UTCTIME)
                tmp.tm_year = n < 50 ? n + 100 : n;
            else
                tmp.tm_year += n;
            break;
        case 2:
            tmp.tm_mon = n - 1;
            break;
        case 3:
            /* check if tm_mday is valid in tm_mon */
            if (tmp.tm_mon == 1) {
                /* it's February */
                md = mdays[1] + leap_year(tmp.tm_year + 1900);
            } else {
                md = mdays[tmp.tm_mon];
            }
            if (n > md)
                goto err;
            tmp.tm_mday = n;
            determine_days(&tmp);
            break;
        case 4:
            tmp.tm_hour = n;
            break;
        case 5:
            tmp.tm_min = n;
            break;
        case 6:
            tmp.tm_sec = n;
            break;
        }
    }

    /*
     * Optional fractional seconds: decimal point followed by one or more
     * digits.
     */
    if (d->type == V_ASN1_GENERALIZEDTIME && a[o] == period) {
        if (strict)
            /* RFC 5280 forbids fractional seconds */
            goto err;
        if (++o == l)
            goto err;
        i = o;
        while ((o < l) && ossl_ascii_isdigit(a[o]))
            o++;
        /* Must have at least one digit after decimal point */
        if (i == o)
            goto err;
        /* no more bytes to read, but we haven't seen time-zone yet */
        if (o == l)
            goto err;
    }

    /*
     * 'o' will never point to '\0' at this point, the only chance
     * 'o' can point to '\0' is either the subsequent if or the first
     * else if is true.
     */
    if (a[o] == upper_z) {
        o++;
    } else if (!strict && ((a[o] == plus) || (a[o] == minus))) {
        int offsign = a[o] == minus ? 1 : -1;
        int offset = 0;

        o++;
        /*
         * if not equal, no need to do subsequent checks
         * since the following for-loop will add 'o' by 4
         * and the final return statement will check if 'l'
         * and 'o' are equal.
         */
        if (o + 4 != l)
            goto err;
        for (i = end; i < end + 2; i++) {
            if (!ossl_ascii_isdigit(a[o]))
                goto err;
            n = a[o] - num_zero;
            o++;
            if (!ossl_ascii_isdigit(a[o]))
                goto err;
            n = (n * 10) + a[o] - num_zero;
            i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i;
            if ((n < min[i2]) || (n > max[i2]))
                goto err;
            /* if tm is NULL, no need to adjust */
            if (tm != NULL) {
                if (i == end)
                    offset = n * 3600;
                else if (i == end + 1)
                    offset += n * 60;
            }
            o++;
        }
        if (offset && !OPENSSL_gmtime_adj(&tmp, 0, offset * offsign))
            goto err;
    } else {
        /* not Z, or not +/- in non-strict mode */
        goto err;
    }
    if (o == l) {
        /* success, check if tm should be filled */
        if (tm != NULL)
            *tm = tmp;
        return 1;
    }
 err:
    return 0;
}

ASN1_TIME *ossl_asn1_time_from_tm(ASN1_TIME *s, struct tm *ts, int type)
{
    char* p;
    ASN1_TIME *tmps = NULL;
    const size_t len = 20;

    if (type == V_ASN1_UNDEF) {
        if (is_utc(ts->tm_year))
            type = V_ASN1_UTCTIME;
        else
            type = V_ASN1_GENERALIZEDTIME;
    } else if (type == V_ASN1_UTCTIME) {
        if (!is_utc(ts->tm_year))
            goto err;
    } else if (type != V_ASN1_GENERALIZEDTIME) {
        goto err;
    }

    if (s == NULL)
        tmps = ASN1_STRING_new();
    else
        tmps = s;
    if (tmps == NULL)
        return NULL;

    if (!ASN1_STRING_set(tmps, NULL, len))
        goto err;

    tmps->type = type;
    p = (char*)tmps->data;

    if (type == V_ASN1_GENERALIZEDTIME)
        tmps->length = BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ",
                                    ts->tm_year + 1900, ts->tm_mon + 1,
                                    ts->tm_mday, ts->tm_hour, ts->tm_min,
                                    ts->tm_sec);
    else
        tmps->length = BIO_snprintf(p, len, "%02d%02d%02d%02d%02d%02dZ",
                                    ts->tm_year % 100, ts->tm_mon + 1,
                                    ts->tm_mday, ts->tm_hour, ts->tm_min,
                                    ts->tm_sec);

#ifdef CHARSET_EBCDIC
    ebcdic2ascii(tmps->data, tmps->data, tmps->length);
#endif
    return tmps;
 err:
    if (tmps != s)
        ASN1_STRING_free(tmps);
    return NULL;
}

ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
{
    return ASN1_TIME_adj(s, t, 0, 0);
}

ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t,
                         int offset_day, long offset_sec)
{
    struct tm *ts;
    struct tm data;

    ts = OPENSSL_gmtime(&t, &data);
    if (ts == NULL) {
        ERR_raise(ERR_LIB_ASN1, ASN1_R_ERROR_GETTING_TIME);
        return NULL;
    }
    if (offset_day || offset_sec) {
        if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
            return NULL;
    }
    return ossl_asn1_time_from_tm(s, ts, V_ASN1_UNDEF);
}

int ASN1_TIME_check(const ASN1_TIME *t)
{
    if (t->type == V_ASN1_GENERALIZEDTIME)
        return ASN1_GENERALIZEDTIME_check(t);
    else if (t->type == V_ASN1_UTCTIME)
        return ASN1_UTCTIME_check(t);
    return 0;
}

/* Convert an ASN1_TIME structure to GeneralizedTime */
ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t,
                                                   ASN1_GENERALIZEDTIME **out)
{
    ASN1_GENERALIZEDTIME *ret = NULL;
    struct tm tm;

    if (!ASN1_TIME_to_tm(t, &tm))
        return NULL;

    if (out != NULL)
        ret = *out;

    ret = ossl_asn1_time_from_tm(ret, &tm, V_ASN1_GENERALIZEDTIME);

    if (out != NULL && ret != NULL)
        *out = ret;

    return ret;
}

int ASN1_TIME_set_string(ASN1_TIME *s, const char *str)
{
    /* Try UTC, if that fails, try GENERALIZED */
    if (ASN1_UTCTIME_set_string(s, str))
        return 1;
    return ASN1_GENERALIZEDTIME_set_string(s, str);
}

int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str)
{
    ASN1_TIME t;
    struct tm tm;
    int rv = 0;

    t.length = strlen(str);
    t.data = (unsigned char *)str;
    t.flags = ASN1_STRING_FLAG_X509_TIME;

    t.type = V_ASN1_UTCTIME;

    if (!ASN1_TIME_check(&t)) {
        t.type = V_ASN1_GENERALIZEDTIME;
        if (!ASN1_TIME_check(&t))
            goto out;
    }

    /*
     * Per RFC 5280 (section 4.1.2.5.), the valid input time
     * strings should be encoded with the following rules:
     *
     * 1. UTC: YYMMDDHHMMSSZ, if YY < 50 (20YY) --> UTC: YYMMDDHHMMSSZ
     * 2. UTC: YYMMDDHHMMSSZ, if YY >= 50 (19YY) --> UTC: YYMMDDHHMMSSZ
     * 3. G'd: YYYYMMDDHHMMSSZ, if YYYY >= 2050 --> G'd: YYYYMMDDHHMMSSZ
     * 4. G'd: YYYYMMDDHHMMSSZ, if YYYY < 2050 --> UTC: YYMMDDHHMMSSZ
     *
     * Only strings of the 4th rule should be reformatted, but since a
     * UTC can only present [1950, 2050), so if the given time string
     * is less than 1950 (e.g. 19230419000000Z), we do nothing...
     */

    if (s != NULL && t.type == V_ASN1_GENERALIZEDTIME) {
        if (!ossl_asn1_time_to_tm(&tm, &t))
            goto out;
        if (is_utc(tm.tm_year)) {
            t.length -= 2;
            /*
             * it's OK to let original t.data go since that's assigned
             * to a piece of memory allocated outside of this function.
             * new t.data would be freed after ASN1_STRING_copy is done.
             */
            t.data = OPENSSL_zalloc(t.length + 1);
            if (t.data == NULL) {
                ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
                goto out;
            }
            memcpy(t.data, str + 2, t.length);
            t.type = V_ASN1_UTCTIME;
        }
    }

    if (s == NULL || ASN1_STRING_copy((ASN1_STRING *)s, (ASN1_STRING *)&t))
        rv = 1;

    if (t.data != (unsigned char *)str)
        OPENSSL_free(t.data);
out:
    return rv;
}

int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm)
{
    if (s == NULL) {
        time_t now_t;

        time(&now_t);
        memset(tm, 0, sizeof(*tm));
        if (OPENSSL_gmtime(&now_t, tm) != NULL)
            return 1;
        return 0;
    }

    return ossl_asn1_time_to_tm(tm, s);
}

int ASN1_TIME_diff(int *pday, int *psec,
                   const ASN1_TIME *from, const ASN1_TIME *to)
{
    struct tm tm_from, tm_to;

    if (!ASN1_TIME_to_tm(from, &tm_from))
        return 0;
    if (!ASN1_TIME_to_tm(to, &tm_to))
        return 0;
    return OPENSSL_gmtime_diff(pday, psec, &tm_from, &tm_to);
}

static const char _asn1_mon[12][4] = {
    "Jan", "Feb", "Mar", "Apr", "May", "Jun",
    "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
};

/* returns 1 on success, 0 on BIO write error or parse failure */
int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm)
{
    return ossl_asn1_time_print_ex(bp, tm) > 0;
}

/* returns 0 on BIO write error, else -1 in case of parse failure, else 1 */
int ossl_asn1_time_print_ex(BIO *bp, const ASN1_TIME *tm)
{
    char *v;
    int gmt = 0, l;
    struct tm stm;
    const char upper_z = 0x5A, period = 0x2E;

    /* ossl_asn1_time_to_tm will check the time type */
    if (!ossl_asn1_time_to_tm(&stm, tm))
        return BIO_write(bp, "Bad time value", 14) ? -1 : 0;

    l = tm->length;
    v = (char *)tm->data;
    if (v[l - 1] == upper_z)
        gmt = 1;

    if (tm->type == V_ASN1_GENERALIZEDTIME) {
        char *f = NULL;
        int f_len = 0;

        /*
         * Try to parse fractional seconds. '14' is the place of
         * 'fraction point' in a GeneralizedTime string.
         */
        if (tm->length > 15 && v[14] == period) {
            f = &v[14];
            f_len = 1;
            while (14 + f_len < l && ossl_ascii_isdigit(f[f_len]))
                ++f_len;
        }

        return BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s",
                          _asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour,
                          stm.tm_min, stm.tm_sec, f_len, f, stm.tm_year + 1900,
                          (gmt ? " GMT" : "")) > 0;
    } else {
        return BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s",
                          _asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour,
                          stm.tm_min, stm.tm_sec, stm.tm_year + 1900,
                          (gmt ? " GMT" : "")) > 0;
    }
}

int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t)
{
    struct tm stm, ttm;
    int day, sec;

    if (!ASN1_TIME_to_tm(s, &stm))
        return -2;

    if (!OPENSSL_gmtime(&t, &ttm))
        return -2;

    if (!OPENSSL_gmtime_diff(&day, &sec, &ttm, &stm))
        return -2;

    if (day > 0 || sec > 0)
        return 1;
    if (day < 0 || sec < 0)
        return -1;
    return 0;
}

int ASN1_TIME_normalize(ASN1_TIME *t)
{
    struct tm tm;

    if (!ASN1_TIME_to_tm(t, &tm))
        return 0;

    return ossl_asn1_time_from_tm(t, &tm, V_ASN1_UNDEF) != NULL;
}

int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b)
{
    int day, sec;

    if (!ASN1_TIME_diff(&day, &sec, b, a))
        return -2;
    if (day > 0 || sec > 0)
        return 1;
    if (day < 0 || sec < 0)
        return -1;
    return 0;
}
Commit	Line	Data
2039c421	1	/*
4333b89f	2	* Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
f6aed2cd	3	*
365a2d99	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
2039c421 RS	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
f6aed2cd DSH	8	*/
f6aed2cd DSH	9
1d97c843 TH	10	/*-
1d97c843 TH	11	* This is an implementation of the ASN1 Time structure which is:
f6aed2cd DSH	12	* Time ::= CHOICE {
	13	* utcTime UTCTime,
	14	* generalTime GeneralizedTime }
f6aed2cd DSH	15	*/
	16
	17	#include <stdio.h>
	18	#include <time.h>
63162e3d	19	#include "crypto/asn1.h"
25f2138b	20	#include "crypto/ctype.h"
b39fc560	21	#include "internal/cryptlib.h"
9d6b1ce6	22	#include <openssl/asn1t.h>
706457b7	23	#include "asn1_local.h"
f6aed2cd	24
9d6b1ce6	25	IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME)
08e9c1af	26
9d6b1ce6	27	IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME)
fe4309b0	28	IMPLEMENT_ASN1_DUP_FUNCTION(ASN1_TIME)
08e9c1af	29
cf37aaa3 TS	30	static int is_utc(const int year)
	31	{
	32	if (50 <= year && year <= 149)
	33	return 1;
	34	return 0;
	35	}
	36
3d0f1cb9 PY	37	static int leap_year(const int year)
	38	{
	39	if (year % 400 == 0 \|\| (year % 100 != 0 && year % 4 == 0))
	40	return 1;
	41	return 0;
	42	}
	43
1a68e5b0 P	44	/*
	45	* Compute the day of the week and the day of the year from the year, month
	46	* and day. The day of the year is straightforward, the day of the week uses
	47	* a form of Zeller's congruence. For this months start with March and are
	48	* numbered 4 through 15.
	49	*/
	50	static void determine_days(struct tm *tm)
	51	{
	52	static const int ydays[12] = {
	53	0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
	54	};
	55	int y = tm->tm_year + 1900;
	56	int m = tm->tm_mon;
	57	int d = tm->tm_mday;
	58	int c;
	59
	60	tm->tm_yday = ydays[m] + d - 1;
	61	if (m >= 2) {
	62	/* March and onwards can be one day further into the year */
	63	tm->tm_yday += leap_year(y);
	64	m += 2;
	65	} else {
	66	/* Treat January and February as part of the previous year */
	67	m += 14;
	68	y--;
	69	}
	70	c = y / 100;
	71	y %= 100;
c2969ff6	72	/* Zeller's congruence */
1a68e5b0 P	73	tm->tm_wday = (d + (13 * m) / 5 + y + y / 4 + c / 4 + 5 * c + 6) % 7;
	74	}
	75
adf7e6d1	76	int ossl_asn1_time_to_tm(struct tm tm, const ASN1_TIME d)
3d0f1cb9 PY	77	{
	78	static const int min[9] = { 0, 0, 1, 1, 0, 0, 0, 0, 0 };
	79	static const int max[9] = { 99, 99, 12, 31, 23, 59, 59, 12, 59 };
	80	static const int mdays[12] = { 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 };
	81	char *a;
	82	int n, i, i2, l, o, min_l = 11, strict = 0, end = 6, btz = 5, md;
	83	struct tm tmp;
48102247	84	#if defined(CHARSET_EBCDIC)
	85	const char upper_z = 0x5A, num_zero = 0x30, period = 0x2E, minus = 0x2D, plus = 0x2B;
	86	#else
	87	const char upper_z = 'Z', num_zero = '0', period = '.', minus = '-', plus = '+';
	88	#endif
3d0f1cb9 PY	89	/*
	90	* ASN1_STRING_FLAG_X509_TIME is used to enforce RFC 5280
	91	* time string format, in which:
	92	*
	93	* 1. "seconds" is a 'MUST'
	94	* 2. "Zulu" timezone is a 'MUST'
	95	* 3. "+\|-" is not allowed to indicate a time zone
	96	*/
	97	if (d->type == V_ASN1_UTCTIME) {
	98	if (d->flags & ASN1_STRING_FLAG_X509_TIME) {
	99	min_l = 13;
	100	strict = 1;
	101	}
	102	} else if (d->type == V_ASN1_GENERALIZEDTIME) {
	103	end = 7;
	104	btz = 6;
	105	if (d->flags & ASN1_STRING_FLAG_X509_TIME) {
	106	min_l = 15;
	107	strict = 1;
	108	} else {
	109	min_l = 13;
	110	}
	111	} else {
	112	return 0;
	113	}
	114
	115	l = d->length;
	116	a = (char *)d->data;
	117	o = 0;
	118	memset(&tmp, 0, sizeof(tmp));
	119
	120	/*
	121	* GENERALIZEDTIME is similar to UTCTIME except the year is represented
	122	* as YYYY. This stuff treats everything as a two digit field so make
	123	* first two fields 00 to 99
	124	*/
	125
	126	if (l < min_l)
	127	goto err;
	128	for (i = 0; i < end; i++) {
48102247	129	if (!strict && (i == btz) && ((a[o] == upper_z) \|\| (a[o] == plus) \|\| (a[o] == minus))) {
3d0f1cb9 PY	130	i++;
	131	break;
	132	}
adf7e6d1	133	if (!ossl_ascii_isdigit(a[o]))
3d0f1cb9	134	goto err;
48102247	135	n = a[o] - num_zero;
3d0f1cb9 PY	136	/* incomplete 2-digital number */
	137	if (++o == l)
	138	goto err;
	139
adf7e6d1	140	if (!ossl_ascii_isdigit(a[o]))
3d0f1cb9	141	goto err;
48102247	142	n = (n * 10) + a[o] - num_zero;
3d0f1cb9 PY	143	/* no more bytes to read, but we haven't seen time-zone yet */
	144	if (++o == l)
	145	goto err;
	146
	147	i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i;
	148
	149	if ((n < min[i2]) \|\| (n > max[i2]))
	150	goto err;
	151	switch (i2) {
	152	case 0:
	153	/* UTC will never be here */
	154	tmp.tm_year = n * 100 - 1900;
	155	break;
	156	case 1:
	157	if (d->type == V_ASN1_UTCTIME)
	158	tmp.tm_year = n < 50 ? n + 100 : n;
	159	else
	160	tmp.tm_year += n;
	161	break;
	162	case 2:
	163	tmp.tm_mon = n - 1;
	164	break;
	165	case 3:
	166	/* check if tm_mday is valid in tm_mon */
	167	if (tmp.tm_mon == 1) {
	168	/* it's February */
	169	md = mdays[1] + leap_year(tmp.tm_year + 1900);
	170	} else {
	171	md = mdays[tmp.tm_mon];
	172	}
	173	if (n > md)
	174	goto err;
	175	tmp.tm_mday = n;
1a68e5b0	176	determine_days(&tmp);
3d0f1cb9 PY	177	break;
	178	case 4:
	179	tmp.tm_hour = n;
	180	break;
	181	case 5:
	182	tmp.tm_min = n;
	183	break;
	184	case 6:
	185	tmp.tm_sec = n;
	186	break;
	187	}
	188	}
	189
	190	/*
	191	* Optional fractional seconds: decimal point followed by one or more
	192	* digits.
	193	*/
48102247	194	if (d->type == V_ASN1_GENERALIZEDTIME && a[o] == period) {
3d0f1cb9 PY	195	if (strict)
	196	/* RFC 5280 forbids fractional seconds */
	197	goto err;
	198	if (++o == l)
	199	goto err;
	200	i = o;
adf7e6d1	201	while ((o < l) && ossl_ascii_isdigit(a[o]))
3d0f1cb9 PY	202	o++;
	203	/* Must have at least one digit after decimal point */
	204	if (i == o)
	205	goto err;
	206	/* no more bytes to read, but we haven't seen time-zone yet */
	207	if (o == l)
	208	goto err;
	209	}
	210
	211	/*
	212	* 'o' will never point to '\0' at this point, the only chance
	213	* 'o' can point to '\0' is either the subsequent if or the first
	214	* else if is true.
	215	*/
48102247	216	if (a[o] == upper_z) {
3d0f1cb9	217	o++;
48102247	218	} else if (!strict && ((a[o] == plus) \|\| (a[o] == minus))) {
48102247	219	int offsign = a[o] == minus ? 1 : -1;
3d0f1cb9 PY	220	int offset = 0;
	221
	222	o++;
	223	/*
	224	* if not equal, no need to do subsequent checks
	225	* since the following for-loop will add 'o' by 4
	226	* and the final return statement will check if 'l'
	227	* and 'o' are equal.
	228	*/
	229	if (o + 4 != l)
	230	goto err;
	231	for (i = end; i < end + 2; i++) {
adf7e6d1	232	if (!ossl_ascii_isdigit(a[o]))
3d0f1cb9	233	goto err;
48102247	234	n = a[o] - num_zero;
3d0f1cb9	235	o++;
adf7e6d1	236	if (!ossl_ascii_isdigit(a[o]))
3d0f1cb9	237	goto err;
48102247	238	n = (n * 10) + a[o] - num_zero;
3d0f1cb9 PY	239	i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i;
	240	if ((n < min[i2]) \|\| (n > max[i2]))
	241	goto err;
	242	/* if tm is NULL, no need to adjust */
	243	if (tm != NULL) {
	244	if (i == end)
	245	offset = n * 3600;
	246	else if (i == end + 1)
	247	offset += n * 60;
	248	}
	249	o++;
	250	}
	251	if (offset && !OPENSSL_gmtime_adj(&tmp, 0, offset * offsign))
	252	goto err;
	253	} else {
	254	/* not Z, or not +/- in non-strict mode */
	255	goto err;
	256	}
	257	if (o == l) {
	258	/* success, check if tm should be filled */
	259	if (tm != NULL)
	260	*tm = tmp;
	261	return 1;
	262	}
	263	err:
	264	return 0;
	265	}
	266
adf7e6d1	267	ASN1_TIME ossl_asn1_time_from_tm(ASN1_TIME s, struct tm *ts, int type)
cf37aaa3 TS	268	{
	269	char* p;
	270	ASN1_TIME *tmps = NULL;
	271	const size_t len = 20;
	272
	273	if (type == V_ASN1_UNDEF) {
	274	if (is_utc(ts->tm_year))
	275	type = V_ASN1_UTCTIME;
	276	else
	277	type = V_ASN1_GENERALIZEDTIME;
	278	} else if (type == V_ASN1_UTCTIME) {
	279	if (!is_utc(ts->tm_year))
	280	goto err;
	281	} else if (type != V_ASN1_GENERALIZEDTIME) {
	282	goto err;
	283	}
	284
	285	if (s == NULL)
	286	tmps = ASN1_STRING_new();
	287	else
	288	tmps = s;
	289	if (tmps == NULL)
	290	return NULL;
	291
	292	if (!ASN1_STRING_set(tmps, NULL, len))
	293	goto err;
	294
	295	tmps->type = type;
	296	p = (char*)tmps->data;
	297
	298	if (type == V_ASN1_GENERALIZEDTIME)
	299	tmps->length = BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ",
	300	ts->tm_year + 1900, ts->tm_mon + 1,
	301	ts->tm_mday, ts->tm_hour, ts->tm_min,
	302	ts->tm_sec);
	303	else
	304	tmps->length = BIO_snprintf(p, len, "%02d%02d%02d%02d%02d%02dZ",
	305	ts->tm_year % 100, ts->tm_mon + 1,
	306	ts->tm_mday, ts->tm_hour, ts->tm_min,
	307	ts->tm_sec);
	308
48102247	309	#ifdef CHARSET_EBCDIC
cf37aaa3 TS	310	ebcdic2ascii(tmps->data, tmps->data, tmps->length);
	311	#endif
	312	return tmps;
	313	err:
	314	if (tmps != s)
	315	ASN1_STRING_free(tmps);
	316	return NULL;
	317	}
	318
6b691a5c	319	ASN1_TIME ASN1_TIME_set(ASN1_TIME s, time_t t)
0f113f3e MC	320	{
	321	return ASN1_TIME_adj(s, t, 0, 0);
	322	}
87d3a0cd DSH	323
87d3a0cd DSH	324	ASN1_TIME ASN1_TIME_adj(ASN1_TIME s, time_t t,
0f113f3e MC	325	int offset_day, long offset_sec)
	326	{
	327	struct tm *ts;
	328	struct tm data;
	329
	330	ts = OPENSSL_gmtime(&t, &data);
	331	if (ts == NULL) {
9311d0c4	332	ERR_raise(ERR_LIB_ASN1, ASN1_R_ERROR_GETTING_TIME);
0f113f3e MC	333	return NULL;
	334	}
	335	if (offset_day \|\| offset_sec) {
	336	if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
	337	return NULL;
	338	}
adf7e6d1	339	return ossl_asn1_time_from_tm(s, ts, V_ASN1_UNDEF);
0f113f3e	340	}
02e4fbed	341
359b0c9f	342	int ASN1_TIME_check(const ASN1_TIME *t)
0f113f3e MC	343	{
	344	if (t->type == V_ASN1_GENERALIZEDTIME)
	345	return ASN1_GENERALIZEDTIME_check(t);
	346	else if (t->type == V_ASN1_UTCTIME)
	347	return ASN1_UTCTIME_check(t);
	348	return 0;
	349	}
02e4fbed DSH	350
02e4fbed DSH	351	/* Convert an ASN1_TIME structure to GeneralizedTime */
9bfeeef8	352	ASN1_GENERALIZEDTIME ASN1_TIME_to_generalizedtime(const ASN1_TIME t,
0f113f3e MC	353	ASN1_GENERALIZEDTIME **out)
0f113f3e MC	354	{
4483e234	355	ASN1_GENERALIZEDTIME *ret = NULL;
cf37aaa3	356	struct tm tm;
0f113f3e	357
cf37aaa3	358	if (!ASN1_TIME_to_tm(t, &tm))
0f113f3e MC	359	return NULL;
0f113f3e MC	360
cf37aaa3	361	if (out != NULL)
0f113f3e MC	362	ret = *out;
0f113f3e MC	363
adf7e6d1	364	ret = ossl_asn1_time_from_tm(ret, &tm, V_ASN1_GENERALIZEDTIME);
0f113f3e	365
cf37aaa3 TS	366	if (out != NULL && ret != NULL)
cf37aaa3 TS	367	*out = ret;
0f113f3e	368
cf37aaa3	369	return ret;
0f113f3e	370	}
33ab2e31 DSH	371
33ab2e31 DSH	372	int ASN1_TIME_set_string(ASN1_TIME s, const char str)
0f113f3e	373	{
cf37aaa3 TS	374	/* Try UTC, if that fails, try GENERALIZED */
	375	if (ASN1_UTCTIME_set_string(s, str))
	376	return 1;
	377	return ASN1_GENERALIZEDTIME_set_string(s, str);
0f113f3e	378	}
359b0c9f	379
04e62715 RS	380	int ASN1_TIME_set_string_X509(ASN1_TIME s, const char str)
	381	{
	382	ASN1_TIME t;
	383	struct tm tm;
	384	int rv = 0;
	385
	386	t.length = strlen(str);
	387	t.data = (unsigned char *)str;
	388	t.flags = ASN1_STRING_FLAG_X509_TIME;
	389
	390	t.type = V_ASN1_UTCTIME;
	391
	392	if (!ASN1_TIME_check(&t)) {
	393	t.type = V_ASN1_GENERALIZEDTIME;
	394	if (!ASN1_TIME_check(&t))
	395	goto out;
	396	}
	397
	398	/*
	399	* Per RFC 5280 (section 4.1.2.5.), the valid input time
	400	* strings should be encoded with the following rules:
	401	*
	402	* 1. UTC: YYMMDDHHMMSSZ, if YY < 50 (20YY) --> UTC: YYMMDDHHMMSSZ
	403	* 2. UTC: YYMMDDHHMMSSZ, if YY >= 50 (19YY) --> UTC: YYMMDDHHMMSSZ
	404	* 3. G'd: YYYYMMDDHHMMSSZ, if YYYY >= 2050 --> G'd: YYYYMMDDHHMMSSZ
	405	* 4. G'd: YYYYMMDDHHMMSSZ, if YYYY < 2050 --> UTC: YYMMDDHHMMSSZ
	406	*
	407	* Only strings of the 4th rule should be reformatted, but since a
	408	* UTC can only present [1950, 2050), so if the given time string
	409	* is less than 1950 (e.g. 19230419000000Z), we do nothing...
	410	*/
	411
	412	if (s != NULL && t.type == V_ASN1_GENERALIZEDTIME) {
adf7e6d1	413	if (!ossl_asn1_time_to_tm(&tm, &t))
04e62715	414	goto out;
cf37aaa3	415	if (is_utc(tm.tm_year)) {
04e62715 RS	416	t.length -= 2;
	417	/*
	418	* it's OK to let original t.data go since that's assigned
	419	* to a piece of memory allocated outside of this function.
	420	* new t.data would be freed after ASN1_STRING_copy is done.
	421	*/
	422	t.data = OPENSSL_zalloc(t.length + 1);
89947af2 F	423	if (t.data == NULL) {
89947af2 F	424	ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
04e62715	425	goto out;
89947af2	426	}
04e62715 RS	427	memcpy(t.data, str + 2, t.length);
	428	t.type = V_ASN1_UTCTIME;
	429	}
	430	}
	431
	432	if (s == NULL \|\| ASN1_STRING_copy((ASN1_STRING )s, (ASN1_STRING )&t))
	433	rv = 1;
	434
	435	if (t.data != (unsigned char *)str)
	436	OPENSSL_free(t.data);
	437	out:
	438	return rv;
	439	}
	440
1c036c64	441	int ASN1_TIME_to_tm(const ASN1_TIME s, struct tm tm)
0f113f3e	442	{
1c036c64	443	if (s == NULL) {
0f113f3e	444	time_t now_t;
1c036c64	445
0f113f3e	446	time(&now_t);
1c036c64	447	memset(tm, 0, sizeof(*tm));
52b6e17d	448	if (OPENSSL_gmtime(&now_t, tm) != NULL)
0f113f3e MC	449	return 1;
	450	return 0;
	451	}
	452
adf7e6d1	453	return ossl_asn1_time_to_tm(tm, s);
0f113f3e	454	}
1c455bc0	455
360ef676	456	int ASN1_TIME_diff(int pday, int psec,
0f113f3e MC	457	const ASN1_TIME from, const ASN1_TIME to)
	458	{
	459	struct tm tm_from, tm_to;
1c036c64 TS	460
1c036c64 TS	461	if (!ASN1_TIME_to_tm(from, &tm_from))
0f113f3e	462	return 0;
1c036c64	463	if (!ASN1_TIME_to_tm(to, &tm_to))
0f113f3e MC	464	return 0;
	465	return OPENSSL_gmtime_diff(pday, psec, &tm_from, &tm_to);
	466	}
0d0099ea	467
f673c4f8 PY	468	static const char _asn1_mon[12][4] = {
	469	"Jan", "Feb", "Mar", "Apr", "May", "Jun",
	470	"Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
	471	};
	472
63162e3d	473	/* returns 1 on success, 0 on BIO write error or parse failure */
0d0099ea	474	int ASN1_TIME_print(BIO bp, const ASN1_TIME tm)
63162e3d	475	{
adf7e6d1	476	return ossl_asn1_time_print_ex(bp, tm) > 0;
63162e3d DDO	477	}
	478
	479	/* returns 0 on BIO write error, else -1 in case of parse failure, else 1 */
adf7e6d1	480	int ossl_asn1_time_print_ex(BIO bp, const ASN1_TIME tm)
0d0099ea	481	{
f673c4f8	482	char *v;
b7e011f8	483	int gmt = 0, l;
f673c4f8	484	struct tm stm;
48102247	485	const char upper_z = 0x5A, period = 0x2E;
f673c4f8	486
adf7e6d1 SL	487	/* ossl_asn1_time_to_tm will check the time type */
adf7e6d1 SL	488	if (!ossl_asn1_time_to_tm(&stm, tm))
63162e3d	489	return BIO_write(bp, "Bad time value", 14) ? -1 : 0;
f673c4f8 PY	490
	491	l = tm->length;
	492	v = (char *)tm->data;
48102247	493	if (v[l - 1] == upper_z)
f673c4f8	494	gmt = 1;
f673c4f8	495
b7e011f8 AP	496	if (tm->type == V_ASN1_GENERALIZEDTIME) {
	497	char *f = NULL;
	498	int f_len = 0;
	499
	500	/*
	501	* Try to parse fractional seconds. '14' is the place of
	502	* 'fraction point' in a GeneralizedTime string.
	503	*/
48102247	504	if (tm->length > 15 && v[14] == period) {
b7e011f8 AP	505	f = &v[14];
b7e011f8 AP	506	f_len = 1;
adf7e6d1	507	while (14 + f_len < l && ossl_ascii_isdigit(f[f_len]))
b7e011f8 AP	508	++f_len;
	509	}
	510
f673c4f8 PY	511	return BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s",
	512	_asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour,
	513	stm.tm_min, stm.tm_sec, f_len, f, stm.tm_year + 1900,
b7e011f8 AP	514	(gmt ? " GMT" : "")) > 0;
b7e011f8 AP	515	} else {
f673c4f8 PY	516	return BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s",
	517	_asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour,
	518	stm.tm_min, stm.tm_sec, stm.tm_year + 1900,
b7e011f8 AP	519	(gmt ? " GMT" : "")) > 0;
b7e011f8 AP	520	}
0d0099ea	521	}
cf37aaa3 TS	522
	523	int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t)
	524	{
	525	struct tm stm, ttm;
	526	int day, sec;
	527
	528	if (!ASN1_TIME_to_tm(s, &stm))
	529	return -2;
	530
	531	if (!OPENSSL_gmtime(&t, &ttm))
	532	return -2;
	533
	534	if (!OPENSSL_gmtime_diff(&day, &sec, &ttm, &stm))
	535	return -2;
	536
	537	if (day > 0 \|\| sec > 0)
	538	return 1;
	539	if (day < 0 \|\| sec < 0)
	540	return -1;
	541	return 0;
	542	}
	543
	544	int ASN1_TIME_normalize(ASN1_TIME *t)
	545	{
	546	struct tm tm;
	547
	548	if (!ASN1_TIME_to_tm(t, &tm))
	549	return 0;
	550
adf7e6d1	551	return ossl_asn1_time_from_tm(t, &tm, V_ASN1_UNDEF) != NULL;
cf37aaa3 TS	552	}
	553
	554	int ASN1_TIME_compare(const ASN1_TIME a, const ASN1_TIME b)
	555	{
	556	int day, sec;
	557
e44d3761	558	if (!ASN1_TIME_diff(&day, &sec, b, a))
cf37aaa3 TS	559	return -2;
	560	if (day > 0 \|\| sec > 0)
	561	return 1;
	562	if (day < 0 \|\| sec < 0)
	563	return -1;
	564	return 0;
	565	}