2 * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * This is an implementation of the ASN1 Time structure which is:
14 * generalTime GeneralizedTime }
19 #include "internal/cryptlib.h"
20 #include <openssl/asn1t.h>
21 #include "asn1_locl.h"
23 IMPLEMENT_ASN1_MSTRING(ASN1_TIME
, B_ASN1_TIME
)
25 IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME
)
27 static int leap_year(const int year
)
29 if (year
% 400 == 0 || (year
% 100 != 0 && year
% 4 == 0))
34 int asn1_time_to_tm(struct tm
*tm
, const ASN1_TIME
*d
)
36 static const int min
[9] = { 0, 0, 1, 1, 0, 0, 0, 0, 0 };
37 static const int max
[9] = { 99, 99, 12, 31, 23, 59, 59, 12, 59 };
38 static const int mdays
[12] = { 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 };
40 int n
, i
, i2
, l
, o
, min_l
= 11, strict
= 0, end
= 6, btz
= 5, md
;
44 * ASN1_STRING_FLAG_X509_TIME is used to enforce RFC 5280
45 * time string format, in which:
47 * 1. "seconds" is a 'MUST'
48 * 2. "Zulu" timezone is a 'MUST'
49 * 3. "+|-" is not allowed to indicate a time zone
51 if (d
->type
== V_ASN1_UTCTIME
) {
52 if (d
->flags
& ASN1_STRING_FLAG_X509_TIME
) {
56 } else if (d
->type
== V_ASN1_GENERALIZEDTIME
) {
59 if (d
->flags
& ASN1_STRING_FLAG_X509_TIME
) {
72 memset(&tmp
, 0, sizeof(tmp
));
75 * GENERALIZEDTIME is similar to UTCTIME except the year is represented
76 * as YYYY. This stuff treats everything as a two digit field so make
77 * first two fields 00 to 99
82 for (i
= 0; i
< end
; i
++) {
83 if (!strict
&& (i
== btz
) && ((a
[o
] == 'Z') || (a
[o
] == '+') || (a
[o
] == '-'))) {
87 if ((a
[o
] < '0') || (a
[o
] > '9'))
90 /* incomplete 2-digital number */
94 if ((a
[o
] < '0') || (a
[o
] > '9'))
96 n
= (n
* 10) + a
[o
] - '0';
97 /* no more bytes to read, but we haven't seen time-zone yet */
101 i2
= (d
->type
== V_ASN1_UTCTIME
) ? i
+ 1 : i
;
103 if ((n
< min
[i2
]) || (n
> max
[i2
]))
107 /* UTC will never be here */
108 tmp
.tm_year
= n
* 100 - 1900;
111 if (d
->type
== V_ASN1_UTCTIME
)
112 tmp
.tm_year
= n
< 50 ? n
+ 100 : n
;
120 /* check if tm_mday is valid in tm_mon */
121 if (tmp
.tm_mon
== 1) {
123 md
= mdays
[1] + leap_year(tmp
.tm_year
+ 1900);
125 md
= mdays
[tmp
.tm_mon
];
144 * Optional fractional seconds: decimal point followed by one or more
147 if (d
->type
== V_ASN1_GENERALIZEDTIME
&& a
[o
] == '.') {
149 /* RFC 5280 forbids fractional seconds */
154 while ((o
< l
) && (a
[o
] >= '0') && (a
[o
] <= '9'))
156 /* Must have at least one digit after decimal point */
159 /* no more bytes to read, but we haven't seen time-zone yet */
165 * 'o' will never point to '\0' at this point, the only chance
166 * 'o' can point to '\0' is either the subsequent if or the first
171 } else if (!strict
&& ((a
[o
] == '+') || (a
[o
] == '-'))) {
172 int offsign
= a
[o
] == '-' ? 1 : -1;
177 * if not equal, no need to do subsequent checks
178 * since the following for-loop will add 'o' by 4
179 * and the final return statement will check if 'l'
184 for (i
= end
; i
< end
+ 2; i
++) {
185 if ((a
[o
] < '0') || (a
[o
] > '9'))
189 if ((a
[o
] < '0') || (a
[o
] > '9'))
191 n
= (n
* 10) + a
[o
] - '0';
192 i2
= (d
->type
== V_ASN1_UTCTIME
) ? i
+ 1 : i
;
193 if ((n
< min
[i2
]) || (n
> max
[i2
]))
195 /* if tm is NULL, no need to adjust */
199 else if (i
== end
+ 1)
204 if (offset
&& !OPENSSL_gmtime_adj(&tmp
, 0, offset
* offsign
))
207 /* not Z, or not +/- in non-strict mode */
211 /* success, check if tm should be filled */
220 ASN1_TIME
*ASN1_TIME_set(ASN1_TIME
*s
, time_t t
)
222 return ASN1_TIME_adj(s
, t
, 0, 0);
225 ASN1_TIME
*ASN1_TIME_adj(ASN1_TIME
*s
, time_t t
,
226 int offset_day
, long offset_sec
)
231 ts
= OPENSSL_gmtime(&t
, &data
);
233 ASN1err(ASN1_F_ASN1_TIME_ADJ
, ASN1_R_ERROR_GETTING_TIME
);
236 if (offset_day
|| offset_sec
) {
237 if (!OPENSSL_gmtime_adj(ts
, offset_day
, offset_sec
))
240 if ((ts
->tm_year
>= 50) && (ts
->tm_year
< 150))
241 return ASN1_UTCTIME_adj(s
, t
, offset_day
, offset_sec
);
242 return ASN1_GENERALIZEDTIME_adj(s
, t
, offset_day
, offset_sec
);
245 int ASN1_TIME_check(const ASN1_TIME
*t
)
247 if (t
->type
== V_ASN1_GENERALIZEDTIME
)
248 return ASN1_GENERALIZEDTIME_check(t
);
249 else if (t
->type
== V_ASN1_UTCTIME
)
250 return ASN1_UTCTIME_check(t
);
254 /* Convert an ASN1_TIME structure to GeneralizedTime */
255 ASN1_GENERALIZEDTIME
*ASN1_TIME_to_generalizedtime(const ASN1_TIME
*t
,
256 ASN1_GENERALIZEDTIME
**out
)
258 ASN1_GENERALIZEDTIME
*ret
= NULL
;
261 if (!ASN1_TIME_check(t
))
264 if (out
== NULL
|| *out
== NULL
) {
265 if ((ret
= ASN1_GENERALIZEDTIME_new()) == NULL
)
270 /* If already GeneralizedTime just copy across */
271 if (t
->type
== V_ASN1_GENERALIZEDTIME
) {
272 if (!ASN1_STRING_set(ret
, t
->data
, t
->length
))
278 * Grow the string by two bytes.
279 * The actual allocation is t->length + 3 to include a terminator byte.
281 if (!ASN1_STRING_set(ret
, NULL
, t
->length
+ 2))
283 str
= (char *)ret
->data
;
284 /* Work out the century and prepend */
285 memcpy(str
, t
->data
[0] >= '5' ? "19" : "20", 2);
287 * t->length + 1 is the size of the data and the allocated buffer has
288 * this much space after the first two characters.
290 OPENSSL_strlcpy(str
+ 2, (const char *)t
->data
, t
->length
+ 1);
293 if (out
!= NULL
&& *out
== NULL
)
298 if (out
== NULL
|| *out
!= ret
)
299 ASN1_GENERALIZEDTIME_free(ret
);
303 int ASN1_TIME_set_string(ASN1_TIME
*s
, const char *str
)
307 t
.length
= strlen(str
);
308 t
.data
= (unsigned char *)str
;
311 t
.type
= V_ASN1_UTCTIME
;
313 if (!ASN1_TIME_check(&t
)) {
314 t
.type
= V_ASN1_GENERALIZEDTIME
;
315 if (!ASN1_TIME_check(&t
))
319 if (s
&& !ASN1_STRING_copy((ASN1_STRING
*)s
, (ASN1_STRING
*)&t
))
325 int ASN1_TIME_set_string_X509(ASN1_TIME
*s
, const char *str
)
331 t
.length
= strlen(str
);
332 t
.data
= (unsigned char *)str
;
333 t
.flags
= ASN1_STRING_FLAG_X509_TIME
;
335 t
.type
= V_ASN1_UTCTIME
;
337 if (!ASN1_TIME_check(&t
)) {
338 t
.type
= V_ASN1_GENERALIZEDTIME
;
339 if (!ASN1_TIME_check(&t
))
344 * Per RFC 5280 (section 4.1.2.5.), the valid input time
345 * strings should be encoded with the following rules:
347 * 1. UTC: YYMMDDHHMMSSZ, if YY < 50 (20YY) --> UTC: YYMMDDHHMMSSZ
348 * 2. UTC: YYMMDDHHMMSSZ, if YY >= 50 (19YY) --> UTC: YYMMDDHHMMSSZ
349 * 3. G'd: YYYYMMDDHHMMSSZ, if YYYY >= 2050 --> G'd: YYYYMMDDHHMMSSZ
350 * 4. G'd: YYYYMMDDHHMMSSZ, if YYYY < 2050 --> UTC: YYMMDDHHMMSSZ
352 * Only strings of the 4th rule should be reformatted, but since a
353 * UTC can only present [1950, 2050), so if the given time string
354 * is less than 1950 (e.g. 19230419000000Z), we do nothing...
357 if (s
!= NULL
&& t
.type
== V_ASN1_GENERALIZEDTIME
) {
358 if (!asn1_time_to_tm(&tm
, &t
))
360 if (tm
.tm_year
>= 50 && tm
.tm_year
< 150) {
363 * it's OK to let original t.data go since that's assigned
364 * to a piece of memory allocated outside of this function.
365 * new t.data would be freed after ASN1_STRING_copy is done.
367 t
.data
= OPENSSL_zalloc(t
.length
+ 1);
370 memcpy(t
.data
, str
+ 2, t
.length
);
371 t
.type
= V_ASN1_UTCTIME
;
375 if (s
== NULL
|| ASN1_STRING_copy((ASN1_STRING
*)s
, (ASN1_STRING
*)&t
))
378 if (t
.data
!= (unsigned char *)str
)
379 OPENSSL_free(t
.data
);
384 int ASN1_TIME_to_tm(const ASN1_TIME
*s
, struct tm
*tm
)
390 memset(tm
, 0, sizeof(*tm
));
391 if (OPENSSL_gmtime(&now_t
, tm
))
396 return asn1_time_to_tm(tm
, s
);
399 int ASN1_TIME_diff(int *pday
, int *psec
,
400 const ASN1_TIME
*from
, const ASN1_TIME
*to
)
402 struct tm tm_from
, tm_to
;
404 if (!ASN1_TIME_to_tm(from
, &tm_from
))
406 if (!ASN1_TIME_to_tm(to
, &tm_to
))
408 return OPENSSL_gmtime_diff(pday
, psec
, &tm_from
, &tm_to
);
411 int ASN1_TIME_print(BIO
*bp
, const ASN1_TIME
*tm
)
413 if (tm
->type
== V_ASN1_UTCTIME
)
414 return ASN1_UTCTIME_print(bp
, tm
);
415 if (tm
->type
== V_ASN1_GENERALIZEDTIME
)
416 return ASN1_GENERALIZEDTIME_print(bp
, tm
);
417 BIO_write(bp
, "Bad time value", 14);