/src/openssl/crypto/asn1/a_time.c

Source (jump to first uncovered line)
/*
 * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*-
 * This is an implementation of the ASN1 Time structure which is:
 *    Time ::= CHOICE {
 *      utcTime        UTCTime,
 *      generalTime    GeneralizedTime }
 */

#include <stdio.h>
#include <time.h>
#include "internal/ctype.h"
#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
#include "asn1_locl.h"

IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME)

IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME)

static int is_utc(const int year)
{
    if (50 <= year && year <= 149)
        return 1;
    return 0;
}

static int leap_year(const int year)
{
    if (year % 400 == 0 || (year % 100 != 0 && year % 4 == 0))
        return 1;
    return 0;
}

/*
 * Compute the day of the week and the day of the year from the year, month
 * and day.  The day of the year is straightforward, the day of the week uses
 * a form of Zeller's congruence.  For this months start with March and are
 * numbered 4 through 15.
 */
static void determine_days(struct tm *tm)
{
    static const int ydays[12] = {
        0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
    };
    int y = tm->tm_year + 1900;
    int m = tm->tm_mon;
    int d = tm->tm_mday;
    int c;

    tm->tm_yday = ydays[m] + d - 1;
    if (m >= 2) {
        /* March and onwards can be one day further into the year */
        tm->tm_yday += leap_year(y);
        m += 2;
    } else {
        /* Treat January and February as part of the previous year */
        m += 14;
        y--;
    }
    c = y / 100;
    y %= 100;
    /* Zeller's congruance */
    tm->tm_wday = (d + (13 * m) / 5 + y + y / 4 + c / 4 + 5 * c + 6) % 7;
}

int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d)
{
    static const int min[9] = { 0, 0, 1, 1, 0, 0, 0, 0, 0 };
    static const int max[9] = { 99, 99, 12, 31, 23, 59, 59, 12, 59 };
    static const int mdays[12] = { 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 };
    char *a;
    int n, i, i2, l, o, min_l = 11, strict = 0, end = 6, btz = 5, md;
    struct tm tmp;

    /*
     * ASN1_STRING_FLAG_X509_TIME is used to enforce RFC 5280
     * time string format, in which:
     *
     * 1. "seconds" is a 'MUST'
     * 2. "Zulu" timezone is a 'MUST'
     * 3. "+|-" is not allowed to indicate a time zone
     */
    if (d->type == V_ASN1_UTCTIME) {
        if (d->flags & ASN1_STRING_FLAG_X509_TIME) {
            min_l = 13;
            strict = 1;
        }
    } else if (d->type == V_ASN1_GENERALIZEDTIME) {
        end = 7;
        btz = 6;
        if (d->flags & ASN1_STRING_FLAG_X509_TIME) {
            min_l = 15;
            strict = 1;
        } else {
            min_l = 13;
        }
    } else {
        return 0;
    }

    l = d->length;
    a = (char *)d->data;
    o = 0;
    memset(&tmp, 0, sizeof(tmp));

    /*
     * GENERALIZEDTIME is similar to UTCTIME except the year is represented
     * as YYYY. This stuff treats everything as a two digit field so make
     * first two fields 00 to 99
     */

    if (l < min_l)
        goto err;
    for (i = 0; i < end; i++) {
        if (!strict && (i == btz) && ((a[o] == 'Z') || (a[o] == '+') || (a[o] == '-'))) {
            i++;
            break;
        }
        if (!ossl_isdigit(a[o]))
            goto err;
        n = a[o] - '0';
        /* incomplete 2-digital number */
        if (++o == l)
            goto err;

        if (!ossl_isdigit(a[o]))
            goto err;
        n = (n * 10) + a[o] - '0';
        /* no more bytes to read, but we haven't seen time-zone yet */
        if (++o == l)
            goto err;

        i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i;

        if ((n < min[i2]) || (n > max[i2]))
            goto err;
        switch (i2) {
        case 0:
            /* UTC will never be here */
            tmp.tm_year = n * 100 - 1900;
            break;
        case 1:
            if (d->type == V_ASN1_UTCTIME)
                tmp.tm_year = n < 50 ? n + 100 : n;
            else
                tmp.tm_year += n;
            break;
        case 2:
            tmp.tm_mon = n - 1;
            break;
        case 3:
            /* check if tm_mday is valid in tm_mon */
            if (tmp.tm_mon == 1) {
                /* it's February */
                md = mdays[1] + leap_year(tmp.tm_year + 1900);
            } else {
                md = mdays[tmp.tm_mon];
            }
            if (n > md)
                goto err;
            tmp.tm_mday = n;
            determine_days(&tmp);
            break;
        case 4:
            tmp.tm_hour = n;
            break;
        case 5:
            tmp.tm_min = n;
            break;
        case 6:
            tmp.tm_sec = n;
            break;
        }
    }

    /*
     * Optional fractional seconds: decimal point followed by one or more
     * digits.
     */
    if (d->type == V_ASN1_GENERALIZEDTIME && a[o] == '.') {
        if (strict)
            /* RFC 5280 forbids fractional seconds */
            goto err;
        if (++o == l)
            goto err;
        i = o;
        while ((o < l) && ossl_isdigit(a[o]))
            o++;
        /* Must have at least one digit after decimal point */
        if (i == o)
            goto err;
        /* no more bytes to read, but we haven't seen time-zone yet */
        if (o == l)
            goto err;
    }

    /*
     * 'o' will never point to '\0' at this point, the only chance
     * 'o' can point to '\0' is either the subsequent if or the first
     * else if is true.
     */
    if (a[o] == 'Z') {
        o++;
    } else if (!strict && ((a[o] == '+') || (a[o] == '-'))) {
        int offsign = a[o] == '-' ? 1 : -1;
        int offset = 0;

        o++;
        /*
         * if not equal, no need to do subsequent checks
         * since the following for-loop will add 'o' by 4
         * and the final return statement will check if 'l'
         * and 'o' are equal.
         */
        if (o + 4 != l)
            goto err;
        for (i = end; i < end + 2; i++) {
            if (!ossl_isdigit(a[o]))
                goto err;
            n = a[o] - '0';
            o++;
            if (!ossl_isdigit(a[o]))
                goto err;
            n = (n * 10) + a[o] - '0';
            i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i;
            if ((n < min[i2]) || (n > max[i2]))
                goto err;
            /* if tm is NULL, no need to adjust */
            if (tm != NULL) {
                if (i == end)
                    offset = n * 3600;
                else if (i == end + 1)
                    offset += n * 60;
            }
            o++;
        }
        if (offset && !OPENSSL_gmtime_adj(&tmp, 0, offset * offsign))
            goto err;
    } else {
        /* not Z, or not +/- in non-strict mode */
        goto err;
    }
    if (o == l) {
        /* success, check if tm should be filled */
        if (tm != NULL)
            *tm = tmp;
        return 1;
    }
 err:
    return 0;
}

ASN1_TIME *asn1_time_from_tm(ASN1_TIME *s, struct tm *ts, int type)
{
    char* p;
    ASN1_TIME *tmps = NULL;
    const size_t len = 20;

    if (type == V_ASN1_UNDEF) {
        if (is_utc(ts->tm_year))
            type = V_ASN1_UTCTIME;
        else
            type = V_ASN1_GENERALIZEDTIME;
    } else if (type == V_ASN1_UTCTIME) {
        if (!is_utc(ts->tm_year))
            goto err;
    } else if (type != V_ASN1_GENERALIZEDTIME) {
        goto err;
    }

    if (s == NULL)
        tmps = ASN1_STRING_new();
    else
        tmps = s;
    if (tmps == NULL)
        return NULL;

    if (!ASN1_STRING_set(tmps, NULL, len))
        goto err;

    tmps->type = type;
    p = (char*)tmps->data;

    if (type == V_ASN1_GENERALIZEDTIME)
        tmps->length = BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ",
                                    ts->tm_year + 1900, ts->tm_mon + 1,
                                    ts->tm_mday, ts->tm_hour, ts->tm_min,
                                    ts->tm_sec);
    else
        tmps->length = BIO_snprintf(p, len, "%02d%02d%02d%02d%02d%02dZ",
                                    ts->tm_year % 100, ts->tm_mon + 1,
                                    ts->tm_mday, ts->tm_hour, ts->tm_min,
                                    ts->tm_sec);

#ifdef CHARSET_EBCDIC_not
    ebcdic2ascii(tmps->data, tmps->data, tmps->length);
#endif
    return tmps;
 err:
    if (tmps != s)
        ASN1_STRING_free(tmps);
    return NULL;
}

ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
{
    return ASN1_TIME_adj(s, t, 0, 0);
}

ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t,
                         int offset_day, long offset_sec)
{
    struct tm *ts;
    struct tm data;

    ts = OPENSSL_gmtime(&t, &data);
    if (ts == NULL) {
        ASN1err(ASN1_F_ASN1_TIME_ADJ, ASN1_R_ERROR_GETTING_TIME);
        return NULL;
    }
    if (offset_day || offset_sec) {
        if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
            return NULL;
    }
    return asn1_time_from_tm(s, ts, V_ASN1_UNDEF);
}

int ASN1_TIME_check(const ASN1_TIME *t)
{
    if (t->type == V_ASN1_GENERALIZEDTIME)
        return ASN1_GENERALIZEDTIME_check(t);
    else if (t->type == V_ASN1_UTCTIME)
        return ASN1_UTCTIME_check(t);
    return 0;
}

/* Convert an ASN1_TIME structure to GeneralizedTime */
ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t,
                                                   ASN1_GENERALIZEDTIME **out)
{
    ASN1_GENERALIZEDTIME *ret = NULL;
    struct tm tm;

    if (!ASN1_TIME_to_tm(t, &tm))
        return NULL;

    if (out != NULL)
        ret = *out;

    ret = asn1_time_from_tm(ret, &tm, V_ASN1_GENERALIZEDTIME);

    if (out != NULL && ret != NULL)
        *out = ret;

    return ret;
}

int ASN1_TIME_set_string(ASN1_TIME *s, const char *str)
{
    /* Try UTC, if that fails, try GENERALIZED */
    if (ASN1_UTCTIME_set_string(s, str))
        return 1;
    return ASN1_GENERALIZEDTIME_set_string(s, str);
}

int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str)
{
    ASN1_TIME t;
    struct tm tm;
    int rv = 0;

    t.length = strlen(str);
    t.data = (unsigned char *)str;
    t.flags = ASN1_STRING_FLAG_X509_TIME;

    t.type = V_ASN1_UTCTIME;

    if (!ASN1_TIME_check(&t)) {
        t.type = V_ASN1_GENERALIZEDTIME;
        if (!ASN1_TIME_check(&t))
            goto out;
    }

    /*
     * Per RFC 5280 (section 4.1.2.5.), the valid input time
     * strings should be encoded with the following rules:
     *
     * 1. UTC: YYMMDDHHMMSSZ, if YY < 50 (20YY) --> UTC: YYMMDDHHMMSSZ
     * 2. UTC: YYMMDDHHMMSSZ, if YY >= 50 (19YY) --> UTC: YYMMDDHHMMSSZ
     * 3. G'd: YYYYMMDDHHMMSSZ, if YYYY >= 2050 --> G'd: YYYYMMDDHHMMSSZ
     * 4. G'd: YYYYMMDDHHMMSSZ, if YYYY < 2050 --> UTC: YYMMDDHHMMSSZ
     *
     * Only strings of the 4th rule should be reformatted, but since a
     * UTC can only present [1950, 2050), so if the given time string
     * is less than 1950 (e.g. 19230419000000Z), we do nothing...
     */

    if (s != NULL && t.type == V_ASN1_GENERALIZEDTIME) {
        if (!asn1_time_to_tm(&tm, &t))
            goto out;
        if (is_utc(tm.tm_year)) {
            t.length -= 2;
            /*
             * it's OK to let original t.data go since that's assigned
             * to a piece of memory allocated outside of this function.
             * new t.data would be freed after ASN1_STRING_copy is done.
             */
            t.data = OPENSSL_zalloc(t.length + 1);
            if (t.data == NULL)
                goto out;
            memcpy(t.data, str + 2, t.length);
            t.type = V_ASN1_UTCTIME;
        }
    }

    if (s == NULL || ASN1_STRING_copy((ASN1_STRING *)s, (ASN1_STRING *)&t))
        rv = 1;

    if (t.data != (unsigned char *)str)
        OPENSSL_free(t.data);
out:
    return rv;
}

int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm)
{
    if (s == NULL) {
        time_t now_t;

        time(&now_t);
        memset(tm, 0, sizeof(*tm));
        if (OPENSSL_gmtime(&now_t, tm) != NULL)
            return 1;
        return 0;
    }

    return asn1_time_to_tm(tm, s);
}

int ASN1_TIME_diff(int *pday, int *psec,
                   const ASN1_TIME *from, const ASN1_TIME *to)
{
    struct tm tm_from, tm_to;

    if (!ASN1_TIME_to_tm(from, &tm_from))
        return 0;
    if (!ASN1_TIME_to_tm(to, &tm_to))
        return 0;
    return OPENSSL_gmtime_diff(pday, psec, &tm_from, &tm_to);
}

static const char _asn1_mon[12][4] = {
    "Jan", "Feb", "Mar", "Apr", "May", "Jun",
    "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
};

int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm)
{
    char *v;
    int gmt = 0, l;
    struct tm stm;

    if (!asn1_time_to_tm(&stm, tm)) {
        /* asn1_time_to_tm will check the time type */
        goto err;
    }

    l = tm->length;
    v = (char *)tm->data;
    if (v[l - 1] == 'Z')
        gmt = 1;

    if (tm->type == V_ASN1_GENERALIZEDTIME) {
        char *f = NULL;
        int f_len = 0;

        /*
         * Try to parse fractional seconds. '14' is the place of
         * 'fraction point' in a GeneralizedTime string.
         */
        if (tm->length > 15 && v[14] == '.') {
            f = &v[14];
            f_len = 1;
            while (14 + f_len < l && ossl_isdigit(f[f_len]))
                ++f_len;
        }

        return BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s",
                          _asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour,
                          stm.tm_min, stm.tm_sec, f_len, f, stm.tm_year + 1900,
                          (gmt ? " GMT" : "")) > 0;
    } else {
        return BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s",
                          _asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour,
                          stm.tm_min, stm.tm_sec, stm.tm_year + 1900,
                          (gmt ? " GMT" : "")) > 0;
    }
 err:
    BIO_write(bp, "Bad time value", 14);
    return 0;
}

int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t)
{
    struct tm stm, ttm;
    int day, sec;

    if (!ASN1_TIME_to_tm(s, &stm))
        return -2;

    if (!OPENSSL_gmtime(&t, &ttm))
        return -2;

    if (!OPENSSL_gmtime_diff(&day, &sec, &ttm, &stm))
        return -2;

    if (day > 0 || sec > 0)
        return 1;
    if (day < 0 || sec < 0)
        return -1;
    return 0;
}

int ASN1_TIME_normalize(ASN1_TIME *t)
{
    struct tm tm;

    if (!ASN1_TIME_to_tm(t, &tm))
        return 0;

    return asn1_time_from_tm(t, &tm, V_ASN1_UNDEF) != NULL;
}

int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b)
{
    int day, sec;

    if (!ASN1_TIME_diff(&day, &sec, b, a))
        return -2;
    if (day > 0 || sec > 0)
        return 1;
    if (day < 0 || sec < 0)
        return -1;
    return 0;
}

Coverage Report

Created: 2018-08-29 13:53

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the OpenSSL license (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		/*-
11		* This is an implementation of the ASN1 Time structure which is:
12		* Time ::= CHOICE {
13		* utcTime UTCTime,
14		* generalTime GeneralizedTime }
15		*/
16
17		#include <stdio.h>
18		#include <time.h>
19		#include "internal/ctype.h"
20		#include "internal/cryptlib.h"
21		#include <openssl/asn1t.h>
22		#include "asn1_locl.h"
23
24		IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME)
25
26		IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME)
27
28		static int is_utc(const int year)
29	0	{
30	0	if (50 <= year && year <= 149)
31	0	return 1;
32	0	return 0;
33	0	}
34
35		static int leap_year(const int year)
36	0	{
37	0	if (year % 400 == 0 \|\| (year % 100 != 0 && year % 4 == 0))
38	0	return 1;
39	0	return 0;
40	0	}
41
42		/*
43		* Compute the day of the week and the day of the year from the year, month
44		* and day. The day of the year is straightforward, the day of the week uses
45		* a form of Zeller's congruence. For this months start with March and are
46		* numbered 4 through 15.
47		*/
48		static void determine_days(struct tm *tm)
49	0	{
50	0	static const int ydays[12] = {
51	0	0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
52	0	};
53	0	int y = tm->tm_year + 1900;
54	0	int m = tm->tm_mon;
55	0	int d = tm->tm_mday;
56	0	int c;
57	0
58	0	tm->tm_yday = ydays[m] + d - 1;
59	0	if (m >= 2) {
60	0	/* March and onwards can be one day further into the year */
61	0	tm->tm_yday += leap_year(y);
62	0	m += 2;
63	0	} else {
64	0	/* Treat January and February as part of the previous year */
65	0	m += 14;
66	0	y--;
67	0	}
68	0	c = y / 100;
69	0	y %= 100;
70	0	/* Zeller's congruance */
71	0	tm->tm_wday = (d + (13 * m) / 5 + y + y / 4 + c / 4 + 5 * c + 6) % 7;
72	0	}
73
74		int asn1_time_to_tm(struct tm tm, const ASN1_TIME d)
75	0	{
76	0	static const int min[9] = { 0, 0, 1, 1, 0, 0, 0, 0, 0 };
77	0	static const int max[9] = { 99, 99, 12, 31, 23, 59, 59, 12, 59 };
78	0	static const int mdays[12] = { 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 };
79	0	char *a;
80	0	int n, i, i2, l, o, min_l = 11, strict = 0, end = 6, btz = 5, md;
81	0	struct tm tmp;
82	0
83	0	/*
84	0	* ASN1_STRING_FLAG_X509_TIME is used to enforce RFC 5280
85	0	* time string format, in which:
86	0	*
87	0	* 1. "seconds" is a 'MUST'
88	0	* 2. "Zulu" timezone is a 'MUST'
89	0	* 3. "+\|-" is not allowed to indicate a time zone
90	0	*/
91	0	if (d->type == V_ASN1_UTCTIME) {
92	0	if (d->flags & ASN1_STRING_FLAG_X509_TIME) {
93	0	min_l = 13;
94	0	strict = 1;
95	0	}
96	0	} else if (d->type == V_ASN1_GENERALIZEDTIME) {
97	0	end = 7;
98	0	btz = 6;
99	0	if (d->flags & ASN1_STRING_FLAG_X509_TIME) {
100	0	min_l = 15;
101	0	strict = 1;
102	0	} else {
103	0	min_l = 13;
104	0	}
105	0	} else {
106	0	return 0;
107	0	}
108	0
109	0	l = d->length;
110	0	a = (char *)d->data;
111	0	o = 0;
112	0	memset(&tmp, 0, sizeof(tmp));
113	0
114	0	/*
115	0	* GENERALIZEDTIME is similar to UTCTIME except the year is represented
116	0	* as YYYY. This stuff treats everything as a two digit field so make
117	0	* first two fields 00 to 99
118	0	*/
119	0
120	0	if (l < min_l)
121	0	goto err;
122	0	for (i = 0; i < end; i++) {
123	0	if (!strict && (i == btz) && ((a[o] == 'Z') \|\| (a[o] == '+') \|\| (a[o] == '-'))) {
124	0	i++;
125	0	break;
126	0	}
127	0	if (!ossl_isdigit(a[o]))
128	0	goto err;
129	0	n = a[o] - '0';
130	0	/* incomplete 2-digital number */
131	0	if (++o == l)
132	0	goto err;
133	0
134	0	if (!ossl_isdigit(a[o]))
135	0	goto err;
136	0	n = (n * 10) + a[o] - '0';
137	0	/* no more bytes to read, but we haven't seen time-zone yet */
138	0	if (++o == l)
139	0	goto err;
140	0
141	0	i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i;
142	0
143	0	if ((n < min[i2]) \|\| (n > max[i2]))
144	0	goto err;
145	0	switch (i2) {
146	0	case 0:
147	0	/* UTC will never be here */
148	0	tmp.tm_year = n * 100 - 1900;
149	0	break;
150	0	case 1:
151	0	if (d->type == V_ASN1_UTCTIME)
152	0	tmp.tm_year = n < 50 ? n + 100 : n;
153	0	else
154	0	tmp.tm_year += n;
155	0	break;
156	0	case 2:
157	0	tmp.tm_mon = n - 1;
158	0	break;
159	0	case 3:
160	0	/* check if tm_mday is valid in tm_mon */
161	0	if (tmp.tm_mon == 1) {
162	0	/* it's February */
163	0	md = mdays[1] + leap_year(tmp.tm_year + 1900);
164	0	} else {
165	0	md = mdays[tmp.tm_mon];
166	0	}
167	0	if (n > md)
168	0	goto err;
169	0	tmp.tm_mday = n;
170	0	determine_days(&tmp);
171	0	break;
172	0	case 4:
173	0	tmp.tm_hour = n;
174	0	break;
175	0	case 5:
176	0	tmp.tm_min = n;
177	0	break;
178	0	case 6:
179	0	tmp.tm_sec = n;
180	0	break;
181	0	}
182	0	}
183	0
184	0	/*
185	0	* Optional fractional seconds: decimal point followed by one or more
186	0	* digits.
187	0	*/
188	0	if (d->type == V_ASN1_GENERALIZEDTIME && a[o] == '.') {
189	0	if (strict)
190	0	/* RFC 5280 forbids fractional seconds */
191	0	goto err;
192	0	if (++o == l)
193	0	goto err;
194	0	i = o;
195	0	while ((o < l) && ossl_isdigit(a[o]))
196	0	o++;
197	0	/* Must have at least one digit after decimal point */
198	0	if (i == o)
199	0	goto err;
200	0	/* no more bytes to read, but we haven't seen time-zone yet */
201	0	if (o == l)
202	0	goto err;
203	0	}
204	0
205	0	/*
206	0	* 'o' will never point to '\0' at this point, the only chance
207	0	* 'o' can point to '\0' is either the subsequent if or the first
208	0	* else if is true.
209	0	*/
210	0	if (a[o] == 'Z') {
211	0	o++;
212	0	} else if (!strict && ((a[o] == '+') \|\| (a[o] == '-'))) {
213	0	int offsign = a[o] == '-' ? 1 : -1;
214	0	int offset = 0;
215	0
216	0	o++;
217	0	/*
218	0	* if not equal, no need to do subsequent checks
219	0	* since the following for-loop will add 'o' by 4
220	0	* and the final return statement will check if 'l'
221	0	* and 'o' are equal.
222	0	*/
223	0	if (o + 4 != l)
224	0	goto err;
225	0	for (i = end; i < end + 2; i++) {
226	0	if (!ossl_isdigit(a[o]))
227	0	goto err;
228	0	n = a[o] - '0';
229	0	o++;
230	0	if (!ossl_isdigit(a[o]))
231	0	goto err;
232	0	n = (n * 10) + a[o] - '0';
233	0	i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i;
234	0	if ((n < min[i2]) \|\| (n > max[i2]))
235	0	goto err;
236	0	/* if tm is NULL, no need to adjust */
237	0	if (tm != NULL) {
238	0	if (i == end)
239	0	offset = n * 3600;
240	0	else if (i == end + 1)
241	0	offset += n * 60;
242	0	}
243	0	o++;
244	0	}
245	0	if (offset && !OPENSSL_gmtime_adj(&tmp, 0, offset * offsign))
246	0	goto err;
247	0	} else {
248	0	/* not Z, or not +/- in non-strict mode */
249	0	goto err;
250	0	}
251	0	if (o == l) {
252	0	/* success, check if tm should be filled */
253	0	if (tm != NULL)
254	0	*tm = tmp;
255	0	return 1;
256	0	}
257	0	err:
258	0	return 0;
259	0	}
260
261		ASN1_TIME asn1_time_from_tm(ASN1_TIME s, struct tm *ts, int type)
262	0	{
263	0	char* p;
264	0	ASN1_TIME *tmps = NULL;
265	0	const size_t len = 20;
266	0
267	0	if (type == V_ASN1_UNDEF) {
268	0	if (is_utc(ts->tm_year))
269	0	type = V_ASN1_UTCTIME;
270	0	else
271	0	type = V_ASN1_GENERALIZEDTIME;
272	0	} else if (type == V_ASN1_UTCTIME) {
273	0	if (!is_utc(ts->tm_year))
274	0	goto err;
275	0	} else if (type != V_ASN1_GENERALIZEDTIME) {
276	0	goto err;
277	0	}
278	0
279	0	if (s == NULL)
280	0	tmps = ASN1_STRING_new();
281	0	else
282	0	tmps = s;
283	0	if (tmps == NULL)
284	0	return NULL;
285	0
286	0	if (!ASN1_STRING_set(tmps, NULL, len))
287	0	goto err;
288	0
289	0	tmps->type = type;
290	0	p = (char*)tmps->data;
291	0
292	0	if (type == V_ASN1_GENERALIZEDTIME)
293	0	tmps->length = BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ",
294	0	ts->tm_year + 1900, ts->tm_mon + 1,
295	0	ts->tm_mday, ts->tm_hour, ts->tm_min,
296	0	ts->tm_sec);
297	0	else
298	0	tmps->length = BIO_snprintf(p, len, "%02d%02d%02d%02d%02d%02dZ",
299	0	ts->tm_year % 100, ts->tm_mon + 1,
300	0	ts->tm_mday, ts->tm_hour, ts->tm_min,
301	0	ts->tm_sec);
302	0
303		#ifdef CHARSET_EBCDIC_not
304		ebcdic2ascii(tmps->data, tmps->data, tmps->length);
305		#endif
306		return tmps;
307	0	err:
308	0	if (tmps != s)
309	0	ASN1_STRING_free(tmps);
310	0	return NULL;
311	0	}
312
313		ASN1_TIME ASN1_TIME_set(ASN1_TIME s, time_t t)
314	0	{
315	0	return ASN1_TIME_adj(s, t, 0, 0);
316	0	}
317
318		ASN1_TIME ASN1_TIME_adj(ASN1_TIME s, time_t t,
319		int offset_day, long offset_sec)
320	0	{
321	0	struct tm *ts;
322	0	struct tm data;
323	0
324	0	ts = OPENSSL_gmtime(&t, &data);
325	0	if (ts == NULL) {
326	0	ASN1err(ASN1_F_ASN1_TIME_ADJ, ASN1_R_ERROR_GETTING_TIME);
327	0	return NULL;
328	0	}
329	0	if (offset_day \|\| offset_sec) {
330	0	if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
331	0	return NULL;
332	0	}
333	0	return asn1_time_from_tm(s, ts, V_ASN1_UNDEF);
334	0	}
335
336		int ASN1_TIME_check(const ASN1_TIME *t)
337	0	{
338	0	if (t->type == V_ASN1_GENERALIZEDTIME)
339	0	return ASN1_GENERALIZEDTIME_check(t);
340	0	else if (t->type == V_ASN1_UTCTIME)
341	0	return ASN1_UTCTIME_check(t);
342	0	return 0;
343	0	}
344
345		/* Convert an ASN1_TIME structure to GeneralizedTime */
346		ASN1_GENERALIZEDTIME ASN1_TIME_to_generalizedtime(const ASN1_TIME t,
347		ASN1_GENERALIZEDTIME **out)
348	0	{
349	0	ASN1_GENERALIZEDTIME *ret = NULL;
350	0	struct tm tm;
351	0
352	0	if (!ASN1_TIME_to_tm(t, &tm))
353	0	return NULL;
354	0
355	0	if (out != NULL)
356	0	ret = *out;
357	0
358	0	ret = asn1_time_from_tm(ret, &tm, V_ASN1_GENERALIZEDTIME);
359	0
360	0	if (out != NULL && ret != NULL)
361	0	*out = ret;
362	0
363	0	return ret;
364	0	}
365
366		int ASN1_TIME_set_string(ASN1_TIME s, const char str)
367	0	{
368	0	/* Try UTC, if that fails, try GENERALIZED */
369	0	if (ASN1_UTCTIME_set_string(s, str))
370	0	return 1;
371	0	return ASN1_GENERALIZEDTIME_set_string(s, str);
372	0	}
373
374		int ASN1_TIME_set_string_X509(ASN1_TIME s, const char str)
375	0	{
376	0	ASN1_TIME t;
377	0	struct tm tm;
378	0	int rv = 0;
379	0
380	0	t.length = strlen(str);
381	0	t.data = (unsigned char *)str;
382	0	t.flags = ASN1_STRING_FLAG_X509_TIME;
383	0
384	0	t.type = V_ASN1_UTCTIME;
385	0
386	0	if (!ASN1_TIME_check(&t)) {
387	0	t.type = V_ASN1_GENERALIZEDTIME;
388	0	if (!ASN1_TIME_check(&t))
389	0	goto out;
390	0	}
391	0
392	0	/*
393	0	* Per RFC 5280 (section 4.1.2.5.), the valid input time
394	0	* strings should be encoded with the following rules:
395	0	*
396	0	* 1. UTC: YYMMDDHHMMSSZ, if YY < 50 (20YY) --> UTC: YYMMDDHHMMSSZ
397	0	* 2. UTC: YYMMDDHHMMSSZ, if YY >= 50 (19YY) --> UTC: YYMMDDHHMMSSZ
398	0	* 3. G'd: YYYYMMDDHHMMSSZ, if YYYY >= 2050 --> G'd: YYYYMMDDHHMMSSZ
399	0	* 4. G'd: YYYYMMDDHHMMSSZ, if YYYY < 2050 --> UTC: YYMMDDHHMMSSZ
400	0	*
401	0	* Only strings of the 4th rule should be reformatted, but since a
402	0	* UTC can only present [1950, 2050), so if the given time string
403	0	* is less than 1950 (e.g. 19230419000000Z), we do nothing...
404	0	*/
405	0
406	0	if (s != NULL && t.type == V_ASN1_GENERALIZEDTIME) {
407	0	if (!asn1_time_to_tm(&tm, &t))
408	0	goto out;
409	0	if (is_utc(tm.tm_year)) {
410	0	t.length -= 2;
411	0	/*
412	0	* it's OK to let original t.data go since that's assigned
413	0	* to a piece of memory allocated outside of this function.
414	0	* new t.data would be freed after ASN1_STRING_copy is done.
415	0	*/
416	0	t.data = OPENSSL_zalloc(t.length + 1);
417	0	if (t.data == NULL)
418	0	goto out;
419	0	memcpy(t.data, str + 2, t.length);
420	0	t.type = V_ASN1_UTCTIME;
421	0	}
422	0	}
423	0
424	0	if (s == NULL \|\| ASN1_STRING_copy((ASN1_STRING )s, (ASN1_STRING )&t))
425	0	rv = 1;
426	0
427	0	if (t.data != (unsigned char *)str)
428	0	OPENSSL_free(t.data);
429	0	out:
430	0	return rv;
431	0	}
432
433		int ASN1_TIME_to_tm(const ASN1_TIME s, struct tm tm)
434	0	{
435	0	if (s == NULL) {
436	0	time_t now_t;
437	0
438	0	time(&now_t);
439	0	memset(tm, 0, sizeof(*tm));
440	0	if (OPENSSL_gmtime(&now_t, tm) != NULL)
441	0	return 1;
442	0	return 0;
443	0	}
444	0
445	0	return asn1_time_to_tm(tm, s);
446	0	}
447
448		int ASN1_TIME_diff(int pday, int psec,
449		const ASN1_TIME from, const ASN1_TIME to)
450	0	{
451	0	struct tm tm_from, tm_to;
452	0
453	0	if (!ASN1_TIME_to_tm(from, &tm_from))
454	0	return 0;
455	0	if (!ASN1_TIME_to_tm(to, &tm_to))
456	0	return 0;
457	0	return OPENSSL_gmtime_diff(pday, psec, &tm_from, &tm_to);
458	0	}
459
460		static const char _asn1_mon[12][4] = {
461		"Jan", "Feb", "Mar", "Apr", "May", "Jun",
462		"Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
463		};
464
465		int ASN1_TIME_print(BIO bp, const ASN1_TIME tm)
466	0	{
467	0	char *v;
468	0	int gmt = 0, l;
469	0	struct tm stm;
470	0
471	0	if (!asn1_time_to_tm(&stm, tm)) {
472	0	/* asn1_time_to_tm will check the time type */
473	0	goto err;
474	0	}
475	0
476	0	l = tm->length;
477	0	v = (char *)tm->data;
478	0	if (v[l - 1] == 'Z')
479	0	gmt = 1;
480	0
481	0	if (tm->type == V_ASN1_GENERALIZEDTIME) {
482	0	char *f = NULL;
483	0	int f_len = 0;
484	0
485	0	/*
486	0	* Try to parse fractional seconds. '14' is the place of
487	0	* 'fraction point' in a GeneralizedTime string.
488	0	*/
489	0	if (tm->length > 15 && v[14] == '.') {
490	0	f = &v[14];
491	0	f_len = 1;
492	0	while (14 + f_len < l && ossl_isdigit(f[f_len]))
493	0	++f_len;
494	0	}
495	0
496	0	return BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s",
497	0	_asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour,
498	0	stm.tm_min, stm.tm_sec, f_len, f, stm.tm_year + 1900,
499	0	(gmt ? " GMT" : "")) > 0;
500	0	} else {
501	0	return BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s",
502	0	_asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour,
503	0	stm.tm_min, stm.tm_sec, stm.tm_year + 1900,
504	0	(gmt ? " GMT" : "")) > 0;
505	0	}
506	0	err:
507	0	BIO_write(bp, "Bad time value", 14);
508	0	return 0;
509	0	}
510
511		int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t)
512	0	{
513	0	struct tm stm, ttm;
514	0	int day, sec;
515	0
516	0	if (!ASN1_TIME_to_tm(s, &stm))
517	0	return -2;
518	0
519	0	if (!OPENSSL_gmtime(&t, &ttm))
520	0	return -2;
521	0
522	0	if (!OPENSSL_gmtime_diff(&day, &sec, &ttm, &stm))
523	0	return -2;
524	0
525	0	if (day > 0 \|\| sec > 0)
526	0	return 1;
527	0	if (day < 0 \|\| sec < 0)
528	0	return -1;
529	0	return 0;
530	0	}
531
532		int ASN1_TIME_normalize(ASN1_TIME *t)
533	0	{
534	0	struct tm tm;
535	0
536	0	if (!ASN1_TIME_to_tm(t, &tm))
537	0	return 0;
538	0
539	0	return asn1_time_from_tm(t, &tm, V_ASN1_UNDEF) != NULL;
540	0	}
541
542		int ASN1_TIME_compare(const ASN1_TIME a, const ASN1_TIME b)
543	0	{
544	0	int day, sec;
545	0
546	0	if (!ASN1_TIME_diff(&day, &sec, b, a))
547	0	return -2;
548	0	if (day > 0 \|\| sec > 0)
549	0	return 1;
550	0	if (day < 0 \|\| sec < 0)
551	0	return -1;
552	0	return 0;
553	0	}