2 * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * This is an implementation of the ASN1 Time structure which is:
14 * generalTime GeneralizedTime }
19 #include "internal/cryptlib.h"
20 #include <openssl/asn1t.h>
21 #include "asn1_locl.h"
23 IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME)
25 IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME)
27 static int leap_year(const int year)
29 if (year % 400 == 0 || (year % 100 != 0 && year % 4 == 0))
34 int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d)
36 static const int min[9] = { 0, 0, 1, 1, 0, 0, 0, 0, 0 };
37 static const int max[9] = { 99, 99, 12, 31, 23, 59, 59, 12, 59 };
38 static const int mdays[12] = { 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 };
40 int n, i, i2, l, o, min_l = 11, strict = 0, end = 6, btz = 5, md;
44 * ASN1_STRING_FLAG_X509_TIME is used to enforce RFC 5280
45 * time string format, in which:
47 * 1. "seconds" is a 'MUST'
48 * 2. "Zulu" timezone is a 'MUST'
49 * 3. "+|-" is not allowed to indicate a time zone
51 if (d->type == V_ASN1_UTCTIME) {
52 if (d->flags & ASN1_STRING_FLAG_X509_TIME) {
56 } else if (d->type == V_ASN1_GENERALIZEDTIME) {
59 if (d->flags & ASN1_STRING_FLAG_X509_TIME) {
72 memset(&tmp, 0, sizeof(tmp));
75 * GENERALIZEDTIME is similar to UTCTIME except the year is represented
76 * as YYYY. This stuff treats everything as a two digit field so make
77 * first two fields 00 to 99
82 for (i = 0; i < end; i++) {
83 if (!strict && (i == btz) && ((a[o] == 'Z') || (a[o] == '+') || (a[o] == '-'))) {
87 if ((a[o] < '0') || (a[o] > '9'))
90 /* incomplete 2-digital number */
94 if ((a[o] < '0') || (a[o] > '9'))
96 n = (n * 10) + a[o] - '0';
97 /* no more bytes to read, but we haven't seen time-zone yet */
101 i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i;
103 if ((n < min[i2]) || (n > max[i2]))
107 /* UTC will never be here */
108 tmp.tm_year = n * 100 - 1900;
111 if (d->type == V_ASN1_UTCTIME)
112 tmp.tm_year = n < 50 ? n + 100 : n;
120 /* check if tm_mday is valid in tm_mon */
121 if (tmp.tm_mon == 1) {
123 md = mdays[1] + leap_year(tmp.tm_year + 1900);
125 md = mdays[tmp.tm_mon];
144 * Optional fractional seconds: decimal point followed by one or more
147 if (d->type == V_ASN1_GENERALIZEDTIME && a[o] == '.') {
149 /* RFC 5280 forbids fractional seconds */
154 while ((o < l) && (a[o] >= '0') && (a[o] <= '9'))
156 /* Must have at least one digit after decimal point */
159 /* no more bytes to read, but we haven't seen time-zone yet */
165 * 'o' will never point to '\0' at this point, the only chance
166 * 'o' can point to '\0' is either the subsequent if or the first
171 } else if (!strict && ((a[o] == '+') || (a[o] == '-'))) {
172 int offsign = a[o] == '-' ? 1 : -1;
177 * if not equal, no need to do subsequent checks
178 * since the following for-loop will add 'o' by 4
179 * and the final return statement will check if 'l'
184 for (i = end; i < end + 2; i++) {
185 if ((a[o] < '0') || (a[o] > '9'))
189 if ((a[o] < '0') || (a[o] > '9'))
191 n = (n * 10) + a[o] - '0';
192 i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i;
193 if ((n < min[i2]) || (n > max[i2]))
195 /* if tm is NULL, no need to adjust */
199 else if (i == end + 1)
204 if (offset && !OPENSSL_gmtime_adj(&tmp, 0, offset * offsign))
207 /* not Z, or not +/- in non-strict mode */
211 /* success, check if tm should be filled */
220 ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
222 return ASN1_TIME_adj(s, t, 0, 0);
225 ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t,
226 int offset_day, long offset_sec)
231 ts = OPENSSL_gmtime(&t, &data);
233 ASN1err(ASN1_F_ASN1_TIME_ADJ, ASN1_R_ERROR_GETTING_TIME);
236 if (offset_day || offset_sec) {
237 if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
240 if ((ts->tm_year >= 50) && (ts->tm_year < 150))
241 return ASN1_UTCTIME_adj(s, t, offset_day, offset_sec);
242 return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, offset_sec);
245 int ASN1_TIME_check(const ASN1_TIME *t)
247 if (t->type == V_ASN1_GENERALIZEDTIME)
248 return ASN1_GENERALIZEDTIME_check(t);
249 else if (t->type == V_ASN1_UTCTIME)
250 return ASN1_UTCTIME_check(t);
254 /* Convert an ASN1_TIME structure to GeneralizedTime */
255 ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t,
256 ASN1_GENERALIZEDTIME **out)
258 ASN1_GENERALIZEDTIME *ret = NULL;
261 if (!ASN1_TIME_check(t))
264 if (out == NULL || *out == NULL) {
265 if ((ret = ASN1_GENERALIZEDTIME_new()) == NULL)
270 /* If already GeneralizedTime just copy across */
271 if (t->type == V_ASN1_GENERALIZEDTIME) {
272 if (!ASN1_STRING_set(ret, t->data, t->length))
278 * Grow the string by two bytes.
279 * The actual allocation is t->length + 3 to include a terminator byte.
281 if (!ASN1_STRING_set(ret, NULL, t->length + 2))
283 str = (char *)ret->data;
284 /* Work out the century and prepend */
285 memcpy(str, t->data[0] >= '5' ? "19" : "20", 2);
287 * t->length + 1 is the size of the data and the allocated buffer has
288 * this much space after the first two characters.
290 OPENSSL_strlcpy(str + 2, (const char *)t->data, t->length + 1);
293 if (out != NULL && *out == NULL)
298 if (out == NULL || *out != ret)
299 ASN1_GENERALIZEDTIME_free(ret);
303 int ASN1_TIME_set_string(ASN1_TIME *s, const char *str)
307 t.length = strlen(str);
308 t.data = (unsigned char *)str;
311 t.type = V_ASN1_UTCTIME;
313 if (!ASN1_TIME_check(&t)) {
314 t.type = V_ASN1_GENERALIZEDTIME;
315 if (!ASN1_TIME_check(&t))
319 if (s && !ASN1_STRING_copy((ASN1_STRING *)s, (ASN1_STRING *)&t))
325 int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str)
331 t.length = strlen(str);
332 t.data = (unsigned char *)str;
333 t.flags = ASN1_STRING_FLAG_X509_TIME;
335 t.type = V_ASN1_UTCTIME;
337 if (!ASN1_TIME_check(&t)) {
338 t.type = V_ASN1_GENERALIZEDTIME;
339 if (!ASN1_TIME_check(&t))
344 * Per RFC 5280 (section 4.1.2.5.), the valid input time
345 * strings should be encoded with the following rules:
347 * 1. UTC: YYMMDDHHMMSSZ, if YY < 50 (20YY) --> UTC: YYMMDDHHMMSSZ
348 * 2. UTC: YYMMDDHHMMSSZ, if YY >= 50 (19YY) --> UTC: YYMMDDHHMMSSZ
349 * 3. G'd: YYYYMMDDHHMMSSZ, if YYYY >= 2050 --> G'd: YYYYMMDDHHMMSSZ
350 * 4. G'd: YYYYMMDDHHMMSSZ, if YYYY < 2050 --> UTC: YYMMDDHHMMSSZ
352 * Only strings of the 4th rule should be reformatted, but since a
353 * UTC can only present [1950, 2050), so if the given time string
354 * is less than 1950 (e.g. 19230419000000Z), we do nothing...
357 if (s != NULL && t.type == V_ASN1_GENERALIZEDTIME) {
358 if (!asn1_time_to_tm(&tm, &t))
360 if (tm.tm_year >= 50 && tm.tm_year < 150) {
363 * it's OK to let original t.data go since that's assigned
364 * to a piece of memory allocated outside of this function.
365 * new t.data would be freed after ASN1_STRING_copy is done.
367 t.data = OPENSSL_zalloc(t.length + 1);
370 memcpy(t.data, str + 2, t.length);
371 t.type = V_ASN1_UTCTIME;
375 if (s == NULL || ASN1_STRING_copy((ASN1_STRING *)s, (ASN1_STRING *)&t))
378 if (t.data != (unsigned char *)str)
379 OPENSSL_free(t.data);
384 int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm)
390 memset(tm, 0, sizeof(*tm));
391 if (OPENSSL_gmtime(&now_t, tm))
396 return asn1_time_to_tm(tm, s);
399 int ASN1_TIME_diff(int *pday, int *psec,
400 const ASN1_TIME *from, const ASN1_TIME *to)
402 struct tm tm_from, tm_to;
404 if (!ASN1_TIME_to_tm(from, &tm_from))
406 if (!ASN1_TIME_to_tm(to, &tm_to))
408 return OPENSSL_gmtime_diff(pday, psec, &tm_from, &tm_to);
411 int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm)
413 if (tm->type == V_ASN1_UTCTIME)
414 return ASN1_UTCTIME_print(bp, tm);
415 if (tm->type == V_ASN1_GENERALIZEDTIME)
416 return ASN1_GENERALIZEDTIME_print(bp, tm);
417 BIO_write(bp, "Bad time value", 14);