1 /* Copyright (C) 1995-1998 Eric Young ([email protected])
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young ([email protected]).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson ([email protected]).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young ([email protected])"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson ([email protected])"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.] */
56
57 #include <openssl/asn1.h>
58 #include <openssl/posix_time.h>
59
60 #include <string.h>
61 #include <time.h>
62
63 #include <openssl/asn1t.h>
64 #include <openssl/bytestring.h>
65 #include <openssl/err.h>
66 #include <openssl/mem.h>
67
68 #include "internal.h"
69
70 // This is an implementation of the ASN1 Time structure which is: Time ::=
71 // CHOICE { utcTime UTCTime, generalTime GeneralizedTime } written by Steve
72 // Henson.
73
IMPLEMENT_ASN1_MSTRING(ASN1_TIME,B_ASN1_TIME)74 IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME)
75
76 IMPLEMENT_ASN1_FUNCTIONS_const(ASN1_TIME)
77
78 ASN1_TIME *ASN1_TIME_set_posix(ASN1_TIME *s, int64_t posix_time) {
79 return ASN1_TIME_adj(s, posix_time, 0, 0);
80 }
81
ASN1_TIME_set(ASN1_TIME * s,time_t time)82 ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t time) {
83 return ASN1_TIME_adj(s, time, 0, 0);
84 }
85
fits_in_utc_time(const struct tm * tm)86 static int fits_in_utc_time(const struct tm *tm) {
87 return 50 <= tm->tm_year && tm->tm_year < 150;
88 }
89
ASN1_TIME_adj(ASN1_TIME * s,int64_t posix_time,int offset_day,long offset_sec)90 ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, int64_t posix_time, int offset_day,
91 long offset_sec) {
92 struct tm tm;
93
94 if (!OPENSSL_posix_to_tm(posix_time, &tm)) {
95 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ERROR_GETTING_TIME);
96 return NULL;
97 }
98 if (offset_day || offset_sec) {
99 if (!OPENSSL_gmtime_adj(&tm, offset_day, offset_sec)) {
100 return NULL;
101 }
102 }
103 if (fits_in_utc_time(&tm)) {
104 return ASN1_UTCTIME_adj(s, posix_time, offset_day, offset_sec);
105 }
106 return ASN1_GENERALIZEDTIME_adj(s, posix_time, offset_day, offset_sec);
107 }
108
ASN1_TIME_check(const ASN1_TIME * t)109 int ASN1_TIME_check(const ASN1_TIME *t) {
110 if (t->type == V_ASN1_GENERALIZEDTIME) {
111 return ASN1_GENERALIZEDTIME_check(t);
112 } else if (t->type == V_ASN1_UTCTIME) {
113 return ASN1_UTCTIME_check(t);
114 }
115 return 0;
116 }
117
118 // Convert an ASN1_TIME structure to GeneralizedTime
ASN1_TIME_to_generalizedtime(const ASN1_TIME * t,ASN1_GENERALIZEDTIME ** out)119 ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t,
120 ASN1_GENERALIZEDTIME **out) {
121 ASN1_GENERALIZEDTIME *ret = NULL;
122 char *str;
123 int newlen;
124
125 if (!ASN1_TIME_check(t)) {
126 return NULL;
127 }
128
129 if (!out || !*out) {
130 if (!(ret = ASN1_GENERALIZEDTIME_new())) {
131 goto err;
132 }
133 } else {
134 ret = *out;
135 }
136
137 // If already GeneralizedTime just copy across
138 if (t->type == V_ASN1_GENERALIZEDTIME) {
139 if (!ASN1_STRING_set(ret, t->data, t->length)) {
140 goto err;
141 }
142 goto done;
143 }
144
145 // grow the string
146 if (!ASN1_STRING_set(ret, NULL, t->length + 2)) {
147 goto err;
148 }
149 // ASN1_STRING_set() allocated 'len + 1' bytes.
150 newlen = t->length + 2 + 1;
151 str = (char *)ret->data;
152 // Work out the century and prepend
153 if (t->data[0] >= '5') {
154 OPENSSL_strlcpy(str, "19", newlen);
155 } else {
156 OPENSSL_strlcpy(str, "20", newlen);
157 }
158
159 OPENSSL_strlcat(str, (char *)t->data, newlen);
160
161 done:
162 if (out != NULL && *out == NULL) {
163 *out = ret;
164 }
165 return ret;
166
167 err:
168 if (out == NULL || *out != ret) {
169 ASN1_GENERALIZEDTIME_free(ret);
170 }
171 return NULL;
172 }
173
ASN1_TIME_set_string(ASN1_TIME * s,const char * str)174 int ASN1_TIME_set_string(ASN1_TIME *s, const char *str) {
175 return ASN1_UTCTIME_set_string(s, str) ||
176 ASN1_GENERALIZEDTIME_set_string(s, str);
177 }
178
ASN1_TIME_set_string_X509(ASN1_TIME * s,const char * str)179 int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str) {
180 CBS cbs;
181 CBS_init(&cbs, (const uint8_t*)str, strlen(str));
182 int type;
183 struct tm tm;
184 if (CBS_parse_utc_time(&cbs, /*out_tm=*/NULL,
185 /*allow_timezone_offset=*/0)) {
186 type = V_ASN1_UTCTIME;
187 } else if (CBS_parse_generalized_time(&cbs, &tm,
188 /*allow_timezone_offset=*/0)) {
189 type = V_ASN1_GENERALIZEDTIME;
190 if (fits_in_utc_time(&tm)) {
191 type = V_ASN1_UTCTIME;
192 CBS_skip(&cbs, 2);
193 }
194 } else {
195 return 0;
196 }
197
198 if (s != NULL) {
199 if (!ASN1_STRING_set(s, CBS_data(&cbs), CBS_len(&cbs))) {
200 return 0;
201 }
202 s->type = type;
203 }
204 return 1;
205 }
206
asn1_time_to_tm(struct tm * tm,const ASN1_TIME * t,int allow_timezone_offset)207 static int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *t,
208 int allow_timezone_offset) {
209 if (t == NULL) {
210 if (OPENSSL_posix_to_tm(time(NULL), tm)) {
211 return 1;
212 }
213 return 0;
214 }
215
216 if (t->type == V_ASN1_UTCTIME) {
217 return asn1_utctime_to_tm(tm, t, allow_timezone_offset);
218 } else if (t->type == V_ASN1_GENERALIZEDTIME) {
219 return asn1_generalizedtime_to_tm(tm, t);
220 }
221
222 return 0;
223 }
224
ASN1_TIME_diff(int * out_days,int * out_seconds,const ASN1_TIME * from,const ASN1_TIME * to)225 int ASN1_TIME_diff(int *out_days, int *out_seconds, const ASN1_TIME *from,
226 const ASN1_TIME *to) {
227 struct tm tm_from, tm_to;
228 if (!asn1_time_to_tm(&tm_from, from, /*allow_timezone_offset=*/1)) {
229 return 0;
230 }
231 if (!asn1_time_to_tm(&tm_to, to, /*allow_timezone_offset=*/1)) {
232 return 0;
233 }
234 return OPENSSL_gmtime_diff(out_days, out_seconds, &tm_from, &tm_to);
235 }
236
237 // The functions below do *not* permissively allow the use of four digit
238 // timezone offsets in UTC times, as is done elsewhere in the code. They are
239 // both new API, and used internally to X509_cmp_time. This is to discourage the
240 // use of nonstandard times in new code, and to ensure that this code behaves
241 // correctly in X509_cmp_time which historically did its own time validations
242 // slightly different than the many other copies of X.509 time validation
243 // sprinkled through the codebase. The custom checks in X509_cmp_time meant that
244 // it did not allow four digit timezone offsets in UTC times.
ASN1_TIME_to_time_t(const ASN1_TIME * t,time_t * out_time)245 int ASN1_TIME_to_time_t(const ASN1_TIME *t, time_t *out_time) {
246 struct tm tm;
247 if (!asn1_time_to_tm(&tm, t, /*allow_timezone_offset=*/0)) {
248 return 0;
249 }
250 return OPENSSL_timegm(&tm, out_time);
251 }
252
ASN1_TIME_to_posix(const ASN1_TIME * t,int64_t * out_time)253 int ASN1_TIME_to_posix(const ASN1_TIME *t, int64_t *out_time) {
254 struct tm tm;
255 if (!asn1_time_to_tm(&tm, t, /*allow_timezone_offset=*/0)) {
256 return 0;
257 }
258 return OPENSSL_tm_to_posix(&tm, out_time);
259 }
260