/* $OpenBSD: a_time_tm.c,v 1.42 2024/05/03 18:33:27 tb Exp $ */ /* * Copyright (c) 2015 Bob Beck * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include #include #include #include "bytestring.h" #include "asn1_local.h" #define RFC5280 0 #define GENTIME_LENGTH 15 #define UTCTIME_LENGTH 13 int ASN1_time_tm_cmp(struct tm *tm1, struct tm *tm2) { if (tm1->tm_year < tm2->tm_year) return -1; if (tm1->tm_year > tm2->tm_year) return 1; if (tm1->tm_mon < tm2->tm_mon) return -1; if (tm1->tm_mon > tm2->tm_mon) return 1; if (tm1->tm_mday < tm2->tm_mday) return -1; if (tm1->tm_mday > tm2->tm_mday) return 1; if (tm1->tm_hour < tm2->tm_hour) return -1; if (tm1->tm_hour > tm2->tm_hour) return 1; if (tm1->tm_min < tm2->tm_min) return -1; if (tm1->tm_min > tm2->tm_min) return 1; if (tm1->tm_sec < tm2->tm_sec) return -1; if (tm1->tm_sec > tm2->tm_sec) return 1; return 0; } int ASN1_time_tm_clamp_notafter(struct tm *tm) { #ifdef SMALL_TIME_T struct tm broken_os_epoch_tm; time_t broken_os_epoch_time = INT_MAX; if (!asn1_time_time_t_to_tm(&broken_os_epoch_time, &broken_os_epoch_tm)) return 0; if (ASN1_time_tm_cmp(tm, &broken_os_epoch_tm) == 1) memcpy(tm, &broken_os_epoch_tm, sizeof(*tm)); #endif return 1; } /* Convert time to GeneralizedTime, X.690, 11.7. */ static int tm_to_gentime(struct tm *tm, ASN1_TIME *atime) { char *time_str = NULL; if (tm->tm_year < -1900 || tm->tm_year > 9999 - 1900) { ASN1error(ASN1_R_ILLEGAL_TIME_VALUE); return 0; } if (asprintf(&time_str, "%04u%02u%02u%02u%02u%02uZ", tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, tm->tm_hour, tm->tm_min, tm->tm_sec) == -1) { ASN1error(ERR_R_MALLOC_FAILURE); return 0; } free(atime->data); atime->data = time_str; atime->length = GENTIME_LENGTH; atime->type = V_ASN1_GENERALIZEDTIME; return 1; } /* Convert time to UTCTime, X.690, 11.8. */ static int tm_to_utctime(struct tm *tm, ASN1_TIME *atime) { char *time_str = NULL; if (tm->tm_year >= 150 || tm->tm_year < 50) { ASN1error(ASN1_R_ILLEGAL_TIME_VALUE); return 0; } if (asprintf(&time_str, "%02u%02u%02u%02u%02u%02uZ", tm->tm_year % 100, tm->tm_mon + 1, tm->tm_mday, tm->tm_hour, tm->tm_min, tm->tm_sec) == -1) { ASN1error(ERR_R_MALLOC_FAILURE); return 0; } free(atime->data); atime->data = time_str; atime->length = UTCTIME_LENGTH; atime->type = V_ASN1_UTCTIME; return 1; } static int tm_to_rfc5280_time(struct tm *tm, ASN1_TIME *atime) { if (tm->tm_year >= 50 && tm->tm_year < 150) return tm_to_utctime(tm, atime); return tm_to_gentime(tm, atime); } static int cbs_get_two_digit_value(CBS *cbs, int *out) { uint8_t first_digit, second_digit; if (!CBS_get_u8(cbs, &first_digit)) return 0; if (!isdigit(first_digit)) return 0; if (!CBS_get_u8(cbs, &second_digit)) return 0; if (!isdigit(second_digit)) return 0; *out = (first_digit - '0') * 10 + (second_digit - '0'); return 1; } static int is_valid_day(int year, int month, int day) { if (day < 1) return 0; switch (month) { case 1: case 3: case 5: case 7: case 8: case 10: case 12: return day <= 31; case 4: case 6: case 9: case 11: return day <= 30; case 2: if ((year % 4 == 0 && year % 100 != 0) || year % 400 == 0) return day <= 29; else return day <= 28; default: return 0; } } /* * asn1_time_parse_cbs returns one if |cbs| is a valid DER-encoded, ASN.1 Time * body within the limitations imposed by RFC 5280, or zero otherwise. The time * is expected to parse as a Generalized Time if is_gentime is true, and as a * UTC Time otherwise. If |out_tm| is non-NULL, |*out_tm| will be zeroed, and * then set to the corresponding time in UTC. This function does not compute * |out_tm->tm_wday| or |out_tm->tm_yday|. |cbs| is not consumed. */ int asn1_time_parse_cbs(const CBS *cbs, int is_gentime, struct tm *out_tm) { int year, month, day, hour, min, sec, val; CBS copy; uint8_t tz; CBS_dup(cbs, ©); if (is_gentime) { if (!cbs_get_two_digit_value(©, &val)) return 0; year = val * 100; if (!cbs_get_two_digit_value(©, &val)) return 0; year += val; } else { year = 1900; if (!cbs_get_two_digit_value(©, &val)) return 0; year += val; if (year < 1950) year += 100; if (year >= 2050) return 0; /* A Generalized time must be used. */ } if (!cbs_get_two_digit_value(©, &month)) return 0; if (month < 1 || month > 12) return 0; /* Reject invalid months. */ if (!cbs_get_two_digit_value(©, &day)) return 0; if (!is_valid_day(year, month, day)) return 0; /* Reject invalid days. */ if (!cbs_get_two_digit_value(©, &hour)) return 0; if (hour > 23) return 0; /* Reject invalid hours. */ if (!cbs_get_two_digit_value(©, &min)) return 0; if (min > 59) return 0; /* Reject invalid minutes. */ if (!cbs_get_two_digit_value(©, &sec)) return 0; if (sec > 59) return 0; /* Reject invalid seconds. Leap seconds are invalid. */ if (!CBS_get_u8(©, &tz)) return 0; if (tz != 'Z') return 0; /* Reject anything but Z on the end. */ if (CBS_len(©) != 0) return 0; /* Reject invalid lengths. */ if (out_tm != NULL) { memset(out_tm, 0, sizeof(*out_tm)); /* Fill in the tm fields corresponding to what we validated. */ out_tm->tm_year = year - 1900; out_tm->tm_mon = month - 1; out_tm->tm_mday = day; out_tm->tm_hour = hour; out_tm->tm_min = min; out_tm->tm_sec = sec; } return 1; } /* * Parse an RFC 5280 format ASN.1 time string. * * mode must be: * 0 if we expect to parse a time as specified in RFC 5280 for an X509 object. * V_ASN1_UTCTIME if we wish to parse an RFC5280 format UTC time. * V_ASN1_GENERALIZEDTIME if we wish to parse an RFC5280 format Generalized time. * * Returns: * -1 if the string was invalid. * V_ASN1_UTCTIME if the string validated as a UTC time string. * V_ASN1_GENERALIZEDTIME if the string validated as a Generalized time string. * * Fills in *tm with the corresponding time if tm is non NULL. */ int ASN1_time_parse(const char *bytes, size_t len, struct tm *tm, int mode) { int type = 0; CBS cbs; if (bytes == NULL) return -1; CBS_init(&cbs, bytes, len); if (CBS_len(&cbs) == UTCTIME_LENGTH) type = V_ASN1_UTCTIME; if (CBS_len(&cbs) == GENTIME_LENGTH) type = V_ASN1_GENERALIZEDTIME; if (asn1_time_parse_cbs(&cbs, type == V_ASN1_GENERALIZEDTIME, tm)) { if (mode != 0 && mode != type) return -1; return type; } return -1; } /* * ASN1_TIME generic functions. */ static int ASN1_TIME_set_string_internal(ASN1_TIME *s, const char *str, int mode) { struct tm tm; if (ASN1_time_parse(str, strlen(str), &tm, mode) == -1) return 0; /* Only check str's format, as documented. */ if (s == NULL) return 1; switch (mode) { case V_ASN1_UTCTIME: return tm_to_utctime(&tm, s); case V_ASN1_GENERALIZEDTIME: return tm_to_gentime(&tm, s); case RFC5280: return tm_to_rfc5280_time(&tm, s); default: return 0; } } static ASN1_TIME * ASN1_TIME_adj_internal(ASN1_TIME *s, time_t t, int offset_day, long offset_sec, int mode) { ASN1_TIME *atime = s; struct tm tm; if (!asn1_time_time_t_to_tm(&t, &tm)) goto err; if (offset_day != 0 || offset_sec != 0) { if (!OPENSSL_gmtime_adj(&tm, offset_day, offset_sec)) goto err; } if (atime == NULL) atime = ASN1_TIME_new(); if (atime == NULL) goto err; switch (mode) { case V_ASN1_UTCTIME: if (!tm_to_utctime(&tm, atime)) goto err; break; case V_ASN1_GENERALIZEDTIME: if (!tm_to_gentime(&tm, atime)) goto err; break; case RFC5280: if (!tm_to_rfc5280_time(&tm, atime)) goto err; break; default: goto err; } return atime; err: if (atime != s) ASN1_TIME_free(atime); return NULL; } ASN1_TIME * ASN1_TIME_set(ASN1_TIME *s, time_t t) { return ASN1_TIME_adj(s, t, 0, 0); } LCRYPTO_ALIAS(ASN1_TIME_set); ASN1_TIME * ASN1_TIME_adj(ASN1_TIME *s, time_t t, int offset_day, long offset_sec) { return ASN1_TIME_adj_internal(s, t, offset_day, offset_sec, RFC5280); } LCRYPTO_ALIAS(ASN1_TIME_adj); int ASN1_TIME_check(const ASN1_TIME *t) { if (t->type != V_ASN1_GENERALIZEDTIME && t->type != V_ASN1_UTCTIME) return 0; return t->type == ASN1_time_parse(t->data, t->length, NULL, t->type); } LCRYPTO_ALIAS(ASN1_TIME_check); ASN1_GENERALIZEDTIME * ASN1_TIME_to_generalizedtime(const ASN1_TIME *t, ASN1_GENERALIZEDTIME **out) { ASN1_GENERALIZEDTIME *agt = NULL; struct tm tm; if (t->type != V_ASN1_GENERALIZEDTIME && t->type != V_ASN1_UTCTIME) goto err; if (t->type != ASN1_time_parse(t->data, t->length, &tm, t->type)) goto err; if (out == NULL || (agt = *out) == NULL) agt = ASN1_TIME_new(); if (agt == NULL) goto err; if (!tm_to_gentime(&tm, agt)) goto err; if (out != NULL) *out = agt; return agt; err: if (out == NULL || *out != agt) ASN1_TIME_free(agt); return NULL; } LCRYPTO_ALIAS(ASN1_TIME_to_generalizedtime); int ASN1_TIME_set_string(ASN1_TIME *s, const char *str) { return ASN1_TIME_set_string_internal(s, str, RFC5280); } LCRYPTO_ALIAS(ASN1_TIME_set_string); static int ASN1_TIME_cmp_time_t_internal(const ASN1_TIME *s, time_t t2, int mode) { struct tm tm1, tm2; /* * This function has never handled failure conditions properly * The OpenSSL version used to simply follow NULL pointers on failure. * BoringSSL and OpenSSL now make it return -2 on failure. * * The danger is that users of this function will not differentiate the * -2 failure case from s < t2. Callers must be careful. Sadly this is * one of those pervasive things from OpenSSL we must continue with. */ if (ASN1_time_parse(s->data, s->length, &tm1, mode) == -1) return -2; if (!asn1_time_time_t_to_tm(&t2, &tm2)) return -2; return ASN1_time_tm_cmp(&tm1, &tm2); } int ASN1_TIME_compare(const ASN1_TIME *t1, const ASN1_TIME *t2) { struct tm tm1, tm2; if (t1->type != V_ASN1_UTCTIME && t1->type != V_ASN1_GENERALIZEDTIME) return -2; if (t2->type != V_ASN1_UTCTIME && t2->type != V_ASN1_GENERALIZEDTIME) return -2; if (ASN1_time_parse(t1->data, t1->length, &tm1, t1->type) == -1) return -2; if (ASN1_time_parse(t2->data, t2->length, &tm2, t2->type) == -1) return -2; return ASN1_time_tm_cmp(&tm1, &tm2); } LCRYPTO_ALIAS(ASN1_TIME_compare); int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t) { if (s->type == V_ASN1_UTCTIME) return ASN1_TIME_cmp_time_t_internal(s, t, V_ASN1_UTCTIME); if (s->type == V_ASN1_GENERALIZEDTIME) return ASN1_TIME_cmp_time_t_internal(s, t, V_ASN1_GENERALIZEDTIME); return -2; } LCRYPTO_ALIAS(ASN1_TIME_cmp_time_t); /* * ASN1_UTCTIME wrappers */ int ASN1_UTCTIME_check(const ASN1_UTCTIME *d) { if (d->type != V_ASN1_UTCTIME) return 0; return d->type == ASN1_time_parse(d->data, d->length, NULL, d->type); } LCRYPTO_ALIAS(ASN1_UTCTIME_check); int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str) { if (s != NULL && s->type != V_ASN1_UTCTIME) return 0; return ASN1_TIME_set_string_internal(s, str, V_ASN1_UTCTIME); } LCRYPTO_ALIAS(ASN1_UTCTIME_set_string); ASN1_UTCTIME * ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t) { return ASN1_UTCTIME_adj(s, t, 0, 0); } LCRYPTO_ALIAS(ASN1_UTCTIME_set); ASN1_UTCTIME * ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, int offset_day, long offset_sec) { return ASN1_TIME_adj_internal(s, t, offset_day, offset_sec, V_ASN1_UTCTIME); } LCRYPTO_ALIAS(ASN1_UTCTIME_adj); int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t) { if (s->type == V_ASN1_UTCTIME) return ASN1_TIME_cmp_time_t_internal(s, t, V_ASN1_UTCTIME); return -2; } LCRYPTO_ALIAS(ASN1_UTCTIME_cmp_time_t); /* * ASN1_GENERALIZEDTIME wrappers */ int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *d) { if (d->type != V_ASN1_GENERALIZEDTIME) return 0; return d->type == ASN1_time_parse(d->data, d->length, NULL, d->type); } LCRYPTO_ALIAS(ASN1_GENERALIZEDTIME_check); int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str) { if (s != NULL && s->type != V_ASN1_GENERALIZEDTIME) return 0; return ASN1_TIME_set_string_internal(s, str, V_ASN1_GENERALIZEDTIME); } LCRYPTO_ALIAS(ASN1_GENERALIZEDTIME_set_string); ASN1_GENERALIZEDTIME * ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, time_t t) { return ASN1_GENERALIZEDTIME_adj(s, t, 0, 0); } LCRYPTO_ALIAS(ASN1_GENERALIZEDTIME_set); ASN1_GENERALIZEDTIME * ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, time_t t, int offset_day, long offset_sec) { return ASN1_TIME_adj_internal(s, t, offset_day, offset_sec, V_ASN1_GENERALIZEDTIME); } LCRYPTO_ALIAS(ASN1_GENERALIZEDTIME_adj); int ASN1_TIME_normalize(ASN1_TIME *t) { struct tm tm; if (t == NULL) return 0; if (!ASN1_TIME_to_tm(t, &tm)) return 0; return tm_to_rfc5280_time(&tm, t); } LCRYPTO_ALIAS(ASN1_TIME_normalize); int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str) { return ASN1_TIME_set_string_internal(s, str, RFC5280); } LCRYPTO_ALIAS(ASN1_TIME_set_string_X509);