diff options
| -rw-r--r-- | crypto/asn1/a_gentm.c | 57 | ||||
| -rw-r--r-- | crypto/asn1/a_object.c | 3 | ||||
| -rw-r--r-- | crypto/asn1/a_time.c | 187 | ||||
| -rw-r--r-- | crypto/asn1/a_utctm.c | 68 | ||||
| -rw-r--r-- | crypto/asn1/asn1_locl.h | 2 | ||||
| -rw-r--r-- | doc/man3/ASN1_TIME_set.pod | 154 | ||||
| -rw-r--r-- | include/openssl/asn1.h | 4 | ||||
| -rw-r--r-- | test/asn1_time_test.c | 296 | ||||
| -rw-r--r-- | test/build.info | 5 | ||||
| -rw-r--r-- | test/recipes/90-test_asn1_time.t | 12 | ||||
| -rw-r--r-- | test/time_offset_test.c | 5 | ||||
| -rw-r--r-- | util/libcrypto.num | 3 |
12 files changed, 597 insertions, 199 deletions
diff --git a/crypto/asn1/a_gentm.c b/crypto/asn1/a_gentm.c index 8547e226ba..4e2e815d27 100644 --- a/crypto/asn1/a_gentm.c +++ b/crypto/asn1/a_gentm.c @@ -13,10 +13,12 @@ #include <stdio.h> #include <time.h> +#include <ctype.h> #include "internal/cryptlib.h" #include <openssl/asn1.h> #include "asn1_locl.h" +/* This is the primary function used to parse ASN1_GENERALIZEDTIME */ int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d) { /* wrapper around asn1_time_to_tm */ @@ -39,15 +41,13 @@ int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str) t.data = (unsigned char *)str; t.flags = 0; - if (ASN1_GENERALIZEDTIME_check(&t)) { - if (s != NULL) { - if (!ASN1_STRING_set((ASN1_STRING *)s, str, t.length)) - return 0; - s->type = V_ASN1_GENERALIZEDTIME; - } - return 1; - } - return 0; + if (!ASN1_GENERALIZEDTIME_check(&t)) + return 0; + + if (s != NULL && !ASN1_STRING_copy(s, &t)) + return 0; + + return 1; } ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, @@ -60,52 +60,19 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, time_t t, int offset_day, long offset_sec) { - char *p; struct tm *ts; struct tm data; - const size_t len = 20; - ASN1_GENERALIZEDTIME *tmps = NULL; - - if (s == NULL) - tmps = ASN1_GENERALIZEDTIME_new(); - else - tmps = s; - if (tmps == NULL) - return NULL; ts = OPENSSL_gmtime(&t, &data); if (ts == NULL) - goto err; + return NULL; if (offset_day || offset_sec) { if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec)) - goto err; - } - - p = (char *)tmps->data; - if ((p == NULL) || ((size_t)tmps->length < len)) { - p = OPENSSL_malloc(len); - if (p == NULL) { - ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_ADJ, ERR_R_MALLOC_FAILURE); - goto err; - } - OPENSSL_free(tmps->data); - tmps->data = (unsigned char *)p; + return NULL; } - tmps->length = BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ", - ts->tm_year + 1900, ts->tm_mon + 1, - ts->tm_mday, ts->tm_hour, ts->tm_min, - ts->tm_sec); - tmps->type = V_ASN1_GENERALIZEDTIME; -#ifdef CHARSET_EBCDIC_not - ebcdic2ascii(tmps->data, tmps->data, tmps->length); -#endif - return tmps; - err: - if (s == NULL) - ASN1_GENERALIZEDTIME_free(tmps); - return NULL; + return asn1_time_from_tm(s, ts, V_ASN1_GENERALIZEDTIME); } int ASN1_GENERALIZEDTIME_print(BIO *bp, const ASN1_GENERALIZEDTIME *tm) diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c index 79f0ecd2a8..5ae56a24ea 100644 --- a/crypto/asn1/a_object.c +++ b/crypto/asn1/a_object.c @@ -9,6 +9,7 @@ #include <stdio.h> #include <limits.h> +#include <ctype.h> #include "internal/cryptlib.h" #include <openssl/buffer.h> #include <openssl/asn1.h> @@ -84,7 +85,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) c = *(p++); if ((c == ' ') || (c == '.')) break; - if ((c < '0') || (c > '9')) { + if (!isdigit(c)) { ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_INVALID_DIGIT); goto err; } diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c index b85f91760a..507292b76e 100644 --- a/crypto/asn1/a_time.c +++ b/crypto/asn1/a_time.c @@ -16,6 +16,7 @@ #include <stdio.h> #include <time.h> +#include <ctype.h> #include "internal/cryptlib.h" #include <openssl/asn1t.h> #include "asn1_locl.h" @@ -24,6 +25,13 @@ IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME) IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME) +static int is_utc(const int year) +{ + if (50 <= year && year <= 149) + return 1; + return 0; +} + static int leap_year(const int year) { if (year % 400 == 0 || (year % 100 != 0 && year % 4 == 0)) @@ -116,14 +124,14 @@ int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d) i++; break; } - if ((a[o] < '0') || (a[o] > '9')) + if (!isdigit(a[o])) goto err; n = a[o] - '0'; /* incomplete 2-digital number */ if (++o == l) goto err; - if ((a[o] < '0') || (a[o] > '9')) + if (!isdigit(a[o])) goto err; n = (n * 10) + a[o] - '0'; /* no more bytes to read, but we haven't seen time-zone yet */ @@ -184,7 +192,7 @@ int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d) if (++o == l) goto err; i = o; - while ((o < l) && (a[o] >= '0') && (a[o] <= '9')) + while ((o < l) && isdigit(a[o])) o++; /* Must have at least one digit after decimal point */ if (i == o) @@ -215,11 +223,11 @@ int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d) if (o + 4 != l) goto err; for (i = end; i < end + 2; i++) { - if ((a[o] < '0') || (a[o] > '9')) + if (!isdigit(a[o])) goto err; n = a[o] - '0'; o++; - if ((a[o] < '0') || (a[o] > '9')) + if (!isdigit(a[o])) goto err; n = (n * 10) + a[o] - '0'; i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i; @@ -250,6 +258,58 @@ int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d) return 0; } +ASN1_TIME *asn1_time_from_tm(ASN1_TIME *s, struct tm *ts, int type) +{ + char* p; + ASN1_TIME *tmps = NULL; + const size_t len = 20; + + if (type == V_ASN1_UNDEF) { + if (is_utc(ts->tm_year)) + type = V_ASN1_UTCTIME; + else + type = V_ASN1_GENERALIZEDTIME; + } else if (type == V_ASN1_UTCTIME) { + if (!is_utc(ts->tm_year)) + goto err; + } else if (type != V_ASN1_GENERALIZEDTIME) { + goto err; + } + + if (s == NULL) + tmps = ASN1_STRING_new(); + else + tmps = s; + if (tmps == NULL) + return NULL; + + if (!ASN1_STRING_set(tmps, NULL, len)) + goto err; + + tmps->type = type; + p = (char*)tmps->data; + + if (type == V_ASN1_GENERALIZEDTIME) + tmps->length = BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ", + ts->tm_year + 1900, ts->tm_mon + 1, + ts->tm_mday, ts->tm_hour, ts->tm_min, + ts->tm_sec); + else + tmps->length = BIO_snprintf(p, len, "%02d%02d%02d%02d%02d%02dZ", + ts->tm_year % 100, ts->tm_mon + 1, + ts->tm_mday, ts->tm_hour, ts->tm_min, + ts->tm_sec); + +#ifdef CHARSET_EBCDIC_not + ebcdic2ascii(tmps->data, tmps->data, tmps->length); +#endif + return tmps; + err: + if (tmps != s) + ASN1_STRING_free(tmps); + return NULL; +} + ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t) { return ASN1_TIME_adj(s, t, 0, 0); @@ -270,9 +330,7 @@ ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec)) return NULL; } - if ((ts->tm_year >= 50) && (ts->tm_year < 150)) - return ASN1_UTCTIME_adj(s, t, offset_day, offset_sec); - return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, offset_sec); + return asn1_time_from_tm(s, ts, V_ASN1_UNDEF); } int ASN1_TIME_check(const ASN1_TIME *t) @@ -289,71 +347,28 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t, ASN1_GENERALIZEDTIME **out) { ASN1_GENERALIZEDTIME *ret = NULL; - char *str; + struct tm tm; - if (!ASN1_TIME_check(t)) + if (!ASN1_TIME_to_tm(t, &tm)) return NULL; - if (out == NULL || *out == NULL) { - if ((ret = ASN1_GENERALIZEDTIME_new()) == NULL) - goto err; - } else { + if (out != NULL) ret = *out; - } - /* If already GeneralizedTime just copy across */ - if (t->type == V_ASN1_GENERALIZEDTIME) { - if (!ASN1_STRING_set(ret, t->data, t->length)) - goto err; - goto done; - } + ret = asn1_time_from_tm(ret, &tm, V_ASN1_GENERALIZEDTIME); - /* - * Grow the string by two bytes. - * The actual allocation is t->length + 3 to include a terminator byte. - */ - if (!ASN1_STRING_set(ret, NULL, t->length + 2)) - goto err; - str = (char *)ret->data; - /* Work out the century and prepend */ - memcpy(str, t->data[0] >= '5' ? "19" : "20", 2); - /* - * t->length + 1 is the size of the data and the allocated buffer has - * this much space after the first two characters. - */ - OPENSSL_strlcpy(str + 2, (const char *)t->data, t->length + 1); + if (out != NULL && ret != NULL) + *out = ret; - done: - if (out != NULL && *out == NULL) - *out = ret; - return ret; - - err: - if (out == NULL || *out != ret) - ASN1_GENERALIZEDTIME_free(ret); - return NULL; + return ret; } int ASN1_TIME_set_string(ASN1_TIME *s, const char *str) { - ASN1_TIME t; - - t.length = strlen(str); - t.data = (unsigned char *)str; - t.flags = 0; - - t.type = V_ASN1_UTCTIME; - - if (!ASN1_TIME_check(&t)) { - t.type = V_ASN1_GENERALIZEDTIME; - if (!ASN1_TIME_check(&t)) - return 0; - } - - if (s != NULL && !ASN1_STRING_copy((ASN1_STRING *)s, (ASN1_STRING *)&t)) - return 0; - - return 1; + /* Try UTC, if that fails, try GENERALIZED */ + if (ASN1_UTCTIME_set_string(s, str)) + return 1; + return ASN1_GENERALIZEDTIME_set_string(s, str); } int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str) @@ -391,7 +406,7 @@ int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str) if (s != NULL && t.type == V_ASN1_GENERALIZEDTIME) { if (!asn1_time_to_tm(&tm, &t)) goto out; - if (tm.tm_year >= 50 && tm.tm_year < 150) { + if (is_utc(tm.tm_year)) { t.length -= 2; /* * it's OK to let original t.data go since that's assigned @@ -474,7 +489,7 @@ int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm) if (tm->length > 15 && v[14] == '.') { f = &v[14]; f_len = 1; - while (14 + f_len < l && f[f_len] >= '0' && f[f_len] <= '9') + while (14 + f_len < l && isdigit(f[f_len])) ++f_len; } @@ -492,3 +507,47 @@ int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm) BIO_write(bp, "Bad time value", 14); return 0; } + +int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t) +{ + struct tm stm, ttm; + int day, sec; + + if (!ASN1_TIME_to_tm(s, &stm)) + return -2; + + if (!OPENSSL_gmtime(&t, &ttm)) + return -2; + + if (!OPENSSL_gmtime_diff(&day, &sec, &ttm, &stm)) + return -2; + + if (day > 0 || sec > 0) + return 1; + if (day < 0 || sec < 0) + return -1; + return 0; +} + +int ASN1_TIME_normalize(ASN1_TIME *t) +{ + struct tm tm; + + if (!ASN1_TIME_to_tm(t, &tm)) + return 0; + + return asn1_time_from_tm(t, &tm, V_ASN1_UNDEF) != NULL; +} + +int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b) +{ + int day, sec; + + if (!ASN1_TIME_diff(&day, &sec, a, b)) + return -2; + if (day > 0 || sec > 0) + return 1; + if (day < 0 || sec < 0) + return -1; + return 0; +} diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c index 1f24508ffd..b88aa4218e 100644 --- a/crypto/asn1/a_utctm.c +++ b/crypto/asn1/a_utctm.c @@ -9,10 +9,12 @@ #include <stdio.h> #include <time.h> +#include <ctype.h> #include "internal/cryptlib.h" #include <openssl/asn1.h> #include "asn1_locl.h" +/* This is the primary function used to parse ASN1_UTCTIME */ int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d) { /* wrapper around ans1_time_to_tm */ @@ -26,6 +28,7 @@ int ASN1_UTCTIME_check(const ASN1_UTCTIME *d) return asn1_utctime_to_tm(NULL, d); } +/* Sets the string via simple copy without cleaning it up */ int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str) { ASN1_UTCTIME t; @@ -35,15 +38,13 @@ int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str) t.data = (unsigned char *)str; t.flags = 0; - if (ASN1_UTCTIME_check(&t)) { - if (s != NULL) { - if (!ASN1_STRING_set((ASN1_STRING *)s, str, t.length)) - return 0; - s->type = V_ASN1_UTCTIME; - } - return 1; - } - return 0; + if (!ASN1_UTCTIME_check(&t)) + return 0; + + if (s != NULL && !ASN1_STRING_copy(s, &t)) + return 0; + + return 1; } ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t) @@ -54,54 +55,19 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t) ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, int offset_day, long offset_sec) { - char *p; struct tm *ts; struct tm data; - const size_t len = 20; - int free_s = 0; - - if (s == NULL) { - s = ASN1_UTCTIME_new(); - if (s == NULL) - goto err; - free_s = 1; - } ts = OPENSSL_gmtime(&t, &data); if (ts == NULL) - goto err; + return NULL; if (offset_day || offset_sec) { if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec)) - goto err; - } - - if ((ts->tm_year < 50) || (ts->tm_year >= 150)) - goto err; - - p = (char *)s->data; - if ((p == NULL) || ((size_t)s->length < len)) { - p = OPENSSL_malloc(len); - if (p == NULL) { - ASN1err(ASN1_F_ASN1_UTCTIME_ADJ, ERR_R_MALLOC_FAILURE); - goto err; - } - OPENSSL_free(s->data); - s->data = (unsigned char *)p; + return NULL; } - s->length = BIO_snprintf(p, len, "%02d%02d%02d%02d%02d%02dZ", - ts->tm_year % 100, ts->tm_mon + 1, ts->tm_mday, - ts->tm_hour, ts->tm_min, ts->tm_sec); - s->type = V_ASN1_UTCTIME; -#ifdef CHARSET_EBCDIC_not - ebcdic2ascii(s->data, s->data, s->length); -#endif - return s; - err: - if (free_s) - ASN1_UTCTIME_free(s); - return NULL; + return asn1_time_from_tm(s, ts, V_ASN1_UTCTIME); } int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t) @@ -118,13 +84,9 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t) if (!OPENSSL_gmtime_diff(&day, &sec, &ttm, &stm)) return -2; - if (day > 0) - return 1; - if (day < 0) - return -1; - if (sec > 0) + if (day > 0 || sec > 0) return 1; - if (sec < 0) + if (day < 0 || sec < 0) return -1; return 0; } diff --git a/crypto/asn1/asn1_locl.h b/crypto/asn1/asn1_locl.h index cee97ab42f..35cbd8d512 100644 --- a/crypto/asn1/asn1_locl.h +++ b/crypto/asn1/asn1_locl.h @@ -78,3 +78,5 @@ ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, /* Internal functions used by x_int64.c */ int c2i_uint64_int(uint64_t *ret, int *neg, const unsigned char **pp, long len); int i2c_uint64_int(unsigned char *p, uint64_t r, int neg); + +ASN1_TIME *asn1_time_from_tm(ASN1_TIME *s, struct tm *ts, int type); diff --git a/doc/man3/ASN1_TIME_set.pod b/doc/man3/ASN1_TIME_set.pod index 2296296168..1bb5672457 100644 --- a/doc/man3/ASN1_TIME_set.pod +++ b/doc/man3/ASN1_TIME_set.pod @@ -2,41 +2,82 @@ =head1 NAME -ASN1_TIME_set, ASN1_TIME_adj, ASN1_TIME_check, -ASN1_TIME_set_string, ASN1_TIME_set_string_X509, -ASN1_TIME_print, ASN1_TIME_to_tm, ASN1_TIME_diff - ASN.1 Time functions +ASN1_TIME_set, ASN1_UTCTIME_set, ASN1_GENERALIZEDTIME_set, +ASN1_TIME_adj, ASN1_UTCTIME_adj, ASN1_GENERALIZEDTIME_adj, +ASN1_TIME_check, ASN1_UTCTIME_check, ASN1_GENERALIZEDTIME_check, +ASN1_TIME_set_string, ASN1_UTCTIME_set_string, ASN1_GENERALIZEDTIME_set_string, +ASN1_TIME_set_string_X509, +ASN1_TIME_normalize, +ASN1_TIME_to_tm, +ASN1_TIME_print, ASN1_UTCTIME_print, ASN1_GENERALIZEDTIME_print, +ASN1_TIME_diff, +ASN1_TIME_cmp_time_t, ASN1_UTCTIME_cmp_time_t, +ASN1_TIME_compare, +ASN1_TIME_to_generalizedtime - ASN.1 Time functions =head1 SYNOPSIS ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); - ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, - int offset_day, long offset_sec); + ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t); + ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, + time_t t); + + ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, int offset_day, + long offset_sec); + ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, + int offset_day, long offset_sec); + ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, + time_t t, int offset_day, + long offset_sec); + int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str); + int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str); + int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, + const char *str); + + int ASN1_TIME_normalize(ASN1_TIME *s); + int ASN1_TIME_check(const ASN1_TIME *t); + int ASN1_UTCTIME_check(const ASN1_UTCTIME *t); + int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *t); + int ASN1_TIME_print(BIO *b, const ASN1_TIME *s); + int ASN1_UTCTIME_print(BIO *b, const ASN1_UTCTIME *s); + int ASN1_GENERALIZEDTIME_print(BIO *b, const ASN1_GENERALIZEDTIME *s); + int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm); + int ASN1_TIME_diff(int *pday, int *psec, const ASN1_TIME *from, + const ASN1_TIME *to); - int ASN1_TIME_diff(int *pday, int *psec, - const ASN1_TIME *from, const ASN1_TIME *to); + int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t); + int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t); + + int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b); + + ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, + ASN1_GENERALIZEDTIME **out); =head1 DESCRIPTION -The function ASN1_TIME_set() sets the ASN1_TIME structure B<s> to the -time represented by the time_t value B<t>. If B<s> is NULL a new ASN1_TIME -structure is allocated and returned. +The ASN1_TIME_set(), ASN1_UTCTIME_set() and ASN1_GENERALIZEDTIME_set() +functions set the structure B<s> to the time represented by the time_t +value B<t>. If B<s> is NULL a new time structure is allocated and returned. -ASN1_TIME_adj() sets the ASN1_TIME structure B<s> to the time represented +The ASN1_TIME_adj(), ASN1_UTCTIME_adj() and ASN1_GENERALIZEDTIME_adj() +functions set the time structure B<s> to the time represented by the time B<offset_day> and B<offset_sec> after the time_t value B<t>. The values of B<offset_day> or B<offset_sec> can be negative to set a time before B<t>. The B<offset_sec> value can also exceed the number of -seconds in a day. If B<s> is NULL a new ASN1_TIME structure is allocated +seconds in a day. If B<s> is NULL a new structure is allocated and returned. -ASN1_TIME_set_string() sets ASN1_TIME structure B<s> to the time -represented by string B<str> which must be in appropriate ASN.1 time -format (for example YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ). If B<s> is NULL -this function performs a format check on B<str> only. +The ASN1_TIME_set_string(), ASN1_UTCTIME_set_string() and +ASN1_GENERALIZEDTIME_set_string() functions set the time structure B<s> +to the time represented by string B<str> which must be in appropriate ASN.1 +time format (for example YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ). If B<s> is NULL +this function performs a format check on B<str> only. The string B<str> +is copied into B<s>. ASN1_TIME_set_string_X509() sets ASN1_TIME structure B<s> to the time represented by string B<str> which must be in appropriate time format @@ -45,13 +86,21 @@ YYYYMMDDHHMMSSZ (leap second is rejected), all other ASN.1 time format are not allowed. If B<s> is NULL this function performs a format check on B<str> only. -ASN1_TIME_check() checks the syntax of ASN1_TIME structure B<s>. +The ASN1_TIME_normalize() function converts an ASN1_GENERALIZEDTIME or +ASN1_UTCTIME into a time value that can be used in a certificate. It +should be used after the ASN1_TIME_set_string() functions and before +ASN1_TIME_print() functions to get consistent (i.e. GMT) results. + +The ASN1_TIME_check(), ASN1_UTCTIME_check() and ASN1_GENERALIZEDTIME_check() +functions check the syntax of the time structure B<s>. -ASN1_TIME_print() prints out the time B<s> to BIO B<b> in human readable +The ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print() +functions print the time structure B<s> to BIO B<b> in human readable format. It will be of the format MMM DD HH:MM:SS YYYY [GMT], for example "Feb 3 00:55:52 2015 GMT" it does not include a newline. If the time structure has invalid format it prints out "Bad time value" and returns -an error. +an error. The output for generalized time may include a fractional part +following the second. ASN1_TIME_to_tm() converts the time B<s> to the standard B<tm> structure. If B<s> is NULL, then the current time is converted. The output time is GMT. @@ -72,6 +121,16 @@ If both B<*pday> and B<*psec> are non-zero they will always have the same sign. The value of B<*psec> will always be less than the number of seconds in a day. If B<from> or B<to> is NULL the current time is used. +The ASN1_TIME_cmp_time_t() and ASN1_UTCTIME_cmp_time_t() functions compare +the two times represented by the time structure B<s> and the time_t B<t>. + +The ASN1_TIME_compare() function compares the two times represented by the +time structures B<a> and B<b>. + +The ASN1_TIME_to_generalizedtime() function converts an ASN1_TIME to an +ASN1_GENERALIZEDTIME, regardless of year. If either B<out> or +B<*out> are NULL, then a new object is allocated and must be freed after use. + =head1 NOTES The ASN1_TIME structure corresponds to the ASN.1 structure B<Time> @@ -79,13 +138,15 @@ defined in RFC5280 et al. The time setting functions obey the rules outlined in RFC5280: if the date can be represented by UTCTime it is used, else GeneralizedTime is used. -The ASN1_TIME structure is represented as an ASN1_STRING internally and can -be freed up using ASN1_STRING_free(). +The ASN1_TIME, ASN1_UTCTIME and ASN1_GENERALIZEDTIME structures are represented +as an ASN1_STRING internally and can be freed up using ASN1_STRING_free(). The ASN1_TIME structure can represent years from 0000 to 9999 but no attempt is made to correct ancient calendar changes (for example from Julian to Gregorian calendars). +ASN1_UTCTIME is limited to a year range of 1950 through 2049. + Some applications add offset times directly to a time_t value and pass the results to ASN1_TIME_set() (or equivalent). This can cause problems as the time_t value can overflow on some systems resulting in unexpected results. @@ -93,11 +154,24 @@ New applications should use ASN1_TIME_adj() instead and pass the offset value in the B<offset_sec> and B<offset_day> parameters instead of directly manipulating a time_t value. +ASN1_TIME_adj() may change the type from ASN1_GENERALIZEDTIME to ASN1_UTCTIME, +or vise-versa, based on the resulting year. The ASN1_GENERALIZEDTIME_adj() and +ASN1_UTCTIME_adj() functions will not modify the type of the return structure. + +It is recommended that functions starting with ASN1_TIME be used instead of +those starting with ASN1_UTCTIME or ASN1_GENERALIZEDTIME. The functions +starting with ASN1_UTCTIME and ASN1_GENERALIZEDTIME act only on that specific +time format. The functions starting with ASN1_TIME will operate on either +format. + =head1 BUGS -ASN1_TIME_print() currently does not print out the time zone: it either prints -out "GMT" or nothing. But all certificates complying with RFC5280 et al use GMT -anyway. +ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print() +do not print out the time zone: it either prints out "GMT" or nothing. But all +certificates complying with RFC5280 et al use GMT anyway. + +Use the ASN1_TIME_normalize() function to normalize the time value before +printing to get GMT results. =head1 EXAMPLES @@ -133,28 +207,44 @@ Determine if one time is later or sooner than the current time: =head1 RETURN VALUES -ASN1_TIME_set() and ASN1_TIME_adj() return a pointer to an ASN1_TIME structure +ASN1_TIME_set(), ASN1_UTCTIME_set(), ASN1_GENERALIZEDTIME_set(), ASN1_TIME_adj(), +ASN1_UTCTIME_adj and ASN1_GENERALIZEDTIME_set return a pointer to a time structure or NULL if an error occurred. -ASN1_TIME_set_string() and ASN1_TIME_set_string_X509() return 1 if the time -value is successfully set and 0 otherwise. +ASN1_TIME_set_string(), ASN1_UTCTIME_set_string(), ASN1_GENERALIZEDTIME_set_string() +ASN1_TIME_set_string_X509() return 1 if the time value is successfully set and 0 otherwise. -ASN1_TIME_check() returns 1 if the structure is syntactically correct and 0 -otherwise. +ASN1_TIME_normalize() returns 1 on success, and 0 on error. -ASN1_TIME_print() returns 1 if the time is successfully printed out and 0 if -an error occurred (I/O error or invalid time format). +ASN1_TIME_check(), ASN1_UTCTIME_check and ASN1_GENERALIZEDTIME_check() return 1 +if the structure is syntactically correct and 0 otherwise. + +ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print() return 1 +if the time is successfully printed out and 0 if an error occurred (I/O error or +invalid time format). ASN1_TIME_to_tm() returns 1 if the time is successfully parsed and 0 if an error occured (invalid time format). ASN1_TIME_diff() returns 1 for success and 0 for failure. It can fail if the -pass ASN1_TIME structure has invalid syntax for example. +passed-in time structure has invalid syntax, for example. + +ASN1_TIME_cmp_time_t() and ASN1_UTCTIME_cmp_time_t() return -1 if B<s> is +before B<t>, 0 if B<s> equals B<t>, or 1 if B<s> is after B<t>. -2 is returned +on error. + +ASN1_TIME_compare() returns -1 if B<a> is before B<b>, 0 if B<a> equals B<b>, or 1 if B<a> is after B<b>. -2 is returned on error. + +ASN1_TIME_to_generalizedtime() returns a pointer to +the appropriate time structure on success or NULL if an error occurred. =head1 HISTORY The ASN1_TIME_to_tm() function was added in OpenSSL 1.1.1. The ASN1_TIME_set_string_X509() function was added in OpenSSL 1.1.1. +The ASN1_TIME_normalize() function was added in OpenSSL 1.1.1. +The ASN1_TIME_cmp_time_t() function was added in OpenSSL 1.1.1. +The ASN1_TIME_compare() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h index 60409926ad..54aa038067 100644 --- a/include/openssl/asn1.h +++ b/include/openssl/asn1.h @@ -590,6 +590,7 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, time_t t, int offset_day, long offset_sec); int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str); + int ASN1_TIME_diff(int *pday, int *psec, const ASN1_TIME *from, const ASN1_TIME *to); @@ -632,6 +633,9 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t, int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str); int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm); +int ASN1_TIME_normalize(ASN1_TIME *s); +int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t); +int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b); int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a); int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size); diff --git a/test/asn1_time_test.c b/test/asn1_time_test.c new file mode 100644 index 0000000000..184a18a5ad --- /dev/null +++ b/test/asn1_time_test.c @@ -0,0 +1,296 @@ +/* + * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Time tests for the asn1 module */ + +#include <stdio.h> +#include <string.h> + +#include <openssl/asn1.h> +#include <openssl/evp.h> +#include <openssl/objects.h> +#include "testutil.h" +#include "e_os.h" + +struct testdata { + char *data; /* TIME string value */ + int type; /* GENERALIZED OR UTC */ + int expected_type; /* expected type after set/set_string_gmt */ + int check_result; /* check result */ + time_t t; /* expected time_t*/ + int cmp_result; /* compariston to baseline result */ + int convert_result; /* convertion result */ +}; + +static struct testdata tbl_testdata_pos[] = { + { "0", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, /* Bad time */ + { "ABCD", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, + { "0ABCD", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, + { "1-700101000000Z", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, + { "`9700101000000Z", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, + { "19700101000000Z", V_ASN1_UTCTIME, V_ASN1_UTCTIME, 0, 0, 0, 0, }, + { "A00101000000Z", V_ASN1_UTCTIME, V_ASN1_UTCTIME, 0, 0, 0, 0, }, + { "A9700101000000Z", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, + { "1A700101000000Z", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, + { "19A00101000000Z", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, + { "197A0101000000Z", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, + { "1970A101000000Z", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, + { "19700A01000000Z", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, + { "197001A1000000Z", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, + { "1970010A000000Z", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, + { "19700101A00000Z", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, + { "197001010A0000Z", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, + { "1970010100A000Z", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, + { "19700101000A00Z", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, + { "197001010000A0Z", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, + { "1970010100000AZ", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, + { "700101000000X", V_ASN1_UTCTIME, V_ASN1_UTCTIME, 0, 0, 0, 0, }, + { "19700101000000X", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, + { "19700101000000Z", V_ASN1_GENERALIZEDTIME, V_ASN1_UTCTIME, 1, 0, -1, 1, }, /* Epoch begins */ + { "700101000000Z", V_ASN1_UTCTIME, V_ASN1_UTCTIME, 1, 0, -1, 1, }, /* ditto */ + { "20380119031407Z", V_ASN1_GENERALIZEDTIME, V_ASN1_UTCTIME, 1, 0x7FFFFFFF, 1, 1, }, /* Max 32bit time_t */ + { "380119031407Z", V_ASN1_UTCTIME, V_ASN1_UTCTIME, 1, 0x7FFFFFFF, 1, 1, }, + { "20 |