int ASN1_TIME_diff(int *pday, int *psec,
const ASN1_TIME *from, const ASN1_TIME *to)
{
struct tm tm_from, tm_to;
if (!asn1_time_to_tm(&tm_from, from))
return 0;
if (!asn1_time_to_tm(&tm_to, to))
return 0;
return OPENSSL_gmtime_diff(pday, psec, &tm_from, &tm_to);
}
static void CheckTime(X509 *x509, struct tm *tm_before, struct tm *tm_after, CertType type)
{
ASN1_TIME *before = X509_get_notBefore(x509);
ASN1_TIME *after = X509_get_notAfter(x509);
bool error = false;
if (!asn1_time_to_tm(before, tm_before))
{
error = true;
}
if (!asn1_time_to_tm(after, tm_after))
{
error = true;
}
if (error)
{
SetError(ERR_INVALID_TIME_FORMAT);
return;
}
if (type == SubscriberCertificate)
{
if (GetBit(cert_info, CERT_INFO_EV))
{
/* EV 9.4 */
if (IsValidLongerThan(*tm_before, *tm_after, 27))
{
SetError(ERR_EV_LONGER_27_MONTHS);
}
else if (IsValidLongerThan(*tm_before, *tm_after, 12))
{
SetWarning(WARN_EV_LONGER_12_MONTHS);
}
}
else
{
/* CAB 9.4.1 */
if (IsValidLongerThan(*tm_before, *tm_after, 60))
{
SetError(ERR_LONGER_60_MONTHS);
}
else if (IsValidLongerThan(*tm_before, *tm_after, 39))
{
SetWarning(WARN_LONGER_39_MONTHS);
}
}
}
}
/* This is the primary function used to parse ASN1_GENERALIZEDTIME */
int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d)
{
/* wrapper around asn1_time_to_tm */
if (d->type != V_ASN1_GENERALIZEDTIME)
return 0;
return asn1_time_to_tm(tm, d);
}
int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str)
{
ASN1_TIME t;
struct tm tm;
int rv = 0;
t.length = strlen(str);
t.data = (unsigned char *)str;
t.flags = ASN1_STRING_FLAG_X509_TIME;
t.type = V_ASN1_UTCTIME;
if (!ASN1_TIME_check(&t)) {
t.type = V_ASN1_GENERALIZEDTIME;
if (!ASN1_TIME_check(&t))
goto out;
}
/*
* Per RFC 5280 (section 4.1.2.5.), the valid input time
* strings should be encoded with the following rules:
*
* 1. UTC: YYMMDDHHMMSSZ, if YY < 50 (20YY) --> UTC: YYMMDDHHMMSSZ
* 2. UTC: YYMMDDHHMMSSZ, if YY >= 50 (19YY) --> UTC: YYMMDDHHMMSSZ
* 3. G'd: YYYYMMDDHHMMSSZ, if YYYY >= 2050 --> G'd: YYYYMMDDHHMMSSZ
* 4. G'd: YYYYMMDDHHMMSSZ, if YYYY < 2050 --> UTC: YYMMDDHHMMSSZ
*
* Only strings of the 4th rule should be reformatted, but since a
* UTC can only present [1950, 2050), so if the given time string
* is less than 1950 (e.g. 19230419000000Z), we do nothing...
*/
if (s != NULL && t.type == V_ASN1_GENERALIZEDTIME) {
if (!asn1_time_to_tm(&tm, &t))
goto out;
if (is_utc(tm.tm_year)) {
t.length -= 2;
/*
* it's OK to let original t.data go since that's assigned
* to a piece of memory allocated outside of this function.
* new t.data would be freed after ASN1_STRING_copy is done.
*/
t.data = OPENSSL_zalloc(t.length + 1);
if (t.data == NULL)
goto out;
memcpy(t.data, str + 2, t.length);
t.type = V_ASN1_UTCTIME;
}
}
if (s == NULL || ASN1_STRING_copy((ASN1_STRING *)s, (ASN1_STRING *)&t))
rv = 1;
if (t.data != (unsigned char *)str)
OPENSSL_free(t.data);
out:
return rv;
}
int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm)
{
if (s == NULL) {
time_t now_t;
time(&now_t);
memset(tm, 0, sizeof(*tm));
if (OPENSSL_gmtime(&now_t, tm) != NULL)
return 1;
return 0;
}
return asn1_time_to_tm(tm, s);
}
int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm)
{
char *v;
int gmt = 0, l;
struct tm stm;
if (!asn1_time_to_tm(&stm, tm)) {
/* asn1_time_to_tm will check the time type */
goto err;
}
l = tm->length;
v = (char *)tm->data;
if (v[l - 1] == 'Z')
gmt = 1;
if (tm->type == V_ASN1_GENERALIZEDTIME) {
char *f = NULL;
int f_len = 0;
/*
* Try to parse fractional seconds. '14' is the place of
* 'fraction point' in a GeneralizedTime string.
*/
if (tm->length > 15 && v[14] == '.') {
f = &v[14];
f_len = 1;
while (14 + f_len < l && ossl_isdigit(f[f_len]))
++f_len;
}
return BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s",
_asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour,
stm.tm_min, stm.tm_sec, f_len, f, stm.tm_year + 1900,
(gmt ? " GMT" : "")) > 0;
} else {
return BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s",
_asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour,
stm.tm_min, stm.tm_sec, stm.tm_year + 1900,
(gmt ? " GMT" : "")) > 0;
}
err:
BIO_write(bp, "Bad time value", 14);
return 0;
}
