libcrypto/asn1/a_time_tm.c

*c604ab84Stb/* $OpenBSD: a_time_tm.c,v 1.42 2024/05/03 18:33:27 tb Exp $ */
e385ad8fSbeck/*
e385ad8fSbeck * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
e385ad8fSbeck *
e385ad8fSbeck * Permission to use, copy, modify, and distribute this software for any
e385ad8fSbeck * purpose with or without fee is hereby granted, provided that the above
e385ad8fSbeck * copyright notice and this permission notice appear in all copies.
e385ad8fSbeck *
e385ad8fSbeck * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
e385ad8fSbeck * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
e385ad8fSbeck * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
e385ad8fSbeck * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
e385ad8fSbeck * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
e385ad8fSbeck * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
e385ad8fSbeck * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
e385ad8fSbeck */
5fff88f8Stb
24ddf590Sbcook#include <ctype.h>
24ddf590Sbcook#include <limits.h>
e385ad8fSbeck#include <stdio.h>
e385ad8fSbeck#include <string.h>
e385ad8fSbeck#include <time.h>
e385ad8fSbeck
e385ad8fSbeck#include <openssl/asn1t.h>
e385ad8fSbeck#include <openssl/err.h>
e385ad8fSbeck
02ba34f9Sbeck#include "bytestring.h"
c9675a23Stb#include "asn1_local.h"
e385ad8fSbeck
0b62c50aSbeck#define RFC5280 0
0b62c50aSbeck#define GENTIME_LENGTH 15
0b62c50aSbeck#define UTCTIME_LENGTH 13
0b62c50aSbeck
0b62c50aSbeckint
568923c1SjsingASN1_time_tm_cmp(struct tm *tm1, struct tm *tm2)
568923c1Sjsing{
0b62c50aSbeck	if (tm1->tm_year < tm2->tm_year)
123b2274Stb		return -1;
0b62c50aSbeck	if (tm1->tm_year > tm2->tm_year)
123b2274Stb		return 1;
0b62c50aSbeck	if (tm1->tm_mon < tm2->tm_mon)
123b2274Stb		return -1;
0b62c50aSbeck	if (tm1->tm_mon > tm2->tm_mon)
123b2274Stb		return 1;
0b62c50aSbeck	if (tm1->tm_mday < tm2->tm_mday)
123b2274Stb		return -1;
0b62c50aSbeck	if (tm1->tm_mday > tm2->tm_mday)
123b2274Stb		return 1;
0b62c50aSbeck	if (tm1->tm_hour < tm2->tm_hour)
123b2274Stb		return -1;
0b62c50aSbeck	if (tm1->tm_hour > tm2->tm_hour)
123b2274Stb		return 1;
0b62c50aSbeck	if (tm1->tm_min < tm2->tm_min)
123b2274Stb		return -1;
0b62c50aSbeck	if (tm1->tm_min > tm2->tm_min)
123b2274Stb		return 1;
0b62c50aSbeck	if (tm1->tm_sec < tm2->tm_sec)
123b2274Stb		return -1;
0b62c50aSbeck	if (tm1->tm_sec > tm2->tm_sec)
123b2274Stb		return 1;
0b62c50aSbeck	return 0;
0b62c50aSbeck}
0b62c50aSbeck
b943944fSbeckint
b943944fSbeckASN1_time_tm_clamp_notafter(struct tm *tm)
b943944fSbeck{
b943944fSbeck#ifdef SMALL_TIME_T
b943944fSbeck	struct tm broken_os_epoch_tm;
b943944fSbeck	time_t broken_os_epoch_time = INT_MAX;
b943944fSbeck
1f3c80ceStb	if (!asn1_time_time_t_to_tm(&broken_os_epoch_time, &broken_os_epoch_tm))
b943944fSbeck		return 0;
b943944fSbeck
b943944fSbeck	if (ASN1_time_tm_cmp(tm, &broken_os_epoch_tm) == 1)
b943944fSbeck		memcpy(tm, &broken_os_epoch_tm, sizeof(*tm));
b943944fSbeck#endif
b943944fSbeck	return 1;
b943944fSbeck}
b943944fSbeck
5fff88f8Stb/* Convert time to GeneralizedTime, X.690, 11.7. */
f93ff421Stbstatic int
5fff88f8Stbtm_to_gentime(struct tm *tm, ASN1_TIME *atime)
e385ad8fSbeck{
5fff88f8Stb	char *time_str = NULL;
d69e9be1Sjsing
f93ff421Stb	if (tm->tm_year < -1900 || tm->tm_year > 9999 - 1900) {
5fff88f8Stb		ASN1error(ASN1_R_ILLEGAL_TIME_VALUE);
f93ff421Stb		return 0;
e385ad8fSbeck	}
e385ad8fSbeck
f93ff421Stb	if (asprintf(&time_str, "%04u%02u%02u%02u%02u%02uZ", tm->tm_year + 1900,
f93ff421Stb	    tm->tm_mon + 1, tm->tm_mday, tm->tm_hour, tm->tm_min,
f93ff421Stb	    tm->tm_sec) == -1) {
5fff88f8Stb		ASN1error(ERR_R_MALLOC_FAILURE);
f93ff421Stb		return 0;
5fff88f8Stb	}
d69e9be1Sjsing
5fff88f8Stb	free(atime->data);
5fff88f8Stb	atime->data = time_str;
5fff88f8Stb	atime->length = GENTIME_LENGTH;
5fff88f8Stb	atime->type = V_ASN1_GENERALIZEDTIME;
5fff88f8Stb
f93ff421Stb	return 1;
e385ad8fSbeck}
e385ad8fSbeck
5fff88f8Stb/* Convert time to UTCTime, X.690, 11.8. */
f93ff421Stbstatic int
5fff88f8Stbtm_to_utctime(struct tm *tm, ASN1_TIME *atime)
0b62c50aSbeck{
5fff88f8Stb	char *time_str = NULL;
5fff88f8Stb
5fff88f8Stb	if (tm->tm_year >= 150 || tm->tm_year < 50) {
5fff88f8Stb		ASN1error(ASN1_R_ILLEGAL_TIME_VALUE);
f93ff421Stb		return 0;
5fff88f8Stb	}
5fff88f8Stb
5fff88f8Stb	if (asprintf(&time_str, "%02u%02u%02u%02u%02u%02uZ",
5fff88f8Stb	    tm->tm_year % 100,  tm->tm_mon + 1, tm->tm_mday,
5fff88f8Stb	    tm->tm_hour, tm->tm_min, tm->tm_sec) == -1) {
5fff88f8Stb		ASN1error(ERR_R_MALLOC_FAILURE);
f93ff421Stb		return 0;
5fff88f8Stb	}
5fff88f8Stb
5fff88f8Stb	free(atime->data);
5fff88f8Stb	atime->data = time_str;
5fff88f8Stb	atime->length = UTCTIME_LENGTH;
5fff88f8Stb	atime->type = V_ASN1_UTCTIME;
5fff88f8Stb
f93ff421Stb	return 1;
5fff88f8Stb}
5fff88f8Stb
f93ff421Stbstatic int
5fff88f8Stbtm_to_rfc5280_time(struct tm *tm, ASN1_TIME *atime)
5fff88f8Stb{
72c7c57aSbeck	if (tm->tm_year >= 50 && tm->tm_year < 150)
123b2274Stb		return tm_to_utctime(tm, atime);
0b62c50aSbeck
123b2274Stb	return tm_to_gentime(tm, atime);
0b62c50aSbeck}
0b62c50aSbeck
02ba34f9Sbeck
02ba34f9Sbeckstatic int
02ba34f9Sbeckcbs_get_two_digit_value(CBS *cbs, int *out)
02ba34f9Sbeck{
02ba34f9Sbeck	uint8_t first_digit, second_digit;
02ba34f9Sbeck
02ba34f9Sbeck	if (!CBS_get_u8(cbs, &first_digit))
02ba34f9Sbeck		return 0;
02ba34f9Sbeck	if (!isdigit(first_digit))
02ba34f9Sbeck		return 0;
02ba34f9Sbeck	if (!CBS_get_u8(cbs, &second_digit))
02ba34f9Sbeck		return 0;
02ba34f9Sbeck	if (!isdigit(second_digit))
02ba34f9Sbeck		return 0;
02ba34f9Sbeck
02ba34f9Sbeck	*out = (first_digit - '0') * 10 + (second_digit - '0');
02ba34f9Sbeck
02ba34f9Sbeck	return 1;
02ba34f9Sbeck}
02ba34f9Sbeck
02ba34f9Sbeckstatic int
02ba34f9Sbeckis_valid_day(int year, int month, int day)
02ba34f9Sbeck{
02ba34f9Sbeck	if (day < 1)
02ba34f9Sbeck		return 0;
02ba34f9Sbeck	switch (month) {
02ba34f9Sbeck	case 1:
02ba34f9Sbeck	case 3:
02ba34f9Sbeck	case 5:
02ba34f9Sbeck	case 7:
02ba34f9Sbeck	case 8:
02ba34f9Sbeck	case 10:
02ba34f9Sbeck	case 12:
02ba34f9Sbeck		return day <= 31;
02ba34f9Sbeck	case 4:
02ba34f9Sbeck	case 6:
02ba34f9Sbeck	case 9:
02ba34f9Sbeck	case 11:
02ba34f9Sbeck		return day <= 30;
02ba34f9Sbeck	case 2:
02ba34f9Sbeck		if ((year % 4 == 0 && year % 100 != 0) || year % 400 == 0)
02ba34f9Sbeck			return day <= 29;
02ba34f9Sbeck		 else
02ba34f9Sbeck			return day <= 28;
02ba34f9Sbeck	default:
02ba34f9Sbeck		return 0;
02ba34f9Sbeck	}
02ba34f9Sbeck}
02ba34f9Sbeck
02ba34f9Sbeck/*
02ba34f9Sbeck * asn1_time_parse_cbs returns one if |cbs| is a valid DER-encoded, ASN.1 Time
02ba34f9Sbeck * body within the limitations imposed by RFC 5280, or zero otherwise. The time
02ba34f9Sbeck * is expected to parse as a Generalized Time if is_gentime is true, and as a
02ba34f9Sbeck * UTC Time otherwise. If |out_tm| is non-NULL, |*out_tm| will be zeroed, and
02ba34f9Sbeck * then set to the corresponding time in UTC. This function does not compute
02ba34f9Sbeck * |out_tm->tm_wday| or |out_tm->tm_yday|. |cbs| is not consumed.
02ba34f9Sbeck */
02ba34f9Sbeckint
02ba34f9Sbeckasn1_time_parse_cbs(const CBS *cbs, int is_gentime, struct tm *out_tm)
02ba34f9Sbeck{
02ba34f9Sbeck	int year, month, day, hour, min, sec, val;
02ba34f9Sbeck	CBS copy;
02ba34f9Sbeck	uint8_t tz;
02ba34f9Sbeck
02ba34f9Sbeck	CBS_dup(cbs, &copy);
02ba34f9Sbeck
02ba34f9Sbeck	if (is_gentime) {
02ba34f9Sbeck		if (!cbs_get_two_digit_value(&copy, &val))
02ba34f9Sbeck			return 0;
02ba34f9Sbeck		year = val * 100;
02ba34f9Sbeck		if (!cbs_get_two_digit_value(&copy, &val))
02ba34f9Sbeck			return 0;
02ba34f9Sbeck		year += val;
02ba34f9Sbeck	} else {
02ba34f9Sbeck		year = 1900;
02ba34f9Sbeck		if (!cbs_get_two_digit_value(&copy, &val))
02ba34f9Sbeck			return 0;
02ba34f9Sbeck		year += val;
02ba34f9Sbeck		if (year < 1950)
02ba34f9Sbeck			year += 100;
02ba34f9Sbeck		if (year >= 2050)
02ba34f9Sbeck			return 0;  /* A Generalized time must be used. */
02ba34f9Sbeck	}
02ba34f9Sbeck
02ba34f9Sbeck	if (!cbs_get_two_digit_value(&copy, &month))
02ba34f9Sbeck		return 0;
02ba34f9Sbeck	if (month < 1 || month > 12)
02ba34f9Sbeck		return 0; /* Reject invalid months. */
02ba34f9Sbeck
02ba34f9Sbeck	if (!cbs_get_two_digit_value(&copy, &day))
02ba34f9Sbeck		return 0;
02ba34f9Sbeck	if (!is_valid_day(year, month, day))
02ba34f9Sbeck		return 0; /* Reject invalid days. */
02ba34f9Sbeck
02ba34f9Sbeck	if (!cbs_get_two_digit_value(&copy, &hour))
02ba34f9Sbeck		return 0;
02ba34f9Sbeck	if (hour > 23)
02ba34f9Sbeck		return 0; /* Reject invalid hours. */
02ba34f9Sbeck
02ba34f9Sbeck	if (!cbs_get_two_digit_value(&copy, &min))
02ba34f9Sbeck		return 0;
02ba34f9Sbeck	if (min > 59)
02ba34f9Sbeck		return 0; /* Reject invalid minutes. */
02ba34f9Sbeck
02ba34f9Sbeck	if (!cbs_get_two_digit_value(&copy, &sec))
02ba34f9Sbeck		return 0;
02ba34f9Sbeck	if (sec > 59)
02ba34f9Sbeck		return 0; /* Reject invalid seconds. Leap seconds are invalid. */
02ba34f9Sbeck
02ba34f9Sbeck	if (!CBS_get_u8(&copy, &tz))
02ba34f9Sbeck		return 0;
02ba34f9Sbeck	if (tz != 'Z')
02ba34f9Sbeck		return 0; /* Reject anything but Z on the end. */
02ba34f9Sbeck
02ba34f9Sbeck	if (CBS_len(&copy) != 0)
02ba34f9Sbeck		return 0;  /* Reject invalid lengths. */
02ba34f9Sbeck
02ba34f9Sbeck	if (out_tm != NULL) {
02ba34f9Sbeck		memset(out_tm, 0, sizeof(*out_tm));
02ba34f9Sbeck		/* Fill in the tm fields corresponding to what we validated. */
02ba34f9Sbeck		out_tm->tm_year = year - 1900;
02ba34f9Sbeck		out_tm->tm_mon = month - 1;
02ba34f9Sbeck		out_tm->tm_mday = day;
02ba34f9Sbeck		out_tm->tm_hour = hour;
02ba34f9Sbeck		out_tm->tm_min = min;
02ba34f9Sbeck		out_tm->tm_sec = sec;
02ba34f9Sbeck	}
02ba34f9Sbeck
02ba34f9Sbeck	return 1;
02ba34f9Sbeck}
02ba34f9Sbeck
e385ad8fSbeck/*
0b62c50aSbeck * Parse an RFC 5280 format ASN.1 time string.
e385ad8fSbeck *
e385ad8fSbeck * mode must be:
e07eb418Sbeck * 0 if we expect to parse a time as specified in RFC 5280 for an X509 object.
e07eb418Sbeck * V_ASN1_UTCTIME if we wish to parse an RFC5280 format UTC time.
0b62c50aSbeck * V_ASN1_GENERALIZEDTIME if we wish to parse an RFC5280 format Generalized time.
e385ad8fSbeck *
e385ad8fSbeck * Returns:
e385ad8fSbeck * -1 if the string was invalid.
e385ad8fSbeck * V_ASN1_UTCTIME if the string validated as a UTC time string.
e385ad8fSbeck * V_ASN1_GENERALIZEDTIME if the string validated as a Generalized time string.
e385ad8fSbeck *
e385ad8fSbeck * Fills in *tm with the corresponding time if tm is non NULL.
e385ad8fSbeck */
d69e9be1Sjsingint
e07eb418SbeckASN1_time_parse(const char *bytes, size_t len, struct tm *tm, int mode)
e385ad8fSbeck{
e9d68136Sbeck	int type = 0;
02ba34f9Sbeck	CBS cbs;
e385ad8fSbeck
e385ad8fSbeck	if (bytes == NULL)
123b2274Stb		return -1;
e385ad8fSbeck
02ba34f9Sbeck	CBS_init(&cbs, bytes, len);
d69e9be1Sjsing
02ba34f9Sbeck	if (CBS_len(&cbs) == UTCTIME_LENGTH)
e385ad8fSbeck		type = V_ASN1_UTCTIME;
02ba34f9Sbeck	if (CBS_len(&cbs) == GENTIME_LENGTH)
02ba34f9Sbeck		type = V_ASN1_GENERALIZEDTIME;
4b23cd33Stb	if (asn1_time_parse_cbs(&cbs, type == V_ASN1_GENERALIZEDTIME, tm)) {
02ba34f9Sbeck		if (mode != 0 && mode != type)
02ba34f9Sbeck			return -1;
02ba34f9Sbeck		return type;
e385ad8fSbeck	}
e385ad8fSbeck
02ba34f9Sbeck	return -1;
d69e9be1Sjsing}
e385ad8fSbeck
0b62c50aSbeck/*
0b62c50aSbeck * ASN1_TIME generic functions.
0b62c50aSbeck */
e385ad8fSbeck
0b62c50aSbeckstatic int
0b62c50aSbeckASN1_TIME_set_string_internal(ASN1_TIME *s, const char *str, int mode)
0b62c50aSbeck{
72c7c57aSbeck	struct tm tm;
d69e9be1Sjsing
59caaba4Stb	if (ASN1_time_parse(str, strlen(str), &tm, mode) == -1)
123b2274Stb		return 0;
40a2c71eStb
40a2c71eStb	/* Only check str's format, as documented. */
40a2c71eStb	if (s == NULL)
40a2c71eStb		return 1;
40a2c71eStb
72c7c57aSbeck	switch (mode) {
72c7c57aSbeck	case V_ASN1_UTCTIME:
59caaba4Stb		return tm_to_utctime(&tm, s);
72c7c57aSbeck	case V_ASN1_GENERALIZEDTIME:
59caaba4Stb		return tm_to_gentime(&tm, s);
72c7c57aSbeck	case RFC5280:
123b2274Stb		return tm_to_rfc5280_time(&tm, s);
72c7c57aSbeck	default:
123b2274Stb		return 0;
72c7c57aSbeck	}
e385ad8fSbeck}
0b62c50aSbeck
0b62c50aSbeckstatic ASN1_TIME *
0b62c50aSbeckASN1_TIME_adj_internal(ASN1_TIME *s, time_t t, int offset_day, long offset_sec,
0b62c50aSbeck    int mode)
0b62c50aSbeck{
f93ff421Stb	ASN1_TIME *atime = s;
0b62c50aSbeck	struct tm tm;
0b62c50aSbeck
9b176146Sbeck	if (!asn1_time_time_t_to_tm(&t, &tm))
f93ff421Stb		goto err;
0b62c50aSbeck
5fff88f8Stb	if (offset_day != 0 || offset_sec != 0) {
0b62c50aSbeck		if (!OPENSSL_gmtime_adj(&tm, offset_day, offset_sec))
f93ff421Stb			goto err;
0b62c50aSbeck	}
0b62c50aSbeck
f93ff421Stb	if (atime == NULL)
f93ff421Stb		atime = ASN1_TIME_new();
f93ff421Stb	if (atime == NULL)
f93ff421Stb		goto err;
f93ff421Stb
0b62c50aSbeck	switch (mode) {
0b62c50aSbeck	case V_ASN1_UTCTIME:
f93ff421Stb		if (!tm_to_utctime(&tm, atime))
f93ff421Stb			goto err;
f93ff421Stb		break;
0b62c50aSbeck	case V_ASN1_GENERALIZEDTIME:
f93ff421Stb		if (!tm_to_gentime(&tm, atime))
f93ff421Stb			goto err;
f93ff421Stb		break;
0b62c50aSbeck	case RFC5280:
f93ff421Stb		if (!tm_to_rfc5280_time(&tm, atime))
f93ff421Stb			goto err;
f93ff421Stb		break;
0b62c50aSbeck	default:
f93ff421Stb		goto err;
0b62c50aSbeck	}
f93ff421Stb
f93ff421Stb	return atime;
f93ff421Stb
f93ff421Stb err:
f93ff421Stb	if (atime != s)
f93ff421Stb		ASN1_TIME_free(atime);
f93ff421Stb
f93ff421Stb	return NULL;
0b62c50aSbeck}
0b62c50aSbeck
0b62c50aSbeckASN1_TIME *
0b62c50aSbeckASN1_TIME_set(ASN1_TIME *s, time_t t)
0b62c50aSbeck{
123b2274Stb	return ASN1_TIME_adj(s, t, 0, 0);
0b62c50aSbeck}
acf64401SbeckLCRYPTO_ALIAS(ASN1_TIME_set);
0b62c50aSbeck
0b62c50aSbeckASN1_TIME *
0b62c50aSbeckASN1_TIME_adj(ASN1_TIME *s, time_t t, int offset_day, long offset_sec)
0b62c50aSbeck{
123b2274Stb	return ASN1_TIME_adj_internal(s, t, offset_day, offset_sec, RFC5280);
0b62c50aSbeck}
acf64401SbeckLCRYPTO_ALIAS(ASN1_TIME_adj);
0b62c50aSbeck
0b62c50aSbeckint
9b3891c7StbASN1_TIME_check(const ASN1_TIME *t)
0b62c50aSbeck{
0b62c50aSbeck	if (t->type != V_ASN1_GENERALIZEDTIME && t->type != V_ASN1_UTCTIME)
123b2274Stb		return 0;
123b2274Stb	return t->type == ASN1_time_parse(t->data, t->length, NULL, t->type);
0b62c50aSbeck}
acf64401SbeckLCRYPTO_ALIAS(ASN1_TIME_check);
0b62c50aSbeck
0b62c50aSbeckASN1_GENERALIZEDTIME *
9b3891c7StbASN1_TIME_to_generalizedtime(const ASN1_TIME *t, ASN1_GENERALIZEDTIME **out)
0b62c50aSbeck{
5fff88f8Stb	ASN1_GENERALIZEDTIME *agt = NULL;
0b62c50aSbeck	struct tm tm;
0b62c50aSbeck
0b62c50aSbeck	if (t->type != V_ASN1_GENERALIZEDTIME && t->type != V_ASN1_UTCTIME)
f93ff421Stb		goto err;
0b62c50aSbeck
e07eb418Sbeck	if (t->type != ASN1_time_parse(t->data, t->length, &tm, t->type))
f93ff421Stb		goto err;
0b62c50aSbeck
f93ff421Stb	if (out == NULL || (agt = *out) == NULL)
f93ff421Stb		agt = ASN1_TIME_new();
f93ff421Stb	if (agt == NULL)
f93ff421Stb		goto err;
f93ff421Stb
f93ff421Stb	if (!tm_to_gentime(&tm, agt))
f93ff421Stb		goto err;
f93ff421Stb
0b62c50aSbeck	if (out != NULL)
5fff88f8Stb		*out = agt;
0b62c50aSbeck
f93ff421Stb	return agt;
f93ff421Stb
f93ff421Stb err:
f93ff421Stb	if (out == NULL || *out != agt)
f93ff421Stb		ASN1_TIME_free(agt);
f93ff421Stb
f93ff421Stb	return NULL;
0b62c50aSbeck}
acf64401SbeckLCRYPTO_ALIAS(ASN1_TIME_to_generalizedtime);
0b62c50aSbeck
0b62c50aSbeckint
0b62c50aSbeckASN1_TIME_set_string(ASN1_TIME *s, const char *str)
0b62c50aSbeck{
123b2274Stb	return ASN1_TIME_set_string_internal(s, str, RFC5280);
0b62c50aSbeck}
acf64401SbeckLCRYPTO_ALIAS(ASN1_TIME_set_string);
0b62c50aSbeck
b680683fSbeckstatic int
b680683fSbeckASN1_TIME_cmp_time_t_internal(const ASN1_TIME *s, time_t t2, int mode)
b680683fSbeck{
b680683fSbeck	struct tm tm1, tm2;
b680683fSbeck
b680683fSbeck	/*
b680683fSbeck	 * This function has never handled failure conditions properly
b680683fSbeck	 * The OpenSSL version used to simply follow NULL pointers on failure.
b680683fSbeck	 * BoringSSL and OpenSSL now make it return -2 on failure.
b680683fSbeck	 *
b680683fSbeck	 * The danger is that users of this function will not differentiate the
b680683fSbeck	 * -2 failure case from s < t2. Callers must be careful. Sadly this is
b680683fSbeck	 * one of those pervasive things from OpenSSL we must continue with.
b680683fSbeck	 */
b680683fSbeck
b680683fSbeck	if (ASN1_time_parse(s->data, s->length, &tm1, mode) == -1)
b680683fSbeck		return -2;
b680683fSbeck
9b176146Sbeck	if (!asn1_time_time_t_to_tm(&t2, &tm2))
b680683fSbeck		return -2;
b680683fSbeck
b680683fSbeck	return ASN1_time_tm_cmp(&tm1, &tm2);
b680683fSbeck}
b680683fSbeck
b680683fSbeckint
b680683fSbeckASN1_TIME_compare(const ASN1_TIME *t1, const ASN1_TIME *t2)
b680683fSbeck{
b680683fSbeck	struct tm tm1, tm2;
b680683fSbeck
b680683fSbeck	if (t1->type != V_ASN1_UTCTIME && t1->type != V_ASN1_GENERALIZEDTIME)
b680683fSbeck		return -2;
b680683fSbeck
b680683fSbeck	if (t2->type != V_ASN1_UTCTIME && t2->type != V_ASN1_GENERALIZEDTIME)
b680683fSbeck		return -2;
b680683fSbeck
b680683fSbeck	if (ASN1_time_parse(t1->data, t1->length, &tm1, t1->type) == -1)
b680683fSbeck		return -2;
b680683fSbeck
d30837c1Stb	if (ASN1_time_parse(t2->data, t2->length, &tm2, t2->type) == -1)
b680683fSbeck		return -2;
b680683fSbeck
b680683fSbeck	return ASN1_time_tm_cmp(&tm1, &tm2);
b680683fSbeck}
acf64401SbeckLCRYPTO_ALIAS(ASN1_TIME_compare);
b680683fSbeck
b680683fSbeckint
b680683fSbeckASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t)
b680683fSbeck{
b680683fSbeck	if (s->type == V_ASN1_UTCTIME)
b680683fSbeck		return ASN1_TIME_cmp_time_t_internal(s, t, V_ASN1_UTCTIME);
b680683fSbeck	if (s->type == V_ASN1_GENERALIZEDTIME)
b680683fSbeck		return ASN1_TIME_cmp_time_t_internal(s, t,
b680683fSbeck		    V_ASN1_GENERALIZEDTIME);
b680683fSbeck	return -2;
b680683fSbeck}
acf64401SbeckLCRYPTO_ALIAS(ASN1_TIME_cmp_time_t);
b680683fSbeck
0b62c50aSbeck/*
0b62c50aSbeck * ASN1_UTCTIME wrappers
0b62c50aSbeck */
0b62c50aSbeck
0b62c50aSbeckint
9b3891c7StbASN1_UTCTIME_check(const ASN1_UTCTIME *d)
0b62c50aSbeck{
0b62c50aSbeck	if (d->type != V_ASN1_UTCTIME)
123b2274Stb		return 0;
123b2274Stb	return d->type == ASN1_time_parse(d->data, d->length, NULL, d->type);
0b62c50aSbeck}
acf64401SbeckLCRYPTO_ALIAS(ASN1_UTCTIME_check);
0b62c50aSbeck
0b62c50aSbeckint
0b62c50aSbeckASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str)
0b62c50aSbeck{
c1736878Sjsing	if (s != NULL && s->type != V_ASN1_UTCTIME)
123b2274Stb		return 0;
123b2274Stb	return ASN1_TIME_set_string_internal(s, str, V_ASN1_UTCTIME);
0b62c50aSbeck}
acf64401SbeckLCRYPTO_ALIAS(ASN1_UTCTIME_set_string);
0b62c50aSbeck
0b62c50aSbeckASN1_UTCTIME *
0b62c50aSbeckASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
0b62c50aSbeck{
123b2274Stb	return ASN1_UTCTIME_adj(s, t, 0, 0);
0b62c50aSbeck}
acf64401SbeckLCRYPTO_ALIAS(ASN1_UTCTIME_set);
0b62c50aSbeck
0b62c50aSbeckASN1_UTCTIME *
0b62c50aSbeckASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, int offset_day, long offset_sec)
0b62c50aSbeck{
123b2274Stb	return ASN1_TIME_adj_internal(s, t, offset_day, offset_sec,
123b2274Stb	    V_ASN1_UTCTIME);
0b62c50aSbeck}
acf64401SbeckLCRYPTO_ALIAS(ASN1_UTCTIME_adj);
0b62c50aSbeck
0b62c50aSbeckint
b680683fSbeckASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
0b62c50aSbeck{
b680683fSbeck	if (s->type == V_ASN1_UTCTIME)
b680683fSbeck		return ASN1_TIME_cmp_time_t_internal(s, t, V_ASN1_UTCTIME);
b680683fSbeck	return -2;
0b62c50aSbeck}
b4712960SbeckLCRYPTO_ALIAS(ASN1_UTCTIME_cmp_time_t);
0b62c50aSbeck
0b62c50aSbeck/*
0b62c50aSbeck * ASN1_GENERALIZEDTIME wrappers
0b62c50aSbeck */
0b62c50aSbeck
0b62c50aSbeckint
9b3891c7StbASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *d)
0b62c50aSbeck{
0b62c50aSbeck	if (d->type != V_ASN1_GENERALIZEDTIME)
123b2274Stb		return 0;
123b2274Stb	return d->type == ASN1_time_parse(d->data, d->length, NULL, d->type);
0b62c50aSbeck}
acf64401SbeckLCRYPTO_ALIAS(ASN1_GENERALIZEDTIME_check);
0b62c50aSbeck
0b62c50aSbeckint
0b62c50aSbeckASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str)
0b62c50aSbeck{
c1736878Sjsing	if (s != NULL && s->type != V_ASN1_GENERALIZEDTIME)
123b2274Stb		return 0;
123b2274Stb	return ASN1_TIME_set_string_internal(s, str, V_ASN1_GENERALIZEDTIME);
0b62c50aSbeck}
acf64401SbeckLCRYPTO_ALIAS(ASN1_GENERALIZEDTIME_set_string);
0b62c50aSbeck
0b62c50aSbeckASN1_GENERALIZEDTIME *
0b62c50aSbeckASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, time_t t)
0b62c50aSbeck{
123b2274Stb	return ASN1_GENERALIZEDTIME_adj(s, t, 0, 0);
0b62c50aSbeck}
acf64401SbeckLCRYPTO_ALIAS(ASN1_GENERALIZEDTIME_set);
0b62c50aSbeck
0b62c50aSbeckASN1_GENERALIZEDTIME *
0b62c50aSbeckASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, time_t t, int offset_day,
0b62c50aSbeck    long offset_sec)
0b62c50aSbeck{
123b2274Stb	return ASN1_TIME_adj_internal(s, t, offset_day, offset_sec,
123b2274Stb	    V_ASN1_GENERALIZEDTIME);
0b62c50aSbeck}
acf64401SbeckLCRYPTO_ALIAS(ASN1_GENERALIZEDTIME_adj);
b680683fSbeck
b680683fSbeckint
b680683fSbeckASN1_TIME_normalize(ASN1_TIME *t)
b680683fSbeck{
b680683fSbeck	struct tm tm;
b680683fSbeck
4ee6c374Sjob	if (t == NULL)
4ee6c374Sjob		return 0;
b680683fSbeck	if (!ASN1_TIME_to_tm(t, &tm))
b680683fSbeck		return 0;
f93ff421Stb	return tm_to_rfc5280_time(&tm, t);
b680683fSbeck}
acf64401SbeckLCRYPTO_ALIAS(ASN1_TIME_normalize);
b680683fSbeck
b680683fSbeckint
5c2a185eStbASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str)
b680683fSbeck{
b680683fSbeck	return ASN1_TIME_set_string_internal(s, str, RFC5280);
b680683fSbeck}
acf64401SbeckLCRYPTO_ALIAS(ASN1_TIME_set_string_X509);