From eb8dd9dca1228af0cd132f515509051ecfabf6f6 Mon Sep 17 00:00:00 2001 From: cvs2svn Date: Mon, 14 Apr 2025 17:32:06 +0000 Subject: This commit was manufactured by cvs2git to create tag 'tb_20250414'. --- src/lib/libcrypto/asn1/a_time_tm.c | 607 ------------------------------------- 1 file changed, 607 deletions(-) delete mode 100644 src/lib/libcrypto/asn1/a_time_tm.c (limited to 'src/lib/libcrypto/asn1/a_time_tm.c') diff --git a/src/lib/libcrypto/asn1/a_time_tm.c b/src/lib/libcrypto/asn1/a_time_tm.c deleted file mode 100644 index a1f329be96..0000000000 --- a/src/lib/libcrypto/asn1/a_time_tm.c +++ /dev/null @@ -1,607 +0,0 @@ -/* $OpenBSD: a_time_tm.c,v 1.42 2024/05/03 18:33:27 tb Exp $ */ -/* - * Copyright (c) 2015 Bob Beck - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include -#include -#include -#include -#include - -#include -#include - -#include "bytestring.h" -#include "asn1_local.h" - -#define RFC5280 0 -#define GENTIME_LENGTH 15 -#define UTCTIME_LENGTH 13 - -int -ASN1_time_tm_cmp(struct tm *tm1, struct tm *tm2) -{ - if (tm1->tm_year < tm2->tm_year) - return -1; - if (tm1->tm_year > tm2->tm_year) - return 1; - if (tm1->tm_mon < tm2->tm_mon) - return -1; - if (tm1->tm_mon > tm2->tm_mon) - return 1; - if (tm1->tm_mday < tm2->tm_mday) - return -1; - if (tm1->tm_mday > tm2->tm_mday) - return 1; - if (tm1->tm_hour < tm2->tm_hour) - return -1; - if (tm1->tm_hour > tm2->tm_hour) - return 1; - if (tm1->tm_min < tm2->tm_min) - return -1; - if (tm1->tm_min > tm2->tm_min) - return 1; - if (tm1->tm_sec < tm2->tm_sec) - return -1; - if (tm1->tm_sec > tm2->tm_sec) - return 1; - return 0; -} - -int -ASN1_time_tm_clamp_notafter(struct tm *tm) -{ -#ifdef SMALL_TIME_T - struct tm broken_os_epoch_tm; - time_t broken_os_epoch_time = INT_MAX; - - if (!asn1_time_time_t_to_tm(&broken_os_epoch_time, &broken_os_epoch_tm)) - return 0; - - if (ASN1_time_tm_cmp(tm, &broken_os_epoch_tm) == 1) - memcpy(tm, &broken_os_epoch_tm, sizeof(*tm)); -#endif - return 1; -} - -/* Convert time to GeneralizedTime, X.690, 11.7. */ -static int -tm_to_gentime(struct tm *tm, ASN1_TIME *atime) -{ - char *time_str = NULL; - - if (tm->tm_year < -1900 || tm->tm_year > 9999 - 1900) { - ASN1error(ASN1_R_ILLEGAL_TIME_VALUE); - return 0; - } - - if (asprintf(&time_str, "%04u%02u%02u%02u%02u%02uZ", tm->tm_year + 1900, - tm->tm_mon + 1, tm->tm_mday, tm->tm_hour, tm->tm_min, - tm->tm_sec) == -1) { - ASN1error(ERR_R_MALLOC_FAILURE); - return 0; - } - - free(atime->data); - atime->data = time_str; - atime->length = GENTIME_LENGTH; - atime->type = V_ASN1_GENERALIZEDTIME; - - return 1; -} - -/* Convert time to UTCTime, X.690, 11.8. */ -static int -tm_to_utctime(struct tm *tm, ASN1_TIME *atime) -{ - char *time_str = NULL; - - if (tm->tm_year >= 150 || tm->tm_year < 50) { - ASN1error(ASN1_R_ILLEGAL_TIME_VALUE); - return 0; - } - - if (asprintf(&time_str, "%02u%02u%02u%02u%02u%02uZ", - tm->tm_year % 100, tm->tm_mon + 1, tm->tm_mday, - tm->tm_hour, tm->tm_min, tm->tm_sec) == -1) { - ASN1error(ERR_R_MALLOC_FAILURE); - return 0; - } - - free(atime->data); - atime->data = time_str; - atime->length = UTCTIME_LENGTH; - atime->type = V_ASN1_UTCTIME; - - return 1; -} - -static int -tm_to_rfc5280_time(struct tm *tm, ASN1_TIME *atime) -{ - if (tm->tm_year >= 50 && tm->tm_year < 150) - return tm_to_utctime(tm, atime); - - return tm_to_gentime(tm, atime); -} - - -static int -cbs_get_two_digit_value(CBS *cbs, int *out) -{ - uint8_t first_digit, second_digit; - - if (!CBS_get_u8(cbs, &first_digit)) - return 0; - if (!isdigit(first_digit)) - return 0; - if (!CBS_get_u8(cbs, &second_digit)) - return 0; - if (!isdigit(second_digit)) - return 0; - - *out = (first_digit - '0') * 10 + (second_digit - '0'); - - return 1; -} - -static int -is_valid_day(int year, int month, int day) -{ - if (day < 1) - return 0; - switch (month) { - case 1: - case 3: - case 5: - case 7: - case 8: - case 10: - case 12: - return day <= 31; - case 4: - case 6: - case 9: - case 11: - return day <= 30; - case 2: - if ((year % 4 == 0 && year % 100 != 0) || year % 400 == 0) - return day <= 29; - else - return day <= 28; - default: - return 0; - } -} - -/* - * asn1_time_parse_cbs returns one if |cbs| is a valid DER-encoded, ASN.1 Time - * body within the limitations imposed by RFC 5280, or zero otherwise. The time - * is expected to parse as a Generalized Time if is_gentime is true, and as a - * UTC Time otherwise. If |out_tm| is non-NULL, |*out_tm| will be zeroed, and - * then set to the corresponding time in UTC. This function does not compute - * |out_tm->tm_wday| or |out_tm->tm_yday|. |cbs| is not consumed. - */ -int -asn1_time_parse_cbs(const CBS *cbs, int is_gentime, struct tm *out_tm) -{ - int year, month, day, hour, min, sec, val; - CBS copy; - uint8_t tz; - - CBS_dup(cbs, ©); - - if (is_gentime) { - if (!cbs_get_two_digit_value(©, &val)) - return 0; - year = val * 100; - if (!cbs_get_two_digit_value(©, &val)) - return 0; - year += val; - } else { - year = 1900; - if (!cbs_get_two_digit_value(©, &val)) - return 0; - year += val; - if (year < 1950) - year += 100; - if (year >= 2050) - return 0; /* A Generalized time must be used. */ - } - - if (!cbs_get_two_digit_value(©, &month)) - return 0; - if (month < 1 || month > 12) - return 0; /* Reject invalid months. */ - - if (!cbs_get_two_digit_value(©, &day)) - return 0; - if (!is_valid_day(year, month, day)) - return 0; /* Reject invalid days. */ - - if (!cbs_get_two_digit_value(©, &hour)) - return 0; - if (hour > 23) - return 0; /* Reject invalid hours. */ - - if (!cbs_get_two_digit_value(©, &min)) - return 0; - if (min > 59) - return 0; /* Reject invalid minutes. */ - - if (!cbs_get_two_digit_value(©, &sec)) - return 0; - if (sec > 59) - return 0; /* Reject invalid seconds. Leap seconds are invalid. */ - - if (!CBS_get_u8(©, &tz)) - return 0; - if (tz != 'Z') - return 0; /* Reject anything but Z on the end. */ - - if (CBS_len(©) != 0) - return 0; /* Reject invalid lengths. */ - - if (out_tm != NULL) { - memset(out_tm, 0, sizeof(*out_tm)); - /* Fill in the tm fields corresponding to what we validated. */ - out_tm->tm_year = year - 1900; - out_tm->tm_mon = month - 1; - out_tm->tm_mday = day; - out_tm->tm_hour = hour; - out_tm->tm_min = min; - out_tm->tm_sec = sec; - } - - return 1; -} - -/* - * Parse an RFC 5280 format ASN.1 time string. - * - * mode must be: - * 0 if we expect to parse a time as specified in RFC 5280 for an X509 object. - * V_ASN1_UTCTIME if we wish to parse an RFC5280 format UTC time. - * V_ASN1_GENERALIZEDTIME if we wish to parse an RFC5280 format Generalized time. - * - * Returns: - * -1 if the string was invalid. - * V_ASN1_UTCTIME if the string validated as a UTC time string. - * V_ASN1_GENERALIZEDTIME if the string validated as a Generalized time string. - * - * Fills in *tm with the corresponding time if tm is non NULL. - */ -int -ASN1_time_parse(const char *bytes, size_t len, struct tm *tm, int mode) -{ - int type = 0; - CBS cbs; - - if (bytes == NULL) - return -1; - - CBS_init(&cbs, bytes, len); - - if (CBS_len(&cbs) == UTCTIME_LENGTH) - type = V_ASN1_UTCTIME; - if (CBS_len(&cbs) == GENTIME_LENGTH) - type = V_ASN1_GENERALIZEDTIME; - if (asn1_time_parse_cbs(&cbs, type == V_ASN1_GENERALIZEDTIME, tm)) { - if (mode != 0 && mode != type) - return -1; - return type; - } - - return -1; -} - -/* - * ASN1_TIME generic functions. - */ - -static int -ASN1_TIME_set_string_internal(ASN1_TIME *s, const char *str, int mode) -{ - struct tm tm; - - if (ASN1_time_parse(str, strlen(str), &tm, mode) == -1) - return 0; - - /* Only check str's format, as documented. */ - if (s == NULL) - return 1; - - switch (mode) { - case V_ASN1_UTCTIME: - return tm_to_utctime(&tm, s); - case V_ASN1_GENERALIZEDTIME: - return tm_to_gentime(&tm, s); - case RFC5280: - return tm_to_rfc5280_time(&tm, s); - default: - return 0; - } -} - -static ASN1_TIME * -ASN1_TIME_adj_internal(ASN1_TIME *s, time_t t, int offset_day, long offset_sec, - int mode) -{ - ASN1_TIME *atime = s; - struct tm tm; - - if (!asn1_time_time_t_to_tm(&t, &tm)) - goto err; - - if (offset_day != 0 || offset_sec != 0) { - if (!OPENSSL_gmtime_adj(&tm, offset_day, offset_sec)) - goto err; - } - - if (atime == NULL) - atime = ASN1_TIME_new(); - if (atime == NULL) - goto err; - - switch (mode) { - case V_ASN1_UTCTIME: - if (!tm_to_utctime(&tm, atime)) - goto err; - break; - case V_ASN1_GENERALIZEDTIME: - if (!tm_to_gentime(&tm, atime)) - goto err; - break; - case RFC5280: - if (!tm_to_rfc5280_time(&tm, atime)) - goto err; - break; - default: - goto err; - } - - return atime; - - err: - if (atime != s) - ASN1_TIME_free(atime); - - return NULL; -} - -ASN1_TIME * -ASN1_TIME_set(ASN1_TIME *s, time_t t) -{ - return ASN1_TIME_adj(s, t, 0, 0); -} -LCRYPTO_ALIAS(ASN1_TIME_set); - -ASN1_TIME * -ASN1_TIME_adj(ASN1_TIME *s, time_t t, int offset_day, long offset_sec) -{ - return ASN1_TIME_adj_internal(s, t, offset_day, offset_sec, RFC5280); -} -LCRYPTO_ALIAS(ASN1_TIME_adj); - -int -ASN1_TIME_check(const ASN1_TIME *t) -{ - if (t->type != V_ASN1_GENERALIZEDTIME && t->type != V_ASN1_UTCTIME) - return 0; - return t->type == ASN1_time_parse(t->data, t->length, NULL, t->type); -} -LCRYPTO_ALIAS(ASN1_TIME_check); - -ASN1_GENERALIZEDTIME * -ASN1_TIME_to_generalizedtime(const ASN1_TIME *t, ASN1_GENERALIZEDTIME **out) -{ - ASN1_GENERALIZEDTIME *agt = NULL; - struct tm tm; - - if (t->type != V_ASN1_GENERALIZEDTIME && t->type != V_ASN1_UTCTIME) - goto err; - - if (t->type != ASN1_time_parse(t->data, t->length, &tm, t->type)) - goto err; - - if (out == NULL || (agt = *out) == NULL) - agt = ASN1_TIME_new(); - if (agt == NULL) - goto err; - - if (!tm_to_gentime(&tm, agt)) - goto err; - - if (out != NULL) - *out = agt; - - return agt; - - err: - if (out == NULL || *out != agt) - ASN1_TIME_free(agt); - - return NULL; -} -LCRYPTO_ALIAS(ASN1_TIME_to_generalizedtime); - -int -ASN1_TIME_set_string(ASN1_TIME *s, const char *str) -{ - return ASN1_TIME_set_string_internal(s, str, RFC5280); -} -LCRYPTO_ALIAS(ASN1_TIME_set_string); - -static int -ASN1_TIME_cmp_time_t_internal(const ASN1_TIME *s, time_t t2, int mode) -{ - struct tm tm1, tm2; - - /* - * This function has never handled failure conditions properly - * The OpenSSL version used to simply follow NULL pointers on failure. - * BoringSSL and OpenSSL now make it return -2 on failure. - * - * The danger is that users of this function will not differentiate the - * -2 failure case from s < t2. Callers must be careful. Sadly this is - * one of those pervasive things from OpenSSL we must continue with. - */ - - if (ASN1_time_parse(s->data, s->length, &tm1, mode) == -1) - return -2; - - if (!asn1_time_time_t_to_tm(&t2, &tm2)) - return -2; - - return ASN1_time_tm_cmp(&tm1, &tm2); -} - -int -ASN1_TIME_compare(const ASN1_TIME *t1, const ASN1_TIME *t2) -{ - struct tm tm1, tm2; - - if (t1->type != V_ASN1_UTCTIME && t1->type != V_ASN1_GENERALIZEDTIME) - return -2; - - if (t2->type != V_ASN1_UTCTIME && t2->type != V_ASN1_GENERALIZEDTIME) - return -2; - - if (ASN1_time_parse(t1->data, t1->length, &tm1, t1->type) == -1) - return -2; - - if (ASN1_time_parse(t2->data, t2->length, &tm2, t2->type) == -1) - return -2; - - return ASN1_time_tm_cmp(&tm1, &tm2); -} -LCRYPTO_ALIAS(ASN1_TIME_compare); - -int -ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t) -{ - if (s->type == V_ASN1_UTCTIME) - return ASN1_TIME_cmp_time_t_internal(s, t, V_ASN1_UTCTIME); - if (s->type == V_ASN1_GENERALIZEDTIME) - return ASN1_TIME_cmp_time_t_internal(s, t, - V_ASN1_GENERALIZEDTIME); - return -2; -} -LCRYPTO_ALIAS(ASN1_TIME_cmp_time_t); - -/* - * ASN1_UTCTIME wrappers - */ - -int -ASN1_UTCTIME_check(const ASN1_UTCTIME *d) -{ - if (d->type != V_ASN1_UTCTIME) - return 0; - return d->type == ASN1_time_parse(d->data, d->length, NULL, d->type); -} -LCRYPTO_ALIAS(ASN1_UTCTIME_check); - -int -ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str) -{ - if (s != NULL && s->type != V_ASN1_UTCTIME) - return 0; - return ASN1_TIME_set_string_internal(s, str, V_ASN1_UTCTIME); -} -LCRYPTO_ALIAS(ASN1_UTCTIME_set_string); - -ASN1_UTCTIME * -ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t) -{ - return ASN1_UTCTIME_adj(s, t, 0, 0); -} -LCRYPTO_ALIAS(ASN1_UTCTIME_set); - -ASN1_UTCTIME * -ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, int offset_day, long offset_sec) -{ - return ASN1_TIME_adj_internal(s, t, offset_day, offset_sec, - V_ASN1_UTCTIME); -} -LCRYPTO_ALIAS(ASN1_UTCTIME_adj); - -int -ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t) -{ - if (s->type == V_ASN1_UTCTIME) - return ASN1_TIME_cmp_time_t_internal(s, t, V_ASN1_UTCTIME); - return -2; -} -LCRYPTO_ALIAS(ASN1_UTCTIME_cmp_time_t); - -/* - * ASN1_GENERALIZEDTIME wrappers - */ - -int -ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *d) -{ - if (d->type != V_ASN1_GENERALIZEDTIME) - return 0; - return d->type == ASN1_time_parse(d->data, d->length, NULL, d->type); -} -LCRYPTO_ALIAS(ASN1_GENERALIZEDTIME_check); - -int -ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str) -{ - if (s != NULL && s->type != V_ASN1_GENERALIZEDTIME) - return 0; - return ASN1_TIME_set_string_internal(s, str, V_ASN1_GENERALIZEDTIME); -} -LCRYPTO_ALIAS(ASN1_GENERALIZEDTIME_set_string); - -ASN1_GENERALIZEDTIME * -ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, time_t t) -{ - return ASN1_GENERALIZEDTIME_adj(s, t, 0, 0); -} -LCRYPTO_ALIAS(ASN1_GENERALIZEDTIME_set); - -ASN1_GENERALIZEDTIME * -ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, time_t t, int offset_day, - long offset_sec) -{ - return ASN1_TIME_adj_internal(s, t, offset_day, offset_sec, - V_ASN1_GENERALIZEDTIME); -} -LCRYPTO_ALIAS(ASN1_GENERALIZEDTIME_adj); - -int -ASN1_TIME_normalize(ASN1_TIME *t) -{ - struct tm tm; - - if (t == NULL) - return 0; - if (!ASN1_TIME_to_tm(t, &tm)) - return 0; - return tm_to_rfc5280_time(&tm, t); -} -LCRYPTO_ALIAS(ASN1_TIME_normalize); - -int -ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str) -{ - return ASN1_TIME_set_string_internal(s, str, RFC5280); -} -LCRYPTO_ALIAS(ASN1_TIME_set_string_X509); -- cgit v1.2.3-55-g6feb