From ccd665d2aa30375710957f3c357425fa10883613 Mon Sep 17 00:00:00 2001 From: Bob Beck Date: Fri, 29 Jul 2022 15:57:00 -0600 Subject: [PATCH] Make time_t conversions. Give up on the OS provided ones. We only care about dates within years 0000 to 9999 for RFC5280. timegm() is only semi-standard. Some things require the setting awkward defines to get libc to give it to you. Other things let you have it but make it stop working at year 3000. Still other things have 32 bit time_t..... Let's just make our own that actually works. all the time, does everything with an int64_t, and fails if you want to send something out that would overflow a 32 bit time_t. In the process of doing this, we get rid of the old Julian date stuff from OpenSSL, which while functional was a bit awkward dealing only with days, and using the Julian calendar as the reference point instead of potentially something more useful. Julian seconds since Jan 1 1970 00:00:00 UCT are much more useful to us than Julian days since a Julian epoch. The OS implementations of timegm() and gmtime() also can be pretty complex, due to the nature of needing multiple timezone, daylight saving, day of week, and other stuff we simply do not need for doing things with certificate times. A small microbenchmark of 10000000 of each operation comparing this implementation to the system version on my M1 mac gives: bbe-macbookpro:tmp bbe$ time ./openssl_gmtime real 0m0.152s user 0m0.127s sys 0m0.018s bbe-macbookpro:tmp bbe$ time ./gmtime real 0m0.422s user 0m0.403s sys 0m0.014s bbe-macbookpro:tmp bbe$ time ./openssl_timegm real 0m0.041s user 0m0.015s sys 0m0.019s bbe-macbookpro:tmp bbe$ time ./timegm real 0m30.432s user 0m30.383s sys 0m0.040s Similarly On a glinux machine: bbe@bbe-glinux1:~$ time ./openssl_gmtime real 0m0.157s user 0m0.152s sys 0m0.008s bbe@bbe-glinux1:~$ time ./gmtime real 0m0.336s user 0m0.336s sys 0m0.002s bbe@bbe-glinux1:~$ time ./openssl_timegm real 0m0.018s user 0m0.019s sys 0m0.002s bbe@bbe-glinux1:~$ time ./timegm real 0m0.680s user 0m0.671s sys 0m0.011s bbe@bbe-glinux1:~$ Bug: 501 Change-Id: If445272d365f2c9673b5f3264d082af1a342e0a1 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/53245 Commit-Queue: Bob Beck Reviewed-by: David Benjamin --- crypto/CMakeLists.txt | 2 +- crypto/asn1/a_time.c | 33 +++++- crypto/asn1/a_utctm.c | 9 +- crypto/asn1/asn1_test.cc | 69 +++++++++-- crypto/asn1/internal.h | 37 ++++-- crypto/asn1/posix_time.c | 227 +++++++++++++++++++++++++++++++++++++ crypto/asn1/time_support.c | 206 --------------------------------- crypto/x509/x509_vfy.c | 61 +--------- include/openssl/asn1.h | 9 ++ 9 files changed, 365 insertions(+), 288 deletions(-) create mode 100644 crypto/asn1/posix_time.c delete mode 100644 crypto/asn1/time_support.c diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt index 0af3ea7df..c49eeec0f 100644 --- a/crypto/CMakeLists.txt +++ b/crypto/CMakeLists.txt @@ -229,7 +229,7 @@ add_library( asn1/tasn_new.c asn1/tasn_typ.c asn1/tasn_utl.c - asn1/time_support.c + asn1/posix_time.c base64/base64.c bio/bio.c bio/bio_mem.c diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c index 225211884..50829690c 100644 --- a/crypto/asn1/a_time.c +++ b/crypto/asn1/a_time.c @@ -187,7 +187,8 @@ int ASN1_TIME_set_string(ASN1_TIME *s, const char *str) { return 1; } -static int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *t) { +static int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *t, + int allow_timezone_offset) { if (t == NULL) { time_t now_t; time(&now_t); @@ -198,7 +199,7 @@ static int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *t) { } if (t->type == V_ASN1_UTCTIME) { - return asn1_utctime_to_tm(tm, t); + return asn1_utctime_to_tm(tm, t, allow_timezone_offset); } else if (t->type == V_ASN1_GENERALIZEDTIME) { return asn1_generalizedtime_to_tm(tm, t); } @@ -209,11 +210,35 @@ static int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *t) { int ASN1_TIME_diff(int *out_days, int *out_seconds, const ASN1_TIME *from, const ASN1_TIME *to) { struct tm tm_from, tm_to; - if (!asn1_time_to_tm(&tm_from, from)) { + if (!asn1_time_to_tm(&tm_from, from, /*allow_timezone_offset=*/1)) { return 0; } - if (!asn1_time_to_tm(&tm_to, to)) { + if (!asn1_time_to_tm(&tm_to, to, /*allow_timezone_offset=*/1)) { return 0; } return OPENSSL_gmtime_diff(out_days, out_seconds, &tm_from, &tm_to); } + +// The functions below do *not* permissively allow the use of four digit +// timezone offsets in UTC times, as is done elsewhere in the code. They are +// both new API, and used internally to X509_cmp_time. This is to discourage the +// use of nonstandard times in new code, and to ensure that this code behaves +// correctly in X509_cmp_time which historically did its own time validations +// slightly different than the many other copies of X.509 time validation +// sprinkled through the codebase. The custom checks in X509_cmp_time meant that +// it did not allow four digit timezone offsets in UTC times. +int ASN1_TIME_to_time_t(const ASN1_TIME *t, time_t *out_time) { + struct tm tm; + if (!asn1_time_to_tm(&tm, t, /*allow_timezone_offset=*/0)) { + return 0; + } + return OPENSSL_timegm(&tm, out_time); +} + +int ASN1_TIME_to_posix(const ASN1_TIME *t, int64_t *out_time) { + struct tm tm; + if (!asn1_time_to_tm(&tm, t, /*allow_timezone_offset=*/0)) { + return 0; + } + return OPENSSL_tm_to_posix(&tm, out_time); +} diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c index ac6b59848..201c65432 100644 --- a/crypto/asn1/a_utctm.c +++ b/crypto/asn1/a_utctm.c @@ -64,20 +64,21 @@ #include "internal.h" -int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d) { +int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d, + int allow_timezone_offset) { if (d->type != V_ASN1_UTCTIME) { return 0; } CBS cbs; CBS_init(&cbs, d->data, (size_t)d->length); - if (!CBS_parse_utc_time(&cbs, tm, /*allow_timezone_offset=*/1)) { + if (!CBS_parse_utc_time(&cbs, tm, allow_timezone_offset)) { return 0; } return 1; } int ASN1_UTCTIME_check(const ASN1_UTCTIME *d) { - return asn1_utctime_to_tm(NULL, d); + return asn1_utctime_to_tm(NULL, d, /*allow_timezone_offset=*/1); } int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str) { @@ -148,7 +149,7 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t) { struct tm stm, ttm; int day, sec; - if (!asn1_utctime_to_tm(&stm, s)) { + if (!asn1_utctime_to_tm(&stm, s, /*allow_timezone_offset=*/1)) { return -2; } diff --git a/crypto/asn1/asn1_test.cc b/crypto/asn1/asn1_test.cc index 9df309a5e..ffb3e4a57 100644 --- a/crypto/asn1/asn1_test.cc +++ b/crypto/asn1/asn1_test.cc @@ -913,12 +913,12 @@ static bool ASN1Time_check_time_t(const ASN1_TIME *s, time_t t) { } break; case V_ASN1_UTCTIME: - if (!asn1_utctime_to_tm(&stm, s)) { + if (!asn1_utctime_to_tm(&stm, s, /*allow_timezone_offset=*/1)) { return false; } break; default: - return 0; + return false; } if (!OPENSSL_gmtime(&t, &ttm) || !OPENSSL_gmtime_diff(&day, &sec, &ttm, &stm)) { @@ -955,6 +955,10 @@ TEST(ASN1Test, SetTime) { {0, "19700101000000Z", "700101000000Z", "Jan 1 00:00:00 1970 GMT"}, {981173106, "20010203040506Z", "010203040506Z", "Feb 3 04:05:06 2001 GMT"}, {951804000, "20000229060000Z", "000229060000Z", "Feb 29 06:00:00 2000 GMT"}, + // NASA says this is the correct time for posterity. + {-16751025, "19690621025615Z", "690621025615Z", "Jun 21 02:56:15 1969 GMT"}, + // -1 is sometimes used as an error value. Ensure we correctly handle it. + {-1, "19691231235959Z", "691231235959Z", "Dec 31 23:59:59 1969 GMT"}, #if defined(OPENSSL_64_BIT) // TODO(https://crbug.com/boringssl/416): These cases overflow 32-bit // |time_t| and do not consistently work on 32-bit platforms. For now, @@ -970,14 +974,8 @@ TEST(ASN1Test, SetTime) { #endif }; for (const auto &t : kTests) { + time_t tt; SCOPED_TRACE(t.time); -#if defined(OPENSSL_WINDOWS) - // Windows |time_t| functions can only handle 1970 through 3000. See - // https://docs.microsoft.com/en-us/cpp/c-runtime-library/reference/gmtime-s-gmtime32-s-gmtime64-s?view=msvc-160 - if (t.time < 0 || int64_t{t.time} > 32535215999) { - continue; - } -#endif bssl::UniquePtr utc(ASN1_UTCTIME_set(nullptr, t.time)); if (t.utc) { @@ -985,6 +983,8 @@ TEST(ASN1Test, SetTime) { EXPECT_EQ(V_ASN1_UTCTIME, ASN1_STRING_type(utc.get())); EXPECT_EQ(t.utc, ASN1StringToStdString(utc.get())); EXPECT_TRUE(ASN1Time_check_time_t(utc.get(), t.time)); + EXPECT_EQ(ASN1_TIME_to_time_t(utc.get(), &tt), 1); + EXPECT_EQ(tt, t.time); EXPECT_EQ(PrintStringToBIO(utc.get(), &ASN1_UTCTIME_print), t.printed); EXPECT_EQ(PrintStringToBIO(utc.get(), &ASN1_TIME_print), t.printed); } else { @@ -998,6 +998,8 @@ TEST(ASN1Test, SetTime) { EXPECT_EQ(V_ASN1_GENERALIZEDTIME, ASN1_STRING_type(generalized.get())); EXPECT_EQ(t.generalized, ASN1StringToStdString(generalized.get())); EXPECT_TRUE(ASN1Time_check_time_t(generalized.get(), t.time)); + EXPECT_EQ(ASN1_TIME_to_time_t(generalized.get(), &tt), 1); + EXPECT_EQ(tt, t.time); EXPECT_EQ( PrintStringToBIO(generalized.get(), &ASN1_GENERALIZEDTIME_print), t.printed); @@ -1018,6 +1020,8 @@ TEST(ASN1Test, SetTime) { EXPECT_EQ(t.generalized, ASN1StringToStdString(choice.get())); } EXPECT_TRUE(ASN1Time_check_time_t(choice.get(), t.time)); + EXPECT_EQ(ASN1_TIME_to_time_t(choice.get(), &tt), 1); + EXPECT_EQ(tt, t.time); } else { EXPECT_FALSE(choice); } @@ -2256,6 +2260,53 @@ TEST(ASN1Test, StringEncoding) { } } +// Exhaustively test POSIX time conversions for every day across the millenium. +TEST(ASN1Test, POSIXTime) { + const int kDaysInMonth[] = {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}; + + // Test the epoch explicitly, to confirm our baseline is correct. + struct tm civil_time; + ASSERT_TRUE(OPENSSL_posix_to_tm(0, &civil_time)); + ASSERT_EQ(civil_time.tm_year + 1900, 1970); + ASSERT_EQ(civil_time.tm_mon + 1, 1); + ASSERT_EQ(civil_time.tm_mday, 1); + ASSERT_EQ(civil_time.tm_hour, 0); + ASSERT_EQ(civil_time.tm_min, 0); + ASSERT_EQ(civil_time.tm_sec, 0); + + int64_t posix_time = -11676096000; // Sat, 01 Jan 1600 00:00:00 +0000 + for (int year = 1600; year < 3000; year++) { + SCOPED_TRACE(year); + bool is_leap_year = (year % 4 == 0 && year % 100 != 0) || year % 400 == 0; + for (int month = 1; month <= 12; month++) { + SCOPED_TRACE(month); + int days = kDaysInMonth[month - 1]; + if (month == 2 && is_leap_year) { + days++; + } + for (int day = 1; day <= days; day++) { + SCOPED_TRACE(day); + SCOPED_TRACE(posix_time); + + ASSERT_TRUE(OPENSSL_posix_to_tm(posix_time, &civil_time)); + ASSERT_EQ(civil_time.tm_year + 1900, year); + ASSERT_EQ(civil_time.tm_mon + 1, month); + ASSERT_EQ(civil_time.tm_mday, day); + ASSERT_EQ(civil_time.tm_hour, 0); + ASSERT_EQ(civil_time.tm_min, 0); + ASSERT_EQ(civil_time.tm_sec, 0); + + int64_t posix_time_computed; + ASSERT_TRUE(OPENSSL_tm_to_posix(&civil_time, &posix_time_computed)); + ASSERT_EQ(posix_time_computed, posix_time); + + // Advance to the next day. + posix_time += 24 * 60 * 60; + } + } + } +} + // The ASN.1 macros do not work on Windows shared library builds, where usage of // |OPENSSL_EXPORT| is a bit stricter. #if !defined(OPENSSL_WINDOWS) || !defined(BORINGSSL_SHARED_LIBRARY) diff --git a/crypto/asn1/internal.h b/crypto/asn1/internal.h index f8ca8fe11..3d78dd636 100644 --- a/crypto/asn1/internal.h +++ b/crypto/asn1/internal.h @@ -71,16 +71,38 @@ extern "C" { // Wrapper functions for time functions. -// OPENSSL_gmtime wraps |gmtime_r|. See the manual page for that function. +// OPENSSL_posix_to_tm converts a int64_t POSIX time value in |time| whuch must +// be in the range of year 0000 to 9999 to a broken out time value in |tm|. It +// returns one on success and zero on error. +OPENSSL_EXPORT int OPENSSL_posix_to_tm(int64_t time, struct tm *out_tm); + +// OPENSSL_tm_to_posix converts a time value between the years 0 and 9999 in +// |tm| to a POSIX time value in |out|. One is returned on success, zero is +// returned on failure. It is a failure if the tm contains out of range values. +OPENSSL_EXPORT int OPENSSL_tm_to_posix(const struct tm *tm, int64_t *out); + +// OPENSSL_gmtime converts a time_t value in |time| which must be in the range +// of year 0000 to 9999 to a broken out time value in |tm|. On success |tm| is +// returned. On failure NULL is returned. OPENSSL_EXPORT struct tm *OPENSSL_gmtime(const time_t *time, struct tm *result); -// OPENSSL_gmtime_adj updates |tm| by adding |offset_day| days and |offset_sec| -// seconds. +// OPENSSL_timegm converts a time value between the years 0 and 9999 in |tm| to +// a time_t value in |out|. One is returned on success, zero is returned on +// failure. It is a failure if the converted time can not be represented in a +// time_t, or if the tm contains out of range values. +OPENSSL_EXPORT int OPENSSL_timegm(const struct tm *tm, time_t *out); + +// OPENSSL_gmtime_adj returns one on success, and updates |tm| by adding +// |offset_day| days and |offset_sec| seconds. It returns zero on failure. |tm| +// must be in the range of year 0000 to 9999 both before and after the update or +// a failure will be returned. int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec); -// OPENSSL_gmtime_diff calculates the difference between |from| and |to| and -// outputs the difference as a number of days and seconds in |*out_days| and -// |*out_secs|. +// OPENSSL_gmtime_diff calculates the difference between |from| and |to|. It +// returns one, and outputs the difference as a number of days and seconds in +// |*out_days| and |*out_secs| on success. It returns zero on failure. Both +// |from| and |to| must be in the range of year 0000 to 9999 or a failure will +// be returned. OPENSSL_EXPORT int OPENSSL_gmtime_diff(int *out_days, int *out_secs, const struct tm *from, const struct tm *to); @@ -126,7 +148,8 @@ typedef struct ASN1_ENCODING_st { unsigned alias_only_on_next_parse : 1; } ASN1_ENCODING; -OPENSSL_EXPORT int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d); +OPENSSL_EXPORT int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d, + int allow_timezone_offset); OPENSSL_EXPORT int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d); diff --git a/crypto/asn1/posix_time.c b/crypto/asn1/posix_time.c new file mode 100644 index 000000000..81fbe8331 --- /dev/null +++ b/crypto/asn1/posix_time.c @@ -0,0 +1,227 @@ +/* Copyright (c) 2022, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +// Time conversion to/from POSIX time_t and struct tm, with no support +// for time zones other than UTC + +#include +#include +#include +#include +#include + +#include "internal.h" + +#define SECS_PER_HOUR (60 * 60) +#define SECS_PER_DAY (24 * SECS_PER_HOUR) + + +// Is a year/month/day combination valid, in the range from year 0000 +// to 9999? +static int is_valid_date(int year, int month, int day) { + if (day < 1 || month < 1 || year < 0 || year > 9999) { + return 0; + } + switch (month) { + case 1: + case 3: + case 5: + case 7: + case 8: + case 10: + case 12: + return day > 0 && day <= 31; + case 4: + case 6: + case 9: + case 11: + return day > 0 && day <= 30; + case 2: + if ((year % 4 == 0 && year % 100 != 0) || year % 400 == 0) { + return day > 0 && day <= 29; + } else { + return day > 0 && day <= 28; + } + default: + return 0; + } +} + +// Is a time valid? Leap seconds of 60 are not considered valid, as +// the POSIX time in seconds does not include them. +static int is_valid_time(int hours, int minutes, int seconds) { + if (hours < 0 || minutes < 0 || seconds < 0 || hours > 23 || minutes > 59 || + seconds > 59) { + return 0; + } + return 1; +} + +// Is a int64 time representing a time within our expected range? +static int is_valid_epoch_time(int64_t time) { + // 0000-01-01 00:00:00 UTC to 9999-12-31 23:59:59 UTC + return (int64_t)-62167219200 <= time && time <= (int64_t)253402300799; +} + +// Inspired by algorithms presented in +// https://howardhinnant.github.io/date_algorithms.html +// (Public Domain) +static int posix_time_from_utc(int year, int month, int day, int hours, + int minutes, int seconds, int64_t *out_time) { + if (!is_valid_date(year, month, day) || + !is_valid_time(hours, minutes, seconds)) { + return 0; + } + if (month <= 2) { + year--; // Start years on Mar 1, so leap days always finish a year. + } + // At this point year will be in the range -1 and 9999. + assert(-1 <= year && year <= 9999); + int64_t era = (year >= 0 ? year : year - 399) / 400; + int64_t year_of_era = year - era * 400; + int64_t day_of_year = + (153 * (month > 2 ? month - 3 : month + 9) + 2) / 5 + day - 1; + int64_t day_of_era = + year_of_era * 365 + year_of_era / 4 - year_of_era / 100 + day_of_year; + int64_t posix_days = era * 146097 + day_of_era - 719468; + *out_time = posix_days * SECS_PER_DAY + hours * SECS_PER_HOUR + minutes * 60 + + seconds; + return 1; +} + +// Inspired by algorithms presented in +// https://howardhinnant.github.io/date_algorithms.html +// (Public Domain) +static int utc_from_posix_time(int64_t time, int *out_year, int *out_month, + int *out_day, int *out_hours, int *out_minutes, + int *out_seconds) { + if (!is_valid_epoch_time(time)) { + return 0; + } + int64_t days = time / SECS_PER_DAY; + int64_t leftover_seconds = time % SECS_PER_DAY; + if (leftover_seconds < 0) { + days--; + leftover_seconds += SECS_PER_DAY; + } + days += 719468; // Shift to starting epoch of Mar 1 0000. + // At this point, days will be in the range -61 and 3652364. + assert(-61 <= days && days <= 3652364); + int64_t era = (days > 0 ? days : days - 146096) / 146097; + int64_t day_of_era = days - era * 146097; + int64_t year_of_era = (day_of_era - day_of_era / 1460 + day_of_era / 36524 - + day_of_era / 146096) / + 365; + *out_year = (int)(year_of_era + era * 400); // Year starting on Mar 1. + int64_t day_of_year = + day_of_era - (365 * year_of_era + year_of_era / 4 - year_of_era / 100); + int64_t month_of_year = (5 * day_of_year + 2) / 153; + *out_month = + (int)(month_of_year < 10 ? month_of_year + 3 : month_of_year - 9); + if (*out_month <= 2) { + (*out_year)++; // Adjust year back to Jan 1 start of year. + } + *out_day = (int)(day_of_year - (153 * month_of_year + 2) / 5 + 1); + *out_hours = (int)(leftover_seconds / SECS_PER_HOUR); + leftover_seconds %= SECS_PER_HOUR; + *out_minutes = (int)(leftover_seconds / 60); + *out_seconds = (int)(leftover_seconds % 60); + return 1; +} + +int OPENSSL_tm_to_posix(const struct tm *tm, int64_t *out) { + return posix_time_from_utc(tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, + tm->tm_hour, tm->tm_min, tm->tm_sec, out); +} + +int OPENSSL_posix_to_tm(int64_t time, struct tm *out_tm) { + memset(out_tm, 0, sizeof(struct tm)); + if (!utc_from_posix_time(time, &out_tm->tm_year, &out_tm->tm_mon, + &out_tm->tm_mday, &out_tm->tm_hour, &out_tm->tm_min, + &out_tm->tm_sec)) { + return 0; + } + out_tm->tm_year -= 1900; + out_tm->tm_mon -= 1; + + return 1; +} + +int OPENSSL_timegm(const struct tm *tm, time_t *out) { + static_assert( + sizeof(time_t) == sizeof(int32_t) || sizeof(time_t) == sizeof(int64_t), + "time_t is broken"); + int64_t posix_time; + if (!OPENSSL_tm_to_posix(tm, &posix_time)) { + return 0; + } + if (sizeof(time_t) == sizeof(int32_t) && + (posix_time > INT32_MAX || posix_time < INT32_MIN)) { + return 0; + } + *out = (time_t)posix_time; + return 1; +} + +struct tm *OPENSSL_gmtime(const time_t *time, struct tm *out_tm) { + static_assert( + sizeof(time_t) == sizeof(int32_t) || sizeof(time_t) == sizeof(int64_t), + "time_t is broken"); + int64_t posix_time = *time; + if (!OPENSSL_posix_to_tm(posix_time, out_tm)) { + return NULL; + } + return out_tm; +} + +int OPENSSL_gmtime_adj(struct tm *tm, int off_day, long offset_sec) { + int64_t posix_time; + if (!posix_time_from_utc(tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, + tm->tm_hour, tm->tm_min, tm->tm_sec, &posix_time)) { + return 0; + } + if (!utc_from_posix_time(posix_time + off_day * SECS_PER_DAY + offset_sec, + &tm->tm_year, &tm->tm_mon, &tm->tm_mday, + &tm->tm_hour, &tm->tm_min, &tm->tm_sec)) { + return 0; + } + tm->tm_year -= 1900; + tm->tm_mon -= 1; + + return 1; +} + +int OPENSSL_gmtime_diff(int *out_days, int *out_secs, const struct tm *from, + const struct tm *to) { + int64_t time_to; + if (!posix_time_from_utc(to->tm_year + 1900, to->tm_mon + 1, to->tm_mday, + to->tm_hour, to->tm_min, to->tm_sec, &time_to)) { + return 0; + } + int64_t time_from; + if (!posix_time_from_utc(from->tm_year + 1900, from->tm_mon + 1, + from->tm_mday, from->tm_hour, from->tm_min, + from->tm_sec, &time_from)) { + return 0; + } + int64_t timediff = time_to - time_from; + int64_t daydiff = timediff / SECS_PER_DAY; + timediff %= SECS_PER_DAY; + if (daydiff > INT_MAX || daydiff < INT_MIN) { + return 0; + } + *out_secs = (int)timediff; + *out_days = (int)daydiff; + return 1; +} diff --git a/crypto/asn1/time_support.c b/crypto/asn1/time_support.c deleted file mode 100644 index 7929970bd..000000000 --- a/crypto/asn1/time_support.c +++ /dev/null @@ -1,206 +0,0 @@ -/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL - * project 2001. - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 2008. - */ -/* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). */ - -#if defined(__linux__) && !defined(_POSIX_C_SOURCE) -#define _POSIX_C_SOURCE 201410L // for gmtime_r -#endif - -#include "internal.h" - -#include - - -#define SECS_PER_DAY (24 * 60 * 60) - -struct tm *OPENSSL_gmtime(const time_t *time, struct tm *result) { -#if defined(OPENSSL_WINDOWS) - if (gmtime_s(result, time)) { - return NULL; - } - return result; -#else - return gmtime_r(time, result); -#endif -} - -// Convert date to and from julian day Uses Fliegel & Van Flandern algorithm -static long date_to_julian(int y, int m, int d) { - return (1461 * (y + 4800 + (m - 14) / 12)) / 4 + - (367 * (m - 2 - 12 * ((m - 14) / 12))) / 12 - - (3 * ((y + 4900 + (m - 14) / 12) / 100)) / 4 + d - 32075; -} - -static void julian_to_date(long jd, int *y, int *m, int *d) { - long L = jd + 68569; - long n = (4 * L) / 146097; - long i, j; - - L = L - (146097 * n + 3) / 4; - i = (4000 * (L + 1)) / 1461001; - L = L - (1461 * i) / 4 + 31; - j = (80 * L) / 2447; - *d = L - (2447 * j) / 80; - L = j / 11; - *m = j + 2 - (12 * L); - *y = 100 * (n - 49) + i + L; -} - -// Convert tm structure and offset into julian day and seconds -static int julian_adj(const struct tm *tm, int off_day, long offset_sec, - long *pday, int *psec) { - int offset_hms, offset_day; - long time_jd; - int time_year, time_month, time_day; - // split offset into days and day seconds - offset_day = offset_sec / SECS_PER_DAY; - // Avoid sign issues with % operator - offset_hms = offset_sec - (offset_day * SECS_PER_DAY); - offset_day += off_day; - // Add current time seconds to offset - offset_hms += tm->tm_hour * 3600 + tm->tm_min * 60 + tm->tm_sec; - // Adjust day seconds if overflow - if (offset_hms >= SECS_PER_DAY) { - offset_day++; - offset_hms -= SECS_PER_DAY; - } else if (offset_hms < 0) { - offset_day--; - offset_hms += SECS_PER_DAY; - } - - // Convert date of time structure into a Julian day number. - - time_year = tm->tm_year + 1900; - time_month = tm->tm_mon + 1; - time_day = tm->tm_mday; - - time_jd = date_to_julian(time_year, time_month, time_day); - - // Work out Julian day of new date - time_jd += offset_day; - - if (time_jd < 0) { - return 0; - } - - *pday = time_jd; - *psec = offset_hms; - return 1; -} - -int OPENSSL_gmtime_adj(struct tm *tm, int off_day, long offset_sec) { - int time_sec, time_year, time_month, time_day; - long time_jd; - - // Convert time and offset into julian day and seconds - if (!julian_adj(tm, off_day, offset_sec, &time_jd, &time_sec)) { - return 0; - } - - // Convert Julian day back to date - - julian_to_date(time_jd, &time_year, &time_month, &time_day); - - if (time_year < 1900 || time_year > 9999) { - return 0; - } - - // Update tm structure - - tm->tm_year = time_year - 1900; - tm->tm_mon = time_month - 1; - tm->tm_mday = time_day; - - tm->tm_hour = time_sec / 3600; - tm->tm_min = (time_sec / 60) % 60; - tm->tm_sec = time_sec % 60; - - return 1; -} - -int OPENSSL_gmtime_diff(int *out_days, int *out_secs, const struct tm *from, - const struct tm *to) { - int from_sec, to_sec, diff_sec; - long from_jd, to_jd, diff_day; - - if (!julian_adj(from, 0, 0, &from_jd, &from_sec)) { - return 0; - } - if (!julian_adj(to, 0, 0, &to_jd, &to_sec)) { - return 0; - } - - diff_day = to_jd - from_jd; - diff_sec = to_sec - from_sec; - // Adjust differences so both positive or both negative - if (diff_day > 0 && diff_sec < 0) { - diff_day--; - diff_sec += SECS_PER_DAY; - } - if (diff_day < 0 && diff_sec > 0) { - diff_day++; - diff_sec -= SECS_PER_DAY; - } - - if (out_days) { - *out_days = (int)diff_day; - } - if (out_secs) { - *out_secs = diff_sec; - } - - return 1; -} diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index e054629af..f6089cd85 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -1872,66 +1872,13 @@ int X509_cmp_current_time(const ASN1_TIME *ctm) { } int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time) { - static const size_t utctime_length = sizeof("YYMMDDHHMMSSZ") - 1; - static const size_t generalizedtime_length = sizeof("YYYYMMDDHHMMSSZ") - 1; - ASN1_TIME *asn1_cmp_time = NULL; - int i, day, sec, ret = 0; - - // Note that ASN.1 allows much more slack in the time format than RFC 5280. - // In RFC 5280, the representation is fixed: - // UTCTime: YYMMDDHHMMSSZ - // GeneralizedTime: YYYYMMDDHHMMSSZ - // - // We do NOT currently enforce the following RFC 5280 requirement: - // "CAs conforming to this profile MUST always encode certificate - // validity dates through the year 2049 as UTCTime; certificate validity - // dates in 2050 or later MUST be encoded as GeneralizedTime." - switch (ctm->type) { - case V_ASN1_UTCTIME: - if (ctm->length != (int)(utctime_length)) { - return 0; - } - break; - case V_ASN1_GENERALIZEDTIME: - if (ctm->length != (int)(generalizedtime_length)) { - return 0; - } - break; - default: - return 0; - } - - //* - // Verify the format: the ASN.1 functions we use below allow a more - // flexible format than what's mandated by RFC 5280. - // Digit and date ranges will be verified in the conversion methods. - for (i = 0; i < ctm->length - 1; i++) { - if (!isdigit(ctm->data[i])) { - return 0; - } - } - if (ctm->data[ctm->length - 1] != 'Z') { + int64_t ctm_time; + if (!ASN1_TIME_to_posix(ctm, &ctm_time)) { return 0; } - - // There is ASN1_UTCTIME_cmp_time_t but no - // ASN1_GENERALIZEDTIME_cmp_time_t or ASN1_TIME_cmp_time_t, - // so we go through ASN.1 - asn1_cmp_time = X509_time_adj(NULL, 0, cmp_time); - if (asn1_cmp_time == NULL) { - goto err; - } - if (!ASN1_TIME_diff(&day, &sec, ctm, asn1_cmp_time)) { - goto err; - } - - // X509_cmp_time comparison is <=. + int64_t compare_time = (cmp_time == NULL) ? time(NULL) : *cmp_time; // The return value 0 is reserved for errors. - ret = (day >= 0 && sec >= 0) ? -1 : 1; - -err: - ASN1_TIME_free(asn1_cmp_time); - return ret; + return (ctm_time - compare_time <= 0) ? -1 : 1; } ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long offset_sec) { diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h index 5ae006444..b7dfed239 100644 --- a/include/openssl/asn1.h +++ b/include/openssl/asn1.h @@ -1379,6 +1379,15 @@ OPENSSL_EXPORT ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime( // GeneralizedTime. If |str| is neither, it returns zero. OPENSSL_EXPORT int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); +// ASN1_TIME_to_time_t converts |t| to a time_t value in |out|. On +// success, one is returned. On failure zero is returned. This function +// will fail if the time can not be represented in a time_t. +OPENSSL_EXPORT int ASN1_TIME_to_time_t(const ASN1_TIME *t, time_t *out); + +// ASN1_TIME_to_posix converts |t| to a POSIX time value in |out|. On +// success, one is returned. On failure zero is returned. +OPENSSL_EXPORT int ASN1_TIME_to_posix(const ASN1_TIME *t, int64_t *out); + // TODO(davidben): Expand and document function prototypes generated in macros.