diff --git a/src/ssl.c b/src/ssl.c index a021065ab..8d5801157 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -45320,24 +45320,16 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME *s, time_t t, int offset_day, long offset_sec) { const time_t sec_per_day = 24*60*60; - struct tm* ts = NULL; - struct tm* tmpTime; time_t t_adj = 0; time_t offset_day_sec = 0; -#if defined(NEED_TMP_TIME) - struct tm tmpTimeStorage; - - tmpTime = &tmpTimeStorage; -#else - tmpTime = NULL; -#endif - (void)tmpTime; + char time_str[MAX_TIME_STRING_SZ]; + int time_get; WOLFSSL_ENTER("wolfSSL_ASN1_TIME_adj"); - if (s == NULL){ + if (s == NULL) { s = wolfSSL_ASN1_TIME_new(); - if (s == NULL){ + if (s == NULL) { return NULL; } } @@ -45345,54 +45337,18 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME *s, time_t t, /* compute GMT time with offset */ offset_day_sec = offset_day * sec_per_day; t_adj = t + offset_day_sec + offset_sec; - ts = (struct tm *)XGMTIME(&t_adj, tmpTime); - if (ts == NULL){ - WOLFSSL_MSG("failed to get time data."); + + /* Get time string as either UTC or GeneralizedTime */ + time_get = GetFormattedTime(&t_adj, (byte*)time_str, + (word32)sizeof(time_str)); + if (time_get <= 0) { wolfSSL_ASN1_TIME_free(s); return NULL; } - /* create ASN1 time notation */ - /* UTC Time */ - if (ts->tm_year >= 50 && ts->tm_year < 150){ - char utc_str[ASN_UTC_TIME_SIZE]; - int utc_year = 0,utc_mon,utc_day,utc_hour,utc_min,utc_sec; - - if (ts->tm_year >= 50 && ts->tm_year < 100){ - utc_year = ts->tm_year; - } else if (ts->tm_year >= 100 && ts->tm_year < 150){ - utc_year = ts->tm_year - 100; - } - utc_mon = ts->tm_mon + 1; - utc_day = ts->tm_mday; - utc_hour = ts->tm_hour; - utc_min = ts->tm_min; - utc_sec = ts->tm_sec; - XSNPRINTF((char *)utc_str, sizeof(utc_str), - "%02d%02d%02d%02d%02d%02dZ", - utc_year, utc_mon, utc_day, utc_hour, utc_min, utc_sec); - if (wolfSSL_ASN1_TIME_set_string(s, utc_str) != WOLFSSL_SUCCESS) { - wolfSSL_ASN1_TIME_free(s); - return NULL; - } - /* GeneralizedTime */ - } else { - char gt_str[ASN_GENERALIZED_TIME_MAX]; - int gt_year,gt_mon,gt_day,gt_hour,gt_min,gt_sec; - - gt_year = ts->tm_year + 1900; - gt_mon = ts->tm_mon + 1; - gt_day = ts->tm_mday; - gt_hour = ts->tm_hour; - gt_min = ts->tm_min; - gt_sec = ts->tm_sec; - XSNPRINTF((char *)gt_str, sizeof(gt_str), - "%4d%02d%02d%02d%02d%02dZ", - gt_year, gt_mon, gt_day, gt_hour, gt_min,gt_sec); - if (wolfSSL_ASN1_TIME_set_string(s, gt_str) != WOLFSSL_SUCCESS) { - wolfSSL_ASN1_TIME_free(s); - return NULL; - } + if (wolfSSL_ASN1_TIME_set_string(s, time_str) != WOLFSSL_SUCCESS) { + wolfSSL_ASN1_TIME_free(s); + return NULL; } return s; diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index a21ea282f..f9b92fcc5 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -12192,19 +12192,68 @@ int GetTimeString(byte* date, int format, char* buf, int len) #endif /* OPENSSL_ALL || WOLFSSL_MYSQL_COMPATIBLE || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ -#if !defined(NO_ASN_TIME) && defined(HAVE_PKCS7) - +#if !defined(NO_ASN_TIME) && !defined(USER_TIME) && \ + !defined(TIME_OVERRIDES) && (defined(OPENSSL_EXTRA) || defined(HAVE_PKCS7)) /* Set current time string, either UTC or GeneralizedTime. * (void*) tm should be a pointer to time_t, output is placed in buf. * * Return time string length placed in buf on success, negative on error */ int GetAsnTimeString(void* currTime, byte* buf, word32 len) +{ + byte* data_ptr = buf; + byte uf_time[ASN_GENERALIZED_TIME_SIZE]; + word32 data_len = 0; + + WOLFSSL_ENTER("GetAsnTimeString"); + + if (buf == NULL || len == 0) + return BAD_FUNC_ARG; + + XMEMSET(uf_time, 0, sizeof(uf_time)); + /* GetFormattedTime returns length with null terminator */ + data_len = GetFormattedTime(currTime, uf_time, len); + if (data_len <= 0) { + return ASN_TIME_E; + } + /* ensure room to add 2 bytes (ASN type and length) before proceeding */ + else if (len < data_len + 2) { + return BUFFER_E; + } + + if (data_len == ASN_UTC_TIME_SIZE-1) { + /* increment data_len for ASN length byte after adding the data_ptr */ + *data_ptr = (byte)ASN_UTC_TIME; data_ptr++; data_len++; + /* -1 below excludes null terminator */ + *data_ptr = (byte)ASN_UTC_TIME_SIZE - 1; data_ptr++; data_len++; + XMEMCPY(data_ptr, (byte *)uf_time, ASN_UTC_TIME_SIZE - 1); + *data_ptr += ASN_UTC_TIME_SIZE - 1; + } + else if (data_len == ASN_GENERALIZED_TIME_SIZE-1) { + /* increment data_len for ASN length byte after adding the data_ptr */ + *data_ptr = (byte)ASN_GENERALIZED_TIME; data_ptr++; data_len++; + /* -1 below excludes null terminator */ + *data_ptr = (byte)ASN_GENERALIZED_TIME_SIZE - 1; data_ptr++; data_len++; + XMEMCPY(data_ptr, (byte*)uf_time, ASN_GENERALIZED_TIME_SIZE - 1); + *data_ptr += ASN_GENERALIZED_TIME_SIZE - 1; + } + else { + WOLFSSL_MSG("Invalid time size returned"); + return ASN_TIME_E; + } + /* append null terminator */ + *data_ptr = 0; + + /* return length without null terminator */ + return data_len; +} + +/* return just the time string as either UTC or Generalized Time*/ +int GetFormattedTime(void* currTime, byte* buf, word32 len) { struct tm* ts = NULL; struct tm* tmpTime = NULL; - byte* data_ptr = buf; - word32 data_len = 0; int year, mon, day, hour, mini, sec; + int ret; #if defined(NEED_TMP_TIME) struct tm tmpTimeStorage; tmpTime = &tmpTimeStorage; @@ -12212,13 +12261,13 @@ int GetAsnTimeString(void* currTime, byte* buf, word32 len) (void)tmpTime; #endif - WOLFSSL_ENTER("SetAsnTimeString"); + WOLFSSL_ENTER("GetFormattedTime"); if (buf == NULL || len == 0) return BAD_FUNC_ARG; ts = (struct tm *)XGMTIME((time_t*)currTime, tmpTime); - if (ts == NULL){ + if (ts == NULL) { WOLFSSL_MSG("failed to get time data."); return ASN_TIME_E; } @@ -12228,15 +12277,10 @@ int GetAsnTimeString(void* currTime, byte* buf, word32 len) if (ts->tm_year >= 50 && ts->tm_year < 150) { /* UTC Time */ - char utc_str[ASN_UTC_TIME_SIZE]; - data_len = ASN_UTC_TIME_SIZE - 1 + 2; - - if (len < data_len) - return BUFFER_E; - if (ts->tm_year >= 50 && ts->tm_year < 100) { year = ts->tm_year; - } else if (ts->tm_year >= 100 && ts->tm_year < 150) { + } + else if (ts->tm_year >= 100 && ts->tm_year < 150) { year = ts->tm_year - 100; } else { @@ -12248,40 +12292,28 @@ int GetAsnTimeString(void* currTime, byte* buf, word32 len) hour = ts->tm_hour; mini = ts->tm_min; sec = ts->tm_sec; - XSNPRINTF((char *)utc_str, ASN_UTC_TIME_SIZE, - "%02d%02d%02d%02d%02d%02dZ", year, mon, day, hour, mini, sec); - *data_ptr = (byte) ASN_UTC_TIME; data_ptr++; - /* -1 below excludes null terminator */ - *data_ptr = (byte) ASN_UTC_TIME_SIZE - 1; data_ptr++; - XMEMCPY(data_ptr,(byte *)utc_str, ASN_UTC_TIME_SIZE - 1); - - } else { + ret = XSNPRINTF((char*)buf, len, + "%02d%02d%02d%02d%02d%02dZ", year, mon, day, + hour, mini, sec); + } + else { /* GeneralizedTime */ - char gt_str[ASN_GENERALIZED_TIME_SIZE]; - data_len = ASN_GENERALIZED_TIME_SIZE - 1 + 2; - - if (len < data_len) - return BUFFER_E; - year = ts->tm_year + 1900; mon = ts->tm_mon + 1; day = ts->tm_mday; hour = ts->tm_hour; mini = ts->tm_min; sec = ts->tm_sec; - XSNPRINTF((char *)gt_str, ASN_GENERALIZED_TIME_SIZE, - "%4d%02d%02d%02d%02d%02dZ", year, mon, day, hour, mini, sec); - *data_ptr = (byte) ASN_GENERALIZED_TIME; data_ptr++; - /* -1 below excludes null terminator */ - *data_ptr = (byte) ASN_GENERALIZED_TIME_SIZE - 1; data_ptr++; - XMEMCPY(data_ptr,(byte *)gt_str, ASN_GENERALIZED_TIME_SIZE - 1); + ret = XSNPRINTF((char*)buf, len, + "%4d%02d%02d%02d%02d%02dZ", year, mon, day, + hour, mini, sec); } - return data_len; + return ret; } -#endif /* !NO_ASN_TIME && HAVE_PKCS7 */ - +#endif /* !NO_ASN_TIME && !USER_TIME && !TIME_OVERRIDES && + * (OPENSSL_EXTRA || HAVE_PKCS7) */ #if defined(USE_WOLF_VALIDDATE) diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 723b37c3a..7838fe9de 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -156,8 +156,13 @@ enum ASN_Tags { ASN_ASYMKEY_PUBKEY = 0x01, }; -#define ASN_UTC_TIME_SIZE 14 -#define ASN_GENERALIZED_TIME_SIZE 16 +/* NOTE: If ASN_UTC_TIME_SIZE or ASN_GENERALIZED_TIME_SIZE are ever modified + * one needs to update the logic in asn.c function GetAsnTimeString() + * which depends on the size 14 and/or 16 to determine which format to + * place in the "buf" (output) + */ +#define ASN_UTC_TIME_SIZE 14 /* Read note above before modifying */ +#define ASN_GENERALIZED_TIME_SIZE 16 /* Read note above before modifying */ #define ASN_GENERALIZED_TIME_MAX 68 #ifdef WOLFSSL_ASN_TEMPLATE @@ -1894,7 +1899,9 @@ typedef struct tm wolfssl_tm; defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) WOLFSSL_LOCAL int GetTimeString(byte* date, int format, char* buf, int len); #endif -#if !defined(NO_ASN_TIME) && defined(HAVE_PKCS7) +#if !defined(NO_ASN_TIME) && !defined(USER_TIME) && \ + !defined(TIME_OVERRIDES) && (defined(OPENSSL_EXTRA) || defined(HAVE_PKCS7)) +WOLFSSL_LOCAL int GetFormattedTime(void* currTime, byte* buf, word32 len); WOLFSSL_LOCAL int GetAsnTimeString(void* currTime, byte* buf, word32 len); #endif WOLFSSL_LOCAL int ExtractDate(const unsigned char* date, unsigned char format,