xref: /openbsd/lib/libcrypto/man/ASN1_TIME_set.3 (revision 73471bf0) 
1.\" $OpenBSD: ASN1_TIME_set.3,v 1.16 2021/11/21 17:35:53 schwarze Exp $
2.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
3.\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
4.\"
5.\" This file was written by Dr. Stephen Henson <steve@openssl.org>
6.\" and Todd Short <tshort@akamai.com>.
7.\" Copyright (c) 2015, 2017 The OpenSSL Project.  All rights reserved.
8.\"
9.\" Redistribution and use in source and binary forms, with or without
10.\" modification, are permitted provided that the following conditions
11.\" are met:
12.\"
13.\" 1. Redistributions of source code must retain the above copyright
14.\"    notice, this list of conditions and the following disclaimer.
15.\"
16.\" 2. Redistributions in binary form must reproduce the above copyright
17.\"    notice, this list of conditions and the following disclaimer in
18.\"    the documentation and/or other materials provided with the
19.\"    distribution.
20.\"
21.\" 3. All advertising materials mentioning features or use of this
22.\"    software must display the following acknowledgment:
23.\"    "This product includes software developed by the OpenSSL Project
24.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
25.\"
26.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27.\"    endorse or promote products derived from this software without
28.\"    prior written permission. For written permission, please contact
29.\"    openssl-core@openssl.org.
30.\"
31.\" 5. Products derived from this software may not be called "OpenSSL"
32.\"    nor may "OpenSSL" appear in their names without prior written
33.\"    permission of the OpenSSL Project.
34.\"
35.\" 6. Redistributions of any form whatsoever must retain the following
36.\"    acknowledgment:
37.\"    "This product includes software developed by the OpenSSL Project
38.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
39.\"
40.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
44.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51.\" OF THE POSSIBILITY OF SUCH DAMAGE.
52.\"
53.Dd $Mdocdate: November 21 2021 $
54.Dt ASN1_TIME_SET 3
55.Os
56.Sh NAME
57.Nm ASN1_TIME_set ,
58.Nm ASN1_UTCTIME_set ,
59.Nm ASN1_GENERALIZEDTIME_set ,
60.Nm ASN1_TIME_adj ,
61.Nm ASN1_UTCTIME_adj ,
62.Nm ASN1_GENERALIZEDTIME_adj ,
63.Nm ASN1_TIME_set_string ,
64.Nm ASN1_UTCTIME_set_string ,
65.Nm ASN1_GENERALIZEDTIME_set_string ,
66.Nm ASN1_TIME_check ,
67.Nm ASN1_UTCTIME_check ,
68.Nm ASN1_GENERALIZEDTIME_check ,
69.Nm ASN1_TIME_print ,
70.Nm ASN1_UTCTIME_print ,
71.Nm ASN1_GENERALIZEDTIME_print ,
72.Nm ASN1_TIME_diff ,
73.Nm ASN1_UTCTIME_cmp_time_t ,
74.Nm ASN1_TIME_to_generalizedtime
75.Nd ASN.1 Time functions
76.Sh SYNOPSIS
77.In openssl/asn1.h
78.Ft ASN1_TIME *
79.Fo ASN1_TIME_set
80.Fa "ASN1_TIME *s"
81.Fa "time_t t"
82.Fc
83.Ft ASN1_UTCTIME *
84.Fo ASN1_UTCTIME_set
85.Fa "ASN1_UTCTIME *s"
86.Fa "time_t t"
87.Fc
88.Ft ASN1_GENERALIZEDTIME *
89.Fo ASN1_GENERALIZEDTIME_set
90.Fa "ASN1_GENERALIZEDTIME *s"
91.Fa "time_t t"
92.Fc
93.Ft ASN1_TIME *
94.Fo ASN1_TIME_adj
95.Fa "ASN1_TIME *s"
96.Fa "time_t t"
97.Fa "int offset_day"
98.Fa "long offset_sec"
99.Fc
100.Ft ASN1_UTCTIME *
101.Fo ASN1_UTCTIME_adj
102.Fa "ASN1_UTCTIME *s"
103.Fa "time_t t"
104.Fa "int offset_day"
105.Fa "long offset_sec"
106.Fc
107.Ft ASN1_GENERALIZEDTIME *
108.Fo ASN1_GENERALIZEDTIME_adj
109.Fa "ASN1_GENERALIZEDTIME *s"
110.Fa "time_t t"
111.Fa "int offset_day"
112.Fa "long offset_sec"
113.Fc
114.Ft int
115.Fo ASN1_TIME_set_string
116.Fa "ASN1_TIME *s"
117.Fa "const char *str"
118.Fc
119.Ft int
120.Fo ASN1_UTCTIME_set_string
121.Fa "ASN1_UTCTIME *s"
122.Fa "const char *str"
123.Fc
124.Ft int
125.Fo ASN1_GENERALIZEDTIME_set_string
126.Fa "ASN1_GENERALIZEDTIME *s"
127.Fa "const char *str"
128.Fc
129.Ft int
130.Fo ASN1_TIME_check
131.Fa "const ASN1_TIME *t"
132.Fc
133.Ft int
134.Fo ASN1_UTCTIME_check
135.Fa "const ASN1_UTCTIME *t"
136.Fc
137.Ft int
138.Fo ASN1_GENERALIZEDTIME_check
139.Fa "const ASN1_GENERALIZEDTIME *t"
140.Fc
141.Ft int
142.Fo ASN1_TIME_print
143.Fa "BIO *b"
144.Fa "const ASN1_TIME *s"
145.Fc
146.Ft int
147.Fo ASN1_UTCTIME_print
148.Fa "BIO *b"
149.Fa "const ASN1_UTCTIME *s"
150.Fc
151.Ft int
152.Fo ASN1_GENERALIZEDTIME_print
153.Fa "BIO *b"
154.Fa "const ASN1_GENERALIZEDTIME *s"
155.Fc
156.Ft int
157.Fo ASN1_TIME_diff
158.Fa "int *pday"
159.Fa "int *psec"
160.Fa "const ASN1_TIME *from"
161.Fa "const ASN1_TIME *to"
162.Fc
163.Ft int
164.Fo ASN1_UTCTIME_cmp_time_t
165.Fa "const ASN1_UTCTIME *s"
166.Fa "time_t t"
167.Fc
168.Ft ASN1_GENERALIZEDTIME *
169.Fo ASN1_TIME_to_generalizedtime
170.Fa "const ASN1_TIME *t"
171.Fa "ASN1_GENERALIZEDTIME **out"
172.Fc
173.Sh DESCRIPTION
174The functions
175.Fn ASN1_TIME_set ,
176.Fn ASN1_UTCTIME_set ,
177and
178.Fn ASN1_GENERALIZEDTIME_set
179set the time structure
180.Fa s
181to the time represented by the
182.Vt time_t
183value
184.Fa t .
185If
186.Fa s
187is
188.Dv NULL ,
189a new time structure is allocated and returned.
190.Pp
191The functions
192.Fn ASN1_TIME_adj ,
193.Fn ASN1_UTCTIME_adj ,
194and
195.Fn ASN1_GENERALIZEDTIME_adj
196set the time structure
197.Fa s
198to the time represented by the time
199.Fa offset_day
200and
201.Fa offset_sec
202after the
203.Vt time_t
204value
205.Fa t .
206The values of
207.Fa offset_day
208or
209.Fa offset_sec
210can be negative to set a time before
211.Fa t .
212The
213.Fa offset_sec
214value can also exceed the number of seconds in a day.
215If
216.Fa s
217is
218.Dv NULL ,
219a new time structure is allocated and returned.
220.Pp
221.Fn ASN1_TIME_adj
222may change the type from
223.Vt ASN1_GENERALIZEDTIME
224to
225.Vt ASN1_UTCTIME
226or vice versa depending on the resulting year.
227The functions
228.Fn ASN1_UTCTIME_adj
229and
230.Fn ASN1_GENERALIZEDTIME_adj
231do not modify the type of the return structure.
232.Pp
233The functions
234.Fn ASN1_TIME_set_string ,
235.Fn ASN1_UTCTIME_set_string ,
236and
237.Fn ASN1_GENERALIZEDTIME_set_string
238set the time structure
239.Fa s
240to the time represented by the string
241.Fa str ,
242which must be in appropriate ASN.1 time format (for example
243YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ).
244The string
245.Fa str
246is copied into
247.Fa s .
248If
249.Fa s
250is
251.Dv NULL ,
252these functions only perform a format check on
253.Fa str .
254.Pp
255The functions
256.Fn ASN1_TIME_check ,
257.Fn ASN1_UTCTIME_check ,
258and
259.Fn ASN1_GENERALIZEDTIME_check
260check the syntax of the time structure
261.Fa s .
262.Pp
263The functions
264.Fn ASN1_TIME_print ,
265.Fn ASN1_UTCTIME_print ,
266and
267.Fn ASN1_GENERALIZEDTIME_print
268print out the time
269.Fa s
270to
271.Vt BIO
272.Fa b
273in human readable format.
274It will be of the format MMM DD HH:MM:SS YYYY [GMT], for example "Feb 3
27500:55:52 2015 GMT".
276It does not include a newline.
277If the time structure has an invalid format,
278it prints out "Bad time value" and returns an error.
279The output of
280.Fn ASN1_GENERALIZEDTIME_print
281may include a fractional part following the second.
282.Pp
283The function
284.Fn ASN1_TIME_diff
285sets
286.Pf * Fa pday
287and
288.Pf * Fa psec
289to the time difference between
290.Fa from
291and
292.Fa to .
293If
294.Fa to
295represents a time later than
296.Fa from ,
297then one or both (depending on the time difference) of
298.Pf * Fa pday
299and
300.Pf * Fa psec
301will be positive.
302If
303.Fa to
304represents a time earlier than
305.Fa from ,
306then one or both of
307.Pf * Fa pday
308and
309.Pf * Fa psec
310will be negative.
311If
312.Fa to
313and
314.Fa from
315represent the same time, then
316.Pf * Fa pday
317and
318.Pf * Fa psec
319will both be zero.
320If both
321.Pf * Fa pday
322and
323.Pf * Fa psec
324are nonzero they will always have the same sign.
325The value of
326.Pf * Fa psec
327will always be less than the number of seconds in a day.
328If
329.Fa from
330or
331.Fa to
332is
333.Dv NULL ,
334the current time is used.
335.Pp
336The function
337.Fn ASN1_UTCTIME_cmp_time_t
338compares the two times represented by
339.Fa s
340and
341.Fa t .
342.Pp
343The function
344.Fn ASN1_TIME_to_generalizedtime
345converts the
346.Vt ASN1_TIME
347.Fa t
348to an
349.Vt ASN1_GENERALIZEDTIME ,
350regardless of year.
351If either
352.Fa out
353or
354.Pf * Fa out
355is
356.Dv NULL ,
357then a new object is allocated and must be freed after use.
358.Pp
359The
360.Vt ASN1_TIME
361structure corresponds to the ASN.1 structure
362.Sy Time
363defined in RFC 5280 et al.
364The time setting functions obey the rules outlined in RFC 5280: if the
365date can be represented by UTCTime it is used, otherwise GeneralizedTime is
366used.
367.Pp
368The
369.Vt ASN1_TIME ,
370.Vt ASN1_UTCTIME ,
371and
372.Vt ASN1_GENERALIZEDTIME
373structures are represented as
374.Vt ASN1_STRING
375structures internally and can be freed using
376.Xr ASN1_STRING_free 3 .
377.Pp
378The
379.Vt ASN1_TIME
380structure can represent years from 0000 to 9999 but no attempt is
381made to correct ancient calendar changes (for example from Julian
382to Gregorian calendars).
383.Pp
384.Vt ASN1_UTCTIME
385is limited to a year range of 1950 through 2049.
386.Pp
387It is recommended that
388.Vt ASN1_TIME
389functions be used instead of
390.Vt ASN1_UTCTIME
391or
392.Vt ASN1_GENERALIZEDTIME
393functions because the
394.Vt ASN1_UTCTIME
395and
396.Vt ASN1_GENERALIZEDTIME
397functions act only on that specific time format, while the
398.Vt ASN1_TIME
399functions operate on either format.
400.Sh RETURN VALUES
401.Fn ASN1_TIME_set ,
402.Fn ASN1_UTCTIME_set ,
403.Fn ASN1_GENERALIZEDTIME_set ,
404.Fn ASN1_TIME_adj ,
405.Fn ASN1_UTCTIME_adj ,
406.Fn ASN1_GENERALIZEDTIME_adj ,
407and
408.Fn ASN1_TIME_to_generalizedtime
409return a pointer to a time structure or
410.Dv NULL
411if an error occurred.
412.Pp
413.Fn ASN1_TIME_set_string ,
414.Fn ASN1_UTCTIME_set_string ,
415and
416.Fn ASN1_GENERALIZEDTIME_set_string
417return 1 if the time value is successfully set or 0 otherwise.
418.Pp
419.Fn ASN1_TIME_check ,
420.Fn ASN1_UTCTIME_check ,
421and
422.Fn ASN1_GENERALIZEDTIME_check
423return 1 if the time structure is syntactically correct or 0 otherwise.
424.Pp
425.Fn ASN1_TIME_print ,
426.Fn ASN1_UTCTIME_print ,
427and
428.Fn ASN1_GENERALIZEDTIME_print
429return 1 if the time is successfully printed or 0 if an error
430occurred (I/O error or invalid time format).
431.Pp
432.Fn ASN1_TIME_diff
433returns 1 for success or 0 for failure.
434It can for example fail if a time structure passed in has invalid syntax.
435.Pp
436.Fn ASN1_UTCTIME_cmp_time_t
437returns \-1 if
438.Fa s
439is earlier than
440.Fa t ,
4410 if both are equal, 1 if
442.Fa s
443is later than
444.Fa t ,
445or \-2 on error.
446.Sh EXAMPLES
447Set a time structure to one hour after the current time and print it
448out:
449.Bd -literal -offset indent
450#include <time.h>
451#include <openssl/asn1.h>
452
453ASN1_TIME *tm;
454time_t t;
455BIO *b;
456
457t = time(NULL);
458tm = ASN1_TIME_adj(NULL, t, 0, 60 * 60);
459b = BIO_new_fp(stdout, BIO_NOCLOSE);
460ASN1_TIME_print(b, tm);
461ASN1_STRING_free(tm);
462BIO_free(b);
463.Ed
464.Sh SEE ALSO
465.Xr ASN1_TIME_new 3 ,
466.Xr ASN1_time_parse 3 ,
467.Xr X509_cmp_time 3
468.Sh HISTORY
469.Fn ASN1_UTCTIME_check
470and
471.Fn ASN1_UTCTIME_print
472first appeared in SSLeay 0.5.1.
473.Fn ASN1_UTCTIME_set
474first appeared in SSLeay 0.6.0.
475.Fn ASN1_UTCTIME_set_string
476first appeared in SSLeay 0.9.0.
477All these functions have been available since
478.Ox 2.4 .
479.Pp
480.Fn ASN1_TIME_set ,
481.Fn ASN1_GENERALIZEDTIME_set ,
482.Fn ASN1_GENERALIZEDTIME_set_string ,
483.Fn ASN1_GENERALIZEDTIME_check ,
484.Fn ASN1_TIME_print ,
485and
486.Fn ASN1_GENERALIZEDTIME_print
487first appeared in OpenSSL 0.9.2b and have been available since
488.Ox 2.6 .
489.Pp
490.Fn ASN1_UTCTIME_cmp_time_t
491first appeared in OpenSSL 0.9.6 and has been available since
492.Ox 2.9 .
493.Pp
494.Fn ASN1_TIME_check
495and
496.Fn ASN1_TIME_to_generalizedtime
497first appeared in OpenSSL 0.9.7 and have been available since
498.Ox 3.2 .
499.Pp
500.Fn ASN1_TIME_adj ,
501.Fn ASN1_UTCTIME_adj ,
502.Fn ASN1_GENERALIZEDTIME_adj ,
503and
504.Fn ASN1_TIME_set_string
505first appeared in OpenSSL 1.0.0 and have been available since
506.Ox 4.9 .
507.Pp
508.Fn ASN1_TIME_diff
509first appeared in OpenSSL 1.0.2 and have been available since
510.Ox 7.1 .
511.Sh CAVEATS
512Some applications add offset times directly to a
513.Vt time_t
514value and pass the results to
515.Fn ASN1_TIME_set
516(or equivalent).
517This can cause problems as the
518.Vt time_t
519value can overflow on some systems resulting in unexpected results.
520New applications should use
521.Fn ASN1_TIME_adj
522instead and pass the offset value in the
523.Fa offset_sec
524and
525.Fa offset_day
526parameters instead of directly manipulating a
527.Vt time_t
528value.
529.Sh BUGS
530.Fn ASN1_TIME_print ,
531.Fn ASN1_UTCTIME_print ,
532and
533.Fn ASN1_GENERALIZEDTIME_print
534do not print the time zone: they either print "GMT" or nothing.
535But all certificates complying with RFC 5280 et al use GMT anyway.
536