Introduce ASN1_TIME_set_string_X509 API

Make funcs to deal with non-null-term'd string
in both asn1_generalizedtime_to_tm() and asn1_utctime_to_tm().

Fixes issue #3444.

This one is used to enforce strict format (RFC 5280) check and to
convert GeneralizedTime to UTCTime.

apps/ca has been changed to use the new API.

Test cases and documentation are updated/added

Signed-off-by: Paul Yang <paulyang.inf@gmail.com>

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3566)

1 files changed, 3 insertions, 0 deletions

diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h
index ea24799..6040992 100644
--- a/include/openssl/asn1.h
+++ b/include/openssl/asn1.h
@@ -141,6 +141,8 @@ DEFINE_STACK_OF(X509_ALGOR)
 # define ASN1_STRING_FLAG_MSTRING 0x040
 /* String is embedded and only content should be freed */
 # define ASN1_STRING_FLAG_EMBED 0x080
+/* String should be parsed in RFC 5280's time format */
+# define ASN1_STRING_FLAG_X509_TIME 0x100
 /* This is the base type that holds just about everything :-) */
 struct asn1_string_st {
     int length;
@@ -628,6 +630,7 @@ int ASN1_TIME_check(const ASN1_TIME *t);
 ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t,
                                                    ASN1_GENERALIZEDTIME **out);
 int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
+int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str);
 int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm);
 
 int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a);