/src/boringssl/crypto/asn1/posix_time.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* Copyright (c) 2022, Google Inc. |
2 | | * |
3 | | * Permission to use, copy, modify, and/or distribute this software for any |
4 | | * purpose with or without fee is hereby granted, provided that the above |
5 | | * copyright notice and this permission notice appear in all copies. |
6 | | * |
7 | | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
8 | | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
9 | | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY |
10 | | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
11 | | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION |
12 | | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN |
13 | | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ |
14 | | |
15 | | // Time conversion to/from POSIX time_t and struct tm, with no support |
16 | | // for time zones other than UTC |
17 | | |
18 | | #include <openssl/posix_time.h> |
19 | | |
20 | | #include <assert.h> |
21 | | #include <inttypes.h> |
22 | | #include <limits.h> |
23 | | #include <string.h> |
24 | | #include <time.h> |
25 | | |
26 | | #include "internal.h" |
27 | | |
28 | 0 | #define SECS_PER_HOUR (60 * 60) |
29 | 0 | #define SECS_PER_DAY (INT64_C(24) * SECS_PER_HOUR) |
30 | | |
31 | | |
32 | | // Is a year/month/day combination valid, in the range from year 0000 |
33 | | // to 9999? |
34 | 0 | static int is_valid_date(int64_t year, int64_t month, int64_t day) { |
35 | 0 | if (day < 1 || month < 1 || year < 0 || year > 9999) { |
36 | 0 | return 0; |
37 | 0 | } |
38 | 0 | switch (month) { |
39 | 0 | case 1: |
40 | 0 | case 3: |
41 | 0 | case 5: |
42 | 0 | case 7: |
43 | 0 | case 8: |
44 | 0 | case 10: |
45 | 0 | case 12: |
46 | 0 | return day > 0 && day <= 31; |
47 | 0 | case 4: |
48 | 0 | case 6: |
49 | 0 | case 9: |
50 | 0 | case 11: |
51 | 0 | return day > 0 && day <= 30; |
52 | 0 | case 2: |
53 | 0 | if ((year % 4 == 0 && year % 100 != 0) || year % 400 == 0) { |
54 | 0 | return day > 0 && day <= 29; |
55 | 0 | } else { |
56 | 0 | return day > 0 && day <= 28; |
57 | 0 | } |
58 | 0 | default: |
59 | 0 | return 0; |
60 | 0 | } |
61 | 0 | } |
62 | | |
63 | | // Is a time valid? Leap seconds of 60 are not considered valid, as |
64 | | // the POSIX time in seconds does not include them. |
65 | 0 | static int is_valid_time(int64_t hours, int64_t minutes, int64_t seconds) { |
66 | 0 | if (hours < 0 || minutes < 0 || seconds < 0 || hours > 23 || minutes > 59 || |
67 | 0 | seconds > 59) { |
68 | 0 | return 0; |
69 | 0 | } |
70 | 0 | return 1; |
71 | 0 | } |
72 | | |
73 | | // 0000-01-01 00:00:00 UTC |
74 | 0 | #define MIN_POSIX_TIME INT64_C(-62167219200) |
75 | | // 9999-12-31 23:59:59 UTC |
76 | 0 | #define MAX_POSIX_TIME INT64_C(253402300799) |
77 | | |
78 | | // Is an int64 time within our expected range? |
79 | 0 | static int is_valid_posix_time(int64_t time) { |
80 | 0 | return MIN_POSIX_TIME <= time && time <= MAX_POSIX_TIME; |
81 | 0 | } |
82 | | |
83 | | // Inspired by algorithms presented in |
84 | | // https://howardhinnant.github.io/date_algorithms.html |
85 | | // (Public Domain) |
86 | | static int posix_time_from_utc(int64_t year, int64_t month, int64_t day, |
87 | | int64_t hours, int64_t minutes, int64_t seconds, |
88 | 0 | int64_t *out_time) { |
89 | 0 | if (!is_valid_date(year, month, day) || |
90 | 0 | !is_valid_time(hours, minutes, seconds)) { |
91 | 0 | return 0; |
92 | 0 | } |
93 | 0 | if (month <= 2) { |
94 | 0 | year--; // Start years on Mar 1, so leap days always finish a year. |
95 | 0 | } |
96 | | // At this point year will be in the range -1 and 9999. |
97 | 0 | assert(-1 <= year && year <= 9999); |
98 | 0 | int64_t era = (year >= 0 ? year : year - 399) / 400; |
99 | 0 | int64_t year_of_era = year - era * 400; |
100 | 0 | int64_t day_of_year = |
101 | 0 | (153 * (month > 2 ? month - 3 : month + 9) + 2) / 5 + day - 1; |
102 | 0 | int64_t day_of_era = |
103 | 0 | year_of_era * 365 + year_of_era / 4 - year_of_era / 100 + day_of_year; |
104 | 0 | int64_t posix_days = era * 146097 + day_of_era - 719468; |
105 | 0 | *out_time = posix_days * SECS_PER_DAY + hours * SECS_PER_HOUR + minutes * 60 + |
106 | 0 | seconds; |
107 | 0 | return 1; |
108 | 0 | } |
109 | | |
110 | | // Inspired by algorithms presented in |
111 | | // https://howardhinnant.github.io/date_algorithms.html |
112 | | // (Public Domain) |
113 | | static int utc_from_posix_time(int64_t time, int *out_year, int *out_month, |
114 | | int *out_day, int *out_hours, int *out_minutes, |
115 | 0 | int *out_seconds) { |
116 | 0 | if (!is_valid_posix_time(time)) { |
117 | 0 | return 0; |
118 | 0 | } |
119 | 0 | int64_t days = time / SECS_PER_DAY; |
120 | 0 | int64_t leftover_seconds = time % SECS_PER_DAY; |
121 | 0 | if (leftover_seconds < 0) { |
122 | 0 | days--; |
123 | 0 | leftover_seconds += SECS_PER_DAY; |
124 | 0 | } |
125 | 0 | days += 719468; // Shift to starting epoch of Mar 1 0000. |
126 | | // At this point, days will be in the range -61 and 3652364. |
127 | 0 | assert(-61 <= days && days <= 3652364); |
128 | 0 | int64_t era = (days > 0 ? days : days - 146096) / 146097; |
129 | 0 | int64_t day_of_era = days - era * 146097; |
130 | 0 | int64_t year_of_era = (day_of_era - day_of_era / 1460 + day_of_era / 36524 - |
131 | 0 | day_of_era / 146096) / |
132 | 0 | 365; |
133 | 0 | *out_year = (int)(year_of_era + era * 400); // Year starting on Mar 1. |
134 | 0 | int64_t day_of_year = |
135 | 0 | day_of_era - (365 * year_of_era + year_of_era / 4 - year_of_era / 100); |
136 | 0 | int64_t month_of_year = (5 * day_of_year + 2) / 153; |
137 | 0 | *out_month = |
138 | 0 | (int)(month_of_year < 10 ? month_of_year + 3 : month_of_year - 9); |
139 | 0 | if (*out_month <= 2) { |
140 | 0 | (*out_year)++; // Adjust year back to Jan 1 start of year. |
141 | 0 | } |
142 | 0 | *out_day = (int)(day_of_year - (153 * month_of_year + 2) / 5 + 1); |
143 | 0 | *out_hours = (int)(leftover_seconds / SECS_PER_HOUR); |
144 | 0 | leftover_seconds %= SECS_PER_HOUR; |
145 | 0 | *out_minutes = (int)(leftover_seconds / 60); |
146 | 0 | *out_seconds = (int)(leftover_seconds % 60); |
147 | 0 | return 1; |
148 | 0 | } |
149 | | |
150 | 0 | int OPENSSL_tm_to_posix(const struct tm *tm, int64_t *out) { |
151 | 0 | return posix_time_from_utc(tm->tm_year + INT64_C(1900), |
152 | 0 | tm->tm_mon + INT64_C(1), tm->tm_mday, tm->tm_hour, |
153 | 0 | tm->tm_min, tm->tm_sec, out); |
154 | 0 | } |
155 | | |
156 | 0 | int OPENSSL_posix_to_tm(int64_t time, struct tm *out_tm) { |
157 | 0 | struct tm tmp_tm = {0}; |
158 | 0 | if (!utc_from_posix_time(time, &tmp_tm.tm_year, &tmp_tm.tm_mon, |
159 | 0 | &tmp_tm.tm_mday, &tmp_tm.tm_hour, &tmp_tm.tm_min, |
160 | 0 | &tmp_tm.tm_sec)) { |
161 | 0 | return 0; |
162 | 0 | } |
163 | 0 | tmp_tm.tm_year -= 1900; |
164 | 0 | tmp_tm.tm_mon -= 1; |
165 | 0 | *out_tm = tmp_tm; |
166 | |
|
167 | 0 | return 1; |
168 | 0 | } |
169 | | |
170 | 0 | int OPENSSL_timegm(const struct tm *tm, time_t *out) { |
171 | 0 | static_assert( |
172 | 0 | sizeof(time_t) == sizeof(int32_t) || sizeof(time_t) == sizeof(int64_t), |
173 | 0 | "time_t is broken"); |
174 | 0 | int64_t posix_time; |
175 | 0 | if (!OPENSSL_tm_to_posix(tm, &posix_time)) { |
176 | 0 | return 0; |
177 | 0 | } |
178 | 0 | if (sizeof(time_t) == sizeof(int32_t) && |
179 | 0 | (posix_time > INT32_MAX || posix_time < INT32_MIN)) { |
180 | 0 | return 0; |
181 | 0 | } |
182 | 0 | *out = (time_t)posix_time; |
183 | 0 | return 1; |
184 | 0 | } |
185 | | |
186 | 0 | struct tm *OPENSSL_gmtime(const time_t *time, struct tm *out_tm) { |
187 | 0 | static_assert( |
188 | 0 | sizeof(time_t) == sizeof(int32_t) || sizeof(time_t) == sizeof(int64_t), |
189 | 0 | "time_t is broken"); |
190 | 0 | int64_t posix_time = *time; |
191 | 0 | if (!OPENSSL_posix_to_tm(posix_time, out_tm)) { |
192 | 0 | return NULL; |
193 | 0 | } |
194 | 0 | return out_tm; |
195 | 0 | } |
196 | | |
197 | 0 | int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, int64_t offset_sec) { |
198 | 0 | int64_t posix_time; |
199 | 0 | if (!OPENSSL_tm_to_posix(tm, &posix_time)) { |
200 | 0 | return 0; |
201 | 0 | } |
202 | 0 | static_assert(INT_MAX <= INT64_MAX / SECS_PER_DAY, |
203 | 0 | "day offset in seconds cannot overflow"); |
204 | 0 | static_assert(MAX_POSIX_TIME <= INT64_MAX - INT_MAX * SECS_PER_DAY, |
205 | 0 | "addition cannot overflow"); |
206 | 0 | static_assert(MIN_POSIX_TIME >= INT64_MIN - INT_MIN * SECS_PER_DAY, |
207 | 0 | "addition cannot underflow"); |
208 | 0 | posix_time += offset_day * SECS_PER_DAY; |
209 | 0 | if (posix_time > 0 && offset_sec > INT64_MAX - posix_time) { |
210 | 0 | return 0; |
211 | 0 | } |
212 | 0 | if (posix_time < 0 && offset_sec < INT64_MIN - posix_time) { |
213 | 0 | return 0; |
214 | 0 | } |
215 | 0 | posix_time += offset_sec; |
216 | |
|
217 | 0 | if (!OPENSSL_posix_to_tm(posix_time, tm)) { |
218 | 0 | return 0; |
219 | 0 | } |
220 | | |
221 | 0 | return 1; |
222 | 0 | } |
223 | | |
224 | | int OPENSSL_gmtime_diff(int *out_days, int *out_secs, const struct tm *from, |
225 | 0 | const struct tm *to) { |
226 | 0 | int64_t time_to, time_from; |
227 | 0 | if (!OPENSSL_tm_to_posix(to, &time_to) || |
228 | 0 | !OPENSSL_tm_to_posix(from, &time_from)) { |
229 | 0 | return 0; |
230 | 0 | } |
231 | | // Times are in range, so these calculations can not overflow. |
232 | 0 | static_assert(SECS_PER_DAY <= INT_MAX, "seconds per day does not fit in int"); |
233 | 0 | static_assert((MAX_POSIX_TIME - MIN_POSIX_TIME) / SECS_PER_DAY <= INT_MAX, |
234 | 0 | "range of valid POSIX times, in days, does not fit in int"); |
235 | 0 | int64_t timediff = time_to - time_from; |
236 | 0 | int64_t daydiff = timediff / SECS_PER_DAY; |
237 | 0 | timediff %= SECS_PER_DAY; |
238 | 0 | *out_secs = (int)timediff; |
239 | 0 | *out_days = (int)daydiff; |
240 | 0 | return 1; |
241 | 0 | } |