Coverage Report

Created: 2024-11-21 07:03

/src/boringssl/crypto/asn1/posix_time.c
Line
Count
Source (jump to first uncovered line)
1
/* Copyright (c) 2022, Google Inc.
2
 *
3
 * Permission to use, copy, modify, and/or distribute this software for any
4
 * purpose with or without fee is hereby granted, provided that the above
5
 * copyright notice and this permission notice appear in all copies.
6
 *
7
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10
 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12
 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13
 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15
// Time conversion to/from POSIX time_t and struct tm, with no support
16
// for time zones other than UTC
17
18
#include <openssl/posix_time.h>
19
20
#include <assert.h>
21
#include <inttypes.h>
22
#include <limits.h>
23
#include <string.h>
24
#include <time.h>
25
26
#include "internal.h"
27
28
0
#define SECS_PER_HOUR (60 * 60)
29
0
#define SECS_PER_DAY (INT64_C(24) * SECS_PER_HOUR)
30
31
32
// Is a year/month/day combination valid, in the range from year 0000
33
// to 9999?
34
0
static int is_valid_date(int64_t year, int64_t month, int64_t day) {
35
0
  if (day < 1 || month < 1 || year < 0 || year > 9999) {
36
0
    return 0;
37
0
  }
38
0
  switch (month) {
39
0
    case 1:
40
0
    case 3:
41
0
    case 5:
42
0
    case 7:
43
0
    case 8:
44
0
    case 10:
45
0
    case 12:
46
0
      return day > 0 && day <= 31;
47
0
    case 4:
48
0
    case 6:
49
0
    case 9:
50
0
    case 11:
51
0
      return day > 0 && day <= 30;
52
0
    case 2:
53
0
      if ((year % 4 == 0 && year % 100 != 0) || year % 400 == 0) {
54
0
        return day > 0 && day <= 29;
55
0
      } else {
56
0
        return day > 0 && day <= 28;
57
0
      }
58
0
    default:
59
0
      return 0;
60
0
  }
61
0
}
62
63
// Is a time valid? Leap seconds of 60 are not considered valid, as
64
// the POSIX time in seconds does not include them.
65
0
static int is_valid_time(int64_t hours, int64_t minutes, int64_t seconds) {
66
0
  if (hours < 0 || minutes < 0 || seconds < 0 || hours > 23 || minutes > 59 ||
67
0
      seconds > 59) {
68
0
    return 0;
69
0
  }
70
0
  return 1;
71
0
}
72
73
// 0000-01-01 00:00:00 UTC
74
0
#define MIN_POSIX_TIME INT64_C(-62167219200)
75
// 9999-12-31 23:59:59 UTC
76
0
#define MAX_POSIX_TIME INT64_C(253402300799)
77
78
// Is an int64 time within our expected range?
79
0
static int is_valid_posix_time(int64_t time) {
80
0
  return MIN_POSIX_TIME <= time && time <= MAX_POSIX_TIME;
81
0
}
82
83
// Inspired by algorithms presented in
84
// https://howardhinnant.github.io/date_algorithms.html
85
// (Public Domain)
86
static int posix_time_from_utc(int64_t year, int64_t month, int64_t day,
87
                               int64_t hours, int64_t minutes, int64_t seconds,
88
0
                               int64_t *out_time) {
89
0
  if (!is_valid_date(year, month, day) ||
90
0
      !is_valid_time(hours, minutes, seconds)) {
91
0
    return 0;
92
0
  }
93
0
  if (month <= 2) {
94
0
    year--;  // Start years on Mar 1, so leap days always finish a year.
95
0
  }
96
  // At this point year will be in the range -1 and 9999.
97
0
  assert(-1 <= year && year <= 9999);
98
0
  int64_t era = (year >= 0 ? year : year - 399) / 400;
99
0
  int64_t year_of_era = year - era * 400;
100
0
  int64_t day_of_year =
101
0
      (153 * (month > 2 ? month - 3 : month + 9) + 2) / 5 + day - 1;
102
0
  int64_t day_of_era =
103
0
      year_of_era * 365 + year_of_era / 4 - year_of_era / 100 + day_of_year;
104
0
  int64_t posix_days = era * 146097 + day_of_era - 719468;
105
0
  *out_time = posix_days * SECS_PER_DAY + hours * SECS_PER_HOUR + minutes * 60 +
106
0
              seconds;
107
0
  return 1;
108
0
}
109
110
// Inspired by algorithms presented in
111
// https://howardhinnant.github.io/date_algorithms.html
112
// (Public Domain)
113
static int utc_from_posix_time(int64_t time, int *out_year, int *out_month,
114
                               int *out_day, int *out_hours, int *out_minutes,
115
0
                               int *out_seconds) {
116
0
  if (!is_valid_posix_time(time)) {
117
0
    return 0;
118
0
  }
119
0
  int64_t days = time / SECS_PER_DAY;
120
0
  int64_t leftover_seconds = time % SECS_PER_DAY;
121
0
  if (leftover_seconds < 0) {
122
0
    days--;
123
0
    leftover_seconds += SECS_PER_DAY;
124
0
  }
125
0
  days += 719468;  // Shift to starting epoch of Mar 1 0000.
126
  // At this point, days will be in the range -61 and 3652364.
127
0
  assert(-61 <= days && days <= 3652364);
128
0
  int64_t era = (days > 0 ? days : days - 146096) / 146097;
129
0
  int64_t day_of_era = days - era * 146097;
130
0
  int64_t year_of_era = (day_of_era - day_of_era / 1460 + day_of_era / 36524 -
131
0
                         day_of_era / 146096) /
132
0
                        365;
133
0
  *out_year = (int)(year_of_era + era * 400);  // Year starting on Mar 1.
134
0
  int64_t day_of_year =
135
0
      day_of_era - (365 * year_of_era + year_of_era / 4 - year_of_era / 100);
136
0
  int64_t month_of_year = (5 * day_of_year + 2) / 153;
137
0
  *out_month =
138
0
      (int)(month_of_year < 10 ? month_of_year + 3 : month_of_year - 9);
139
0
  if (*out_month <= 2) {
140
0
    (*out_year)++;  // Adjust year back to Jan 1 start of year.
141
0
  }
142
0
  *out_day = (int)(day_of_year - (153 * month_of_year + 2) / 5 + 1);
143
0
  *out_hours = (int)(leftover_seconds / SECS_PER_HOUR);
144
0
  leftover_seconds %= SECS_PER_HOUR;
145
0
  *out_minutes = (int)(leftover_seconds / 60);
146
0
  *out_seconds = (int)(leftover_seconds % 60);
147
0
  return 1;
148
0
}
149
150
0
int OPENSSL_tm_to_posix(const struct tm *tm, int64_t *out) {
151
0
  return posix_time_from_utc(tm->tm_year + INT64_C(1900),
152
0
                             tm->tm_mon + INT64_C(1), tm->tm_mday, tm->tm_hour,
153
0
                             tm->tm_min, tm->tm_sec, out);
154
0
}
155
156
0
int OPENSSL_posix_to_tm(int64_t time, struct tm *out_tm) {
157
0
  struct tm tmp_tm = {0};
158
0
  if (!utc_from_posix_time(time, &tmp_tm.tm_year, &tmp_tm.tm_mon,
159
0
                           &tmp_tm.tm_mday, &tmp_tm.tm_hour, &tmp_tm.tm_min,
160
0
                           &tmp_tm.tm_sec)) {
161
0
    return 0;
162
0
  }
163
0
  tmp_tm.tm_year -= 1900;
164
0
  tmp_tm.tm_mon -= 1;
165
0
  *out_tm = tmp_tm;
166
167
0
  return 1;
168
0
}
169
170
0
int OPENSSL_timegm(const struct tm *tm, time_t *out) {
171
0
  static_assert(
172
0
      sizeof(time_t) == sizeof(int32_t) || sizeof(time_t) == sizeof(int64_t),
173
0
      "time_t is broken");
174
0
  int64_t posix_time;
175
0
  if (!OPENSSL_tm_to_posix(tm, &posix_time)) {
176
0
    return 0;
177
0
  }
178
0
  if (sizeof(time_t) == sizeof(int32_t) &&
179
0
      (posix_time > INT32_MAX || posix_time < INT32_MIN)) {
180
0
    return 0;
181
0
  }
182
0
  *out = (time_t)posix_time;
183
0
  return 1;
184
0
}
185
186
0
struct tm *OPENSSL_gmtime(const time_t *time, struct tm *out_tm) {
187
0
  static_assert(
188
0
      sizeof(time_t) == sizeof(int32_t) || sizeof(time_t) == sizeof(int64_t),
189
0
      "time_t is broken");
190
0
  int64_t posix_time = *time;
191
0
  if (!OPENSSL_posix_to_tm(posix_time, out_tm)) {
192
0
    return NULL;
193
0
  }
194
0
  return out_tm;
195
0
}
196
197
0
int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, int64_t offset_sec) {
198
0
  int64_t posix_time;
199
0
  if (!OPENSSL_tm_to_posix(tm, &posix_time)) {
200
0
    return 0;
201
0
  }
202
0
  static_assert(INT_MAX <= INT64_MAX / SECS_PER_DAY,
203
0
                "day offset in seconds cannot overflow");
204
0
  static_assert(MAX_POSIX_TIME <= INT64_MAX - INT_MAX * SECS_PER_DAY,
205
0
                "addition cannot overflow");
206
0
  static_assert(MIN_POSIX_TIME >= INT64_MIN - INT_MIN * SECS_PER_DAY,
207
0
                "addition cannot underflow");
208
0
  posix_time += offset_day * SECS_PER_DAY;
209
0
  if (posix_time > 0 && offset_sec > INT64_MAX - posix_time) {
210
0
    return 0;
211
0
  }
212
0
  if (posix_time < 0 && offset_sec < INT64_MIN - posix_time) {
213
0
    return 0;
214
0
  }
215
0
  posix_time += offset_sec;
216
217
0
  if (!OPENSSL_posix_to_tm(posix_time, tm)) {
218
0
    return 0;
219
0
  }
220
221
0
  return 1;
222
0
}
223
224
int OPENSSL_gmtime_diff(int *out_days, int *out_secs, const struct tm *from,
225
0
                        const struct tm *to) {
226
0
  int64_t time_to, time_from;
227
0
  if (!OPENSSL_tm_to_posix(to, &time_to) ||
228
0
      !OPENSSL_tm_to_posix(from, &time_from)) {
229
0
    return 0;
230
0
  }
231
  // Times are in range, so these calculations can not overflow.
232
0
  static_assert(SECS_PER_DAY <= INT_MAX, "seconds per day does not fit in int");
233
0
  static_assert((MAX_POSIX_TIME - MIN_POSIX_TIME) / SECS_PER_DAY <= INT_MAX,
234
0
                "range of valid POSIX times, in days, does not fit in int");
235
0
  int64_t timediff = time_to - time_from;
236
0
  int64_t daydiff = timediff / SECS_PER_DAY;
237
0
  timediff %= SECS_PER_DAY;
238
0
  *out_secs = (int)timediff;
239
0
  *out_days = (int)daydiff;
240
0
  return 1;
241
0
}