/src/openssl/crypto/asn1/a_time_posix.c

Source
/*
 * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*
 * Time conversion to/from POSIX time_t and struct tm, with no support
 * for time zones other than UTC
 */

#include <inttypes.h>
#include <limits.h>
#include <stdint.h>
#include <string.h>
#include <time.h>

#include <openssl/asn1.h>
#include <openssl/posix_time.h>

#include <crypto/x509.h>
#include "asn1_local.h"

#define SECS_PER_HOUR (int64_t)(60 * 60)
#define SECS_PER_DAY (int64_t)(24 * SECS_PER_HOUR)

/*
 * Is a year/month/day combination valid, in the range from year 0000
 * to 9999?
 */
static int is_valid_date(int64_t year, int64_t month, int64_t day)
{
    int days_in_month;

    if (day < 1 || year < 0 || year > 9999)
        return 0;
    switch (month) {
    case 1:
    case 3:
    case 5:
    case 7:
    case 8:
    case 10:
    case 12:
        days_in_month = 31;
        break;
    case 4:
    case 6:
    case 9:
    case 11:
        days_in_month = 30;
        break;
    case 2:
        if ((year % 4 == 0 && year % 100 != 0) || year % 400 == 0)
            days_in_month = 29;
        else
            days_in_month = 28;
        break;
    default:
        return 0;
    }
    return day <= days_in_month;
}

/*
 * Is a time valid? Leap seconds of 60 are not considered valid, as
 * the POSIX time in seconds does not include them.
 */
static int is_valid_time(int64_t hours, int64_t minutes, int64_t seconds)
{
    return hours >= 0 && minutes >= 0 && seconds >= 0 && hours <= 23 && minutes <= 59 && seconds <= 59;
}

/* 0000-01-01 00:00:00 UTC */
#define MIN_POSIX_TIME INT64_C(-62167219200)
/* 9999-12-31 23:59:59 UTC */
#define MAX_POSIX_TIME INT64_C(253402300799)

/* Is a int64 time representing a time within our expected range? */
static int is_valid_posix_time(int64_t time)
{
    return MIN_POSIX_TIME <= time && time <= MAX_POSIX_TIME;
}

/*
 * Inspired by algorithms presented in
 * https://howardhinnant.github.io/date_algorithms.html
 * (Public Domain)
 */
static int posix_time_from_utc(int64_t year, int64_t month, int64_t day,
    int64_t hours, int64_t minutes, int64_t seconds,
    int64_t *out_time)
{
    int64_t era, year_of_era, day_of_year, day_of_era, posix_days;

    if (!is_valid_date(year, month, day) || !is_valid_time(hours, minutes, seconds))
        return 0;
    if (month <= 2)
        year--; /* Start years on Mar 1, so leap days end a year. */

    /* At this point year will be in the range -1 and 9999. */
    era = (year >= 0 ? year : year - 399) / 400;
    year_of_era = year - era * 400;
    day_of_year = (153 * (month > 2 ? month - 3 : month + 9) + 2) / 5 + day - 1;
    day_of_era = year_of_era * 365 + year_of_era / 4 - year_of_era / 100 + day_of_year;
    posix_days = era * 146097 + day_of_era - 719468;
    *out_time = posix_days * SECS_PER_DAY + hours * SECS_PER_HOUR + minutes * 60 + seconds;

    return 1;
}

/*
 * Inspired by algorithms presented in
 * https://howardhinnant.github.io/date_algorithms.html
 * (Public Domain)
 */
static int utc_from_posix_time(int64_t time, int *out_year, int *out_month,
    int *out_day, int *out_hours, int *out_minutes,
    int *out_seconds)
{
    int64_t days, leftover_seconds, era, day_of_era, year_of_era, day_of_year;
    int64_t month_of_year;

    if (!is_valid_posix_time(time))
        return 0;

    days = time / SECS_PER_DAY;
    leftover_seconds = time % SECS_PER_DAY;
    if (leftover_seconds < 0) {
        days--;
        leftover_seconds += SECS_PER_DAY;
    }
    days += 719468; /*  Shift to starting epoch of Mar 1 0000. */

    /* At this point, days will be in the range -61 and 3652364. */
    era = (days > 0 ? days : days - 146096) / 146097;
    day_of_era = days - era * 146097;
    year_of_era = (day_of_era - day_of_era / 1460 + day_of_era / 36524 - day_of_era / 146096) / 365;
    *out_year = (int)(year_of_era + era * 400); /* Year starts on Mar 1 */
    day_of_year = day_of_era - (365 * year_of_era + year_of_era / 4 - year_of_era / 100);
    month_of_year = (5 * day_of_year + 2) / 153;
    *out_month = (int)(month_of_year < 10 ? month_of_year + 3 : month_of_year - 9);
    if (*out_month <= 2)
        (*out_year)++; /* Adjust year back to Jan 1 start of year. */

    *out_day = (int)(day_of_year - (153 * month_of_year + 2) / 5 + 1);
    *out_hours = (int)leftover_seconds / SECS_PER_HOUR;
    leftover_seconds %= SECS_PER_HOUR;
    *out_minutes = (int)leftover_seconds / 60;
    *out_seconds = (int)leftover_seconds % 60;

    return 1;
}

int OPENSSL_tm_to_posix(const struct tm *tm, int64_t *out)
{
    return posix_time_from_utc(tm->tm_year + (int64_t)1900,
        tm->tm_mon + (int64_t)1, tm->tm_mday,
        tm->tm_hour, tm->tm_min, tm->tm_sec, out);
}

int OPENSSL_posix_to_tm(int64_t time, struct tm *out_tm)
{
    struct tm tmp_tm = { 0 };

    memset(out_tm, 0, sizeof(*out_tm));

    if (!utc_from_posix_time(time, &tmp_tm.tm_year, &tmp_tm.tm_mon,
            &tmp_tm.tm_mday, &tmp_tm.tm_hour,
            &tmp_tm.tm_min, &tmp_tm.tm_sec))
        return 0;

    tmp_tm.tm_year -= 1900;
    tmp_tm.tm_mon -= 1;

    *out_tm = tmp_tm;

    return 1;
}

int ossl_asn1_time_tm_to_time_t(const struct tm *tm, time_t *out)
{
    int64_t posix_time;
    time_t test_t = -1;
    int bad_idea_bears = (test_t > 0); /* time_t is unsigned */

    if (!OPENSSL_tm_to_posix(tm, &posix_time))
        return 0;

    if (sizeof(time_t) == sizeof(int32_t)
        && ((!bad_idea_bears && (posix_time > INT32_MAX || posix_time < INT32_MIN))
            || (bad_idea_bears && (posix_time > UINT32_MAX || posix_time < 0))))
        return 0;

    *out = posix_time;
    return 1;
}

int ossl_asn1_time_time_t_to_tm(const time_t *time, struct tm *out_tm)
{
    int64_t posix_time = *time;

    return OPENSSL_posix_to_tm(posix_time, out_tm);
}

int OPENSSL_timegm(const struct tm *tm, time_t *out)
{
    return ossl_asn1_time_tm_to_time_t(tm, out);
}

struct tm *OPENSSL_gmtime(const time_t *time, struct tm *out_tm)
{
    if (!ossl_asn1_time_time_t_to_tm(time, out_tm))
        return NULL;
    return out_tm;
}

/* LibreSSL and BoringSSL use int64_t instead of long. */
int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec)
{
    int64_t posix_time;

    if (!OPENSSL_tm_to_posix(tm, &posix_time))
        return 0;

    OPENSSL_assert(INT_MAX <= INT64_MAX / SECS_PER_DAY);
    OPENSSL_assert(MAX_POSIX_TIME <= INT64_MAX - INT_MAX * SECS_PER_DAY);
    OPENSSL_assert(MIN_POSIX_TIME >= INT64_MIN - INT_MIN * SECS_PER_DAY);

    posix_time += offset_day * SECS_PER_DAY;

    if (posix_time > 0 && offset_sec > INT64_MAX - posix_time)
        return 0;
    if (posix_time < 0 && offset_sec < INT64_MIN - posix_time)
        return 0;
    posix_time += offset_sec;

    if (!OPENSSL_posix_to_tm(posix_time, tm))
        return 0;

    return 1;
}

int OPENSSL_gmtime_diff(int *out_days, int *out_secs, const struct tm *from,
    const struct tm *to)
{
    int64_t time_to, time_from, timediff, daydiff;

    if (!OPENSSL_tm_to_posix(to, &time_to) || !OPENSSL_tm_to_posix(from, &time_from))
        return 0;

    /* Times are in range, so these calculations cannot overflow. */
    OPENSSL_assert(SECS_PER_DAY <= INT_MAX);
    OPENSSL_assert((MAX_POSIX_TIME - MIN_POSIX_TIME) / SECS_PER_DAY <= INT_MAX);

    timediff = time_to - time_from;
    daydiff = timediff / SECS_PER_DAY;
    timediff %= SECS_PER_DAY;

    if (out_secs != NULL)
        *out_secs = (int)timediff;
    if (out_days != NULL)
        *out_days = (int)daydiff;

    return 1;
}

int ossl_posix_to_asn1_time(int64_t posix_time, ASN1_TIME **out_time)
{
    struct tm ts;

    if (!OPENSSL_posix_to_tm(posix_time, &ts))
        return 0;

    if ((*out_time = ossl_asn1_time_from_tm(*out_time, &ts, V_ASN1_UNDEF)) == NULL)
        return 0;

    return 1;
}

Coverage Report

Created: 2025-12-10 06:24

Line	Count	Source
1		/*
2		* Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		/*
11		* Time conversion to/from POSIX time_t and struct tm, with no support
12		* for time zones other than UTC
13		*/
14
15		#include <inttypes.h>
16		#include <limits.h>
17		#include <stdint.h>
18		#include <string.h>
19		#include <time.h>
20
21		#include <openssl/asn1.h>
22		#include <openssl/posix_time.h>
23
24		#include <crypto/x509.h>
25		#include "asn1_local.h"
26
27	0	#define SECS_PER_HOUR (int64_t)(60 * 60)
28	0	#define SECS_PER_DAY (int64_t)(24 * SECS_PER_HOUR)
29
30		/*
31		* Is a year/month/day combination valid, in the range from year 0000
32		* to 9999?
33		*/
34		static int is_valid_date(int64_t year, int64_t month, int64_t day)
35	0	{
36	0	int days_in_month;
37
38	0	if (day < 1 \|\| year < 0 \|\| year > 9999)
39	0	return 0;
40	0	switch (month) {
41	0	case 1:
42	0	case 3:
43	0	case 5:
44	0	case 7:
45	0	case 8:
46	0	case 10:
47	0	case 12:
48	0	days_in_month = 31;
49	0	break;
50	0	case 4:
51	0	case 6:
52	0	case 9:
53	0	case 11:
54	0	days_in_month = 30;
55	0	break;
56	0	case 2:
57	0	if ((year % 4 == 0 && year % 100 != 0) \|\| year % 400 == 0)
58	0	days_in_month = 29;
59	0	else
60	0	days_in_month = 28;
61	0	break;
62	0	default:
63	0	return 0;
64	0	}
65	0	return day <= days_in_month;
66	0	}
67
68		/*
69		* Is a time valid? Leap seconds of 60 are not considered valid, as
70		* the POSIX time in seconds does not include them.
71		*/
72		static int is_valid_time(int64_t hours, int64_t minutes, int64_t seconds)
73	0	{
74	0	return hours >= 0 && minutes >= 0 && seconds >= 0 && hours <= 23 && minutes <= 59 && seconds <= 59;
75	0	}
76
77		/* 0000-01-01 00:00:00 UTC */
78	0	#define MIN_POSIX_TIME INT64_C(-62167219200)
79		/* 9999-12-31 23:59:59 UTC */
80	0	#define MAX_POSIX_TIME INT64_C(253402300799)
81
82		/* Is a int64 time representing a time within our expected range? */
83		static int is_valid_posix_time(int64_t time)
84	0	{
85	0	return MIN_POSIX_TIME <= time && time <= MAX_POSIX_TIME;
86	0	}
87
88		/*
89		* Inspired by algorithms presented in
90		* https://howardhinnant.github.io/date_algorithms.html
91		* (Public Domain)
92		*/
93		static int posix_time_from_utc(int64_t year, int64_t month, int64_t day,
94		int64_t hours, int64_t minutes, int64_t seconds,
95		int64_t *out_time)
96	0	{
97	0	int64_t era, year_of_era, day_of_year, day_of_era, posix_days;
98
99	0	if (!is_valid_date(year, month, day) \|\| !is_valid_time(hours, minutes, seconds))
100	0	return 0;
101	0	if (month <= 2)
102	0	year--; /* Start years on Mar 1, so leap days end a year. */
103
104		/* At this point year will be in the range -1 and 9999. */
105	0	era = (year >= 0 ? year : year - 399) / 400;
106	0	year_of_era = year - era * 400;
107	0	day_of_year = (153 * (month > 2 ? month - 3 : month + 9) + 2) / 5 + day - 1;
108	0	day_of_era = year_of_era * 365 + year_of_era / 4 - year_of_era / 100 + day_of_year;
109	0	posix_days = era * 146097 + day_of_era - 719468;
110	0	out_time = posix_days SECS_PER_DAY + hours * SECS_PER_HOUR + minutes * 60 + seconds;
111
112	0	return 1;
113	0	}
114
115		/*
116		* Inspired by algorithms presented in
117		* https://howardhinnant.github.io/date_algorithms.html
118		* (Public Domain)
119		*/
120		static int utc_from_posix_time(int64_t time, int out_year, int out_month,
121		int out_day, int out_hours, int *out_minutes,
122		int *out_seconds)
123	0	{
124	0	int64_t days, leftover_seconds, era, day_of_era, year_of_era, day_of_year;
125	0	int64_t month_of_year;
126
127	0	if (!is_valid_posix_time(time))
128	0	return 0;
129
130	0	days = time / SECS_PER_DAY;
131	0	leftover_seconds = time % SECS_PER_DAY;
132	0	if (leftover_seconds < 0) {
133	0	days--;
134	0	leftover_seconds += SECS_PER_DAY;
135	0	}
136	0	days += 719468; /* Shift to starting epoch of Mar 1 0000. */
137
138		/* At this point, days will be in the range -61 and 3652364. */
139	0	era = (days > 0 ? days : days - 146096) / 146097;
140	0	day_of_era = days - era * 146097;
141	0	year_of_era = (day_of_era - day_of_era / 1460 + day_of_era / 36524 - day_of_era / 146096) / 365;
142	0	out_year = (int)(year_of_era + era 400); /* Year starts on Mar 1 */
143	0	day_of_year = day_of_era - (365 * year_of_era + year_of_era / 4 - year_of_era / 100);
144	0	month_of_year = (5 * day_of_year + 2) / 153;
145	0	*out_month = (int)(month_of_year < 10 ? month_of_year + 3 : month_of_year - 9);
146	0	if (*out_month <= 2)
147	0	(out_year)++; / Adjust year back to Jan 1 start of year. */
148
149	0	out_day = (int)(day_of_year - (153 month_of_year + 2) / 5 + 1);
150	0	*out_hours = (int)leftover_seconds / SECS_PER_HOUR;
151	0	leftover_seconds %= SECS_PER_HOUR;
152	0	*out_minutes = (int)leftover_seconds / 60;
153	0	*out_seconds = (int)leftover_seconds % 60;
154
155	0	return 1;
156	0	}
157
158		int OPENSSL_tm_to_posix(const struct tm tm, int64_t out)
159	0	{
160	0	return posix_time_from_utc(tm->tm_year + (int64_t)1900,
161	0	tm->tm_mon + (int64_t)1, tm->tm_mday,
162	0	tm->tm_hour, tm->tm_min, tm->tm_sec, out);
163	0	}
164
165		int OPENSSL_posix_to_tm(int64_t time, struct tm *out_tm)
166	0	{
167	0	struct tm tmp_tm = { 0 };
168
169	0	memset(out_tm, 0, sizeof(*out_tm));
170
171	0	if (!utc_from_posix_time(time, &tmp_tm.tm_year, &tmp_tm.tm_mon,
172	0	&tmp_tm.tm_mday, &tmp_tm.tm_hour,
173	0	&tmp_tm.tm_min, &tmp_tm.tm_sec))
174	0	return 0;
175
176	0	tmp_tm.tm_year -= 1900;
177	0	tmp_tm.tm_mon -= 1;
178
179	0	*out_tm = tmp_tm;
180
181	0	return 1;
182	0	}
183
184		int ossl_asn1_time_tm_to_time_t(const struct tm tm, time_t out)
185	0	{
186	0	int64_t posix_time;
187	0	time_t test_t = -1;
188	0	int bad_idea_bears = (test_t > 0); /* time_t is unsigned */
189
190	0	if (!OPENSSL_tm_to_posix(tm, &posix_time))
191	0	return 0;
192
193	0	if (sizeof(time_t) == sizeof(int32_t)
194	0	&& ((!bad_idea_bears && (posix_time > INT32_MAX \|\| posix_time < INT32_MIN))
195	0	\|\| (bad_idea_bears && (posix_time > UINT32_MAX \|\| posix_time < 0))))
196	0	return 0;
197
198	0	*out = posix_time;
199	0	return 1;
200	0	}
201
202		int ossl_asn1_time_time_t_to_tm(const time_t time, struct tm out_tm)
203	0	{
204	0	int64_t posix_time = *time;
205
206	0	return OPENSSL_posix_to_tm(posix_time, out_tm);
207	0	}
208
209		int OPENSSL_timegm(const struct tm tm, time_t out)
210	0	{
211	0	return ossl_asn1_time_tm_to_time_t(tm, out);
212	0	}
213
214		struct tm OPENSSL_gmtime(const time_t time, struct tm *out_tm)
215	0	{
216	0	if (!ossl_asn1_time_time_t_to_tm(time, out_tm))
217	0	return NULL;
218	0	return out_tm;
219	0	}
220
221		/* LibreSSL and BoringSSL use int64_t instead of long. */
222		int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec)
223	0	{
224	0	int64_t posix_time;
225
226	0	if (!OPENSSL_tm_to_posix(tm, &posix_time))
227	0	return 0;
228
229	0	OPENSSL_assert(INT_MAX <= INT64_MAX / SECS_PER_DAY);
230	0	OPENSSL_assert(MAX_POSIX_TIME <= INT64_MAX - INT_MAX * SECS_PER_DAY);
231	0	OPENSSL_assert(MIN_POSIX_TIME >= INT64_MIN - INT_MIN * SECS_PER_DAY);
232
233	0	posix_time += offset_day * SECS_PER_DAY;
234
235	0	if (posix_time > 0 && offset_sec > INT64_MAX - posix_time)
236	0	return 0;
237	0	if (posix_time < 0 && offset_sec < INT64_MIN - posix_time)
238	0	return 0;
239	0	posix_time += offset_sec;
240
241	0	if (!OPENSSL_posix_to_tm(posix_time, tm))
242	0	return 0;
243
244	0	return 1;
245	0	}
246
247		int OPENSSL_gmtime_diff(int out_days, int out_secs, const struct tm *from,
248		const struct tm *to)
249	0	{
250	0	int64_t time_to, time_from, timediff, daydiff;
251
252	0	if (!OPENSSL_tm_to_posix(to, &time_to) \|\| !OPENSSL_tm_to_posix(from, &time_from))
253	0	return 0;
254
255		/* Times are in range, so these calculations cannot overflow. */
256	0	OPENSSL_assert(SECS_PER_DAY <= INT_MAX);
257	0	OPENSSL_assert((MAX_POSIX_TIME - MIN_POSIX_TIME) / SECS_PER_DAY <= INT_MAX);
258
259	0	timediff = time_to - time_from;
260	0	daydiff = timediff / SECS_PER_DAY;
261	0	timediff %= SECS_PER_DAY;
262
263	0	if (out_secs != NULL)
264	0	*out_secs = (int)timediff;
265	0	if (out_days != NULL)
266	0	*out_days = (int)daydiff;
267
268	0	return 1;
269	0	}
270
271		int ossl_posix_to_asn1_time(int64_t posix_time, ASN1_TIME **out_time)
272	0	{
273	0	struct tm ts;
274
275	0	if (!OPENSSL_posix_to_tm(posix_time, &ts))
276	0	return 0;
277
278	0	if ((out_time = ossl_asn1_time_from_tm(out_time, &ts, V_ASN1_UNDEF)) == NULL)
279	0	return 0;
280
281	0	return 1;
282	0	}