/src/openssl/crypto/asn1/a_time_posix.c

Source
/*
 * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*
 * Time conversion to/from POSIX time_t and struct tm, with no support
 * for time zones other than UTC
 */

#include <inttypes.h>
#include <limits.h>
#include <stdint.h>
#include <string.h>
#include <time.h>

#include <openssl/asn1.h>
#include <openssl/posix_time.h>

#include <crypto/x509.h>
#include "asn1_local.h"

#define SECS_PER_HOUR (int64_t)(60 * 60)
#define SECS_PER_DAY (int64_t)(24 * SECS_PER_HOUR)

/*
 * Is a year/month/day combination valid, in the range from year 0000
 * to 9999?
 */
static int is_valid_date(int64_t year, int64_t month, int64_t day)
{
    int days_in_month;

    if (day < 1 || year < 0 || year > 9999)
        return 0;
    switch (month) {
    case 1:
    case 3:
    case 5:
    case 7:
    case 8:
    case 10:
    case 12:
        days_in_month = 31;
        break;
    case 4:
    case 6:
    case 9:
    case 11:
        days_in_month = 30;
        break;
    case 2:
        if ((year % 4 == 0 && year % 100 != 0) || year % 400 == 0)
            days_in_month = 29;
        else
            days_in_month = 28;
        break;
    default:
        return 0;
    }
    return day <= days_in_month;
}

/*
 * Is a time valid? Leap seconds of 60 are not considered valid, as
 * the POSIX time in seconds does not include them.
 */
static int is_valid_time(int64_t hours, int64_t minutes, int64_t seconds)
{
    return hours >= 0 && minutes >= 0 && seconds >= 0 && hours <= 23 &&
        minutes <= 59 && seconds <= 59;
}

/* 0000-01-01 00:00:00 UTC */
#define MIN_POSIX_TIME INT64_C(-62167219200)
/* 9999-12-31 23:59:59 UTC */
#define MAX_POSIX_TIME INT64_C(253402300799)

/* Is a int64 time representing a time within our expected range? */
static int is_valid_posix_time(int64_t time)
{
    return MIN_POSIX_TIME <= time && time <= MAX_POSIX_TIME;
}

/*
 * Inspired by algorithms presented in
 * https://howardhinnant.github.io/date_algorithms.html
 * (Public Domain)
 */
static int posix_time_from_utc(int64_t year, int64_t month, int64_t day,
                               int64_t hours, int64_t minutes, int64_t seconds,
                               int64_t *out_time)
{
    int64_t era, year_of_era, day_of_year, day_of_era, posix_days;

    if (!is_valid_date(year, month, day) ||
        !is_valid_time(hours, minutes, seconds))
        return 0;
    if (month <= 2)
        year--;  /* Start years on Mar 1, so leap days end a year. */

    /* At this point year will be in the range -1 and 9999. */
    era = (year >= 0 ? year : year - 399) / 400;
    year_of_era = year - era * 400;
    day_of_year = (153 * (month > 2 ? month - 3 : month + 9) + 2) /
        5 + day - 1;
    day_of_era = year_of_era * 365 + year_of_era / 4 - year_of_era /
        100 + day_of_year;
    posix_days = era * 146097 + day_of_era - 719468;
    *out_time = posix_days * SECS_PER_DAY + hours * SECS_PER_HOUR +
        minutes * 60 + seconds;

    return 1;
}

/*
 * Inspired by algorithms presented in
 * https://howardhinnant.github.io/date_algorithms.html
 * (Public Domain)
 */
static int utc_from_posix_time(int64_t time, int *out_year, int *out_month,
                               int *out_day, int *out_hours, int *out_minutes,
                               int *out_seconds)
{
    int64_t days, leftover_seconds, era, day_of_era, year_of_era, day_of_year;
    int64_t month_of_year;

    if (!is_valid_posix_time(time))
        return 0;

    days = time / SECS_PER_DAY;
    leftover_seconds = time % SECS_PER_DAY;
    if (leftover_seconds < 0) {
        days--;
        leftover_seconds += SECS_PER_DAY;
    }
    days += 719468;  /*  Shift to starting epoch of Mar 1 0000. */

    /* At this point, days will be in the range -61 and 3652364. */
    era = (days > 0 ? days : days - 146096) / 146097;
    day_of_era = days - era * 146097;
    year_of_era = (day_of_era - day_of_era / 1460 + day_of_era / 36524 -
                   day_of_era / 146096) / 365;
    *out_year = (int) (year_of_era + era * 400);  /* Year starts on Mar 1 */
    day_of_year = day_of_era - (365 * year_of_era + year_of_era / 4 -
                                year_of_era / 100);
    month_of_year = (5 * day_of_year + 2) / 153;
    *out_month = (int) (month_of_year < 10 ? month_of_year + 3 :
                        month_of_year - 9);
    if (*out_month <= 2)
        (*out_year)++;  /* Adjust year back to Jan 1 start of year. */

    *out_day = (int) (day_of_year - (153 * month_of_year + 2) / 5 + 1);
    *out_hours = (int) leftover_seconds / SECS_PER_HOUR;
    leftover_seconds %= SECS_PER_HOUR;
    *out_minutes = (int) leftover_seconds / 60;
    *out_seconds = (int) leftover_seconds % 60;

    return 1;
}

int OPENSSL_tm_to_posix(const struct tm *tm, int64_t *out)
{
    return posix_time_from_utc(tm->tm_year + (int64_t)1900,
                               tm->tm_mon + (int64_t)1, tm->tm_mday,
                               tm->tm_hour, tm->tm_min, tm->tm_sec, out);
}

int OPENSSL_posix_to_tm(int64_t time, struct tm *out_tm)
{
    struct tm tmp_tm = {0};

    memset(out_tm, 0, sizeof(*out_tm));

    if (!utc_from_posix_time(time, &tmp_tm.tm_year, &tmp_tm.tm_mon,
                             &tmp_tm.tm_mday, &tmp_tm.tm_hour,
                             &tmp_tm.tm_min, &tmp_tm.tm_sec))
        return 0;

    tmp_tm.tm_year -= 1900;
    tmp_tm.tm_mon -= 1;

    *out_tm = tmp_tm;

    return 1;
}

int ossl_asn1_time_tm_to_time_t(const struct tm *tm, time_t *out)
{
    int64_t posix_time;
    time_t test_t = -1;
    int bad_idea_bears = (test_t > 0); /* time_t is unsigned */

    if (!OPENSSL_tm_to_posix(tm, &posix_time))
        return 0;

    if (sizeof(time_t) == sizeof(int32_t)
        && ((!bad_idea_bears && (posix_time > INT32_MAX
                                     || posix_time < INT32_MIN))
            || (bad_idea_bears && (posix_time > UINT32_MAX
                                   || posix_time < 0))))
        return 0;

    *out = posix_time;
    return 1;
}

int ossl_asn1_time_time_t_to_tm(const time_t *time, struct tm *out_tm)
{
    int64_t posix_time = *time;

    return OPENSSL_posix_to_tm(posix_time, out_tm);
}

int OPENSSL_timegm(const struct tm *tm, time_t *out)
{
    return ossl_asn1_time_tm_to_time_t(tm, out);
}

struct tm * OPENSSL_gmtime(const time_t *time, struct tm *out_tm)
{
    if (!ossl_asn1_time_time_t_to_tm(time, out_tm))
        return NULL;
    return out_tm;
}

/* LibreSSL and BoringSSL use int64_t instead of long. */
int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec)
{
    int64_t posix_time;

    if (!OPENSSL_tm_to_posix(tm, &posix_time))
        return 0;

    OPENSSL_assert(INT_MAX <= INT64_MAX / SECS_PER_DAY);
    OPENSSL_assert(MAX_POSIX_TIME <= INT64_MAX - INT_MAX * SECS_PER_DAY);
    OPENSSL_assert(MIN_POSIX_TIME >= INT64_MIN - INT_MIN * SECS_PER_DAY);

    posix_time += offset_day * SECS_PER_DAY;

    if (posix_time > 0 && offset_sec > INT64_MAX - posix_time)
        return 0;
    if (posix_time < 0 && offset_sec < INT64_MIN - posix_time)
        return 0;
    posix_time += offset_sec;

    if (!OPENSSL_posix_to_tm(posix_time, tm))
        return 0;

    return 1;
}

int OPENSSL_gmtime_diff(int *out_days, int *out_secs, const struct tm *from,
                        const struct tm *to)
{
    int64_t time_to, time_from, timediff, daydiff;

    if (!OPENSSL_tm_to_posix(to, &time_to) ||
        !OPENSSL_tm_to_posix(from, &time_from))
        return 0;

    /* Times are in range, so these calculations cannot overflow. */
    OPENSSL_assert(SECS_PER_DAY <= INT_MAX);
    OPENSSL_assert((MAX_POSIX_TIME - MIN_POSIX_TIME) / SECS_PER_DAY <= INT_MAX);

    timediff = time_to - time_from;
    daydiff = timediff / SECS_PER_DAY;
    timediff %= SECS_PER_DAY;

    *out_secs = (int) timediff;
    *out_days = (int) daydiff;

    return 1;
}

int ossl_posix_to_asn1_time(int64_t posix_time, ASN1_TIME **out_time)
{
    struct tm ts;

    if (!OPENSSL_posix_to_tm(posix_time, &ts))
        return 0;

    if ((*out_time = ossl_asn1_time_from_tm(*out_time, &ts, V_ASN1_UNDEF)) == NULL)
        return 0;

    return 1;
}

Coverage Report

Created: 2025-11-17 06:37

Line	Count	Source
1		/*
2		* Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		/*
11		* Time conversion to/from POSIX time_t and struct tm, with no support
12		* for time zones other than UTC
13		*/
14
15		#include <inttypes.h>
16		#include <limits.h>
17		#include <stdint.h>
18		#include <string.h>
19		#include <time.h>
20
21		#include <openssl/asn1.h>
22		#include <openssl/posix_time.h>
23
24		#include <crypto/x509.h>
25		#include "asn1_local.h"
26
27	0	#define SECS_PER_HOUR (int64_t)(60 * 60)
28	0	#define SECS_PER_DAY (int64_t)(24 * SECS_PER_HOUR)
29
30		/*
31		* Is a year/month/day combination valid, in the range from year 0000
32		* to 9999?
33		*/
34		static int is_valid_date(int64_t year, int64_t month, int64_t day)
35	0	{
36	0	int days_in_month;
37
38	0	if (day < 1 \|\| year < 0 \|\| year > 9999)
39	0	return 0;
40	0	switch (month) {
41	0	case 1:
42	0	case 3:
43	0	case 5:
44	0	case 7:
45	0	case 8:
46	0	case 10:
47	0	case 12:
48	0	days_in_month = 31;
49	0	break;
50	0	case 4:
51	0	case 6:
52	0	case 9:
53	0	case 11:
54	0	days_in_month = 30;
55	0	break;
56	0	case 2:
57	0	if ((year % 4 == 0 && year % 100 != 0) \|\| year % 400 == 0)
58	0	days_in_month = 29;
59	0	else
60	0	days_in_month = 28;
61	0	break;
62	0	default:
63	0	return 0;
64	0	}
65	0	return day <= days_in_month;
66	0	}
67
68		/*
69		* Is a time valid? Leap seconds of 60 are not considered valid, as
70		* the POSIX time in seconds does not include them.
71		*/
72		static int is_valid_time(int64_t hours, int64_t minutes, int64_t seconds)
73	0	{
74	0	return hours >= 0 && minutes >= 0 && seconds >= 0 && hours <= 23 &&
75	0	minutes <= 59 && seconds <= 59;
76	0	}
77
78		/* 0000-01-01 00:00:00 UTC */
79	0	#define MIN_POSIX_TIME INT64_C(-62167219200)
80		/* 9999-12-31 23:59:59 UTC */
81	0	#define MAX_POSIX_TIME INT64_C(253402300799)
82
83		/* Is a int64 time representing a time within our expected range? */
84		static int is_valid_posix_time(int64_t time)
85	0	{
86	0	return MIN_POSIX_TIME <= time && time <= MAX_POSIX_TIME;
87	0	}
88
89		/*
90		* Inspired by algorithms presented in
91		* https://howardhinnant.github.io/date_algorithms.html
92		* (Public Domain)
93		*/
94		static int posix_time_from_utc(int64_t year, int64_t month, int64_t day,
95		int64_t hours, int64_t minutes, int64_t seconds,
96		int64_t *out_time)
97	0	{
98	0	int64_t era, year_of_era, day_of_year, day_of_era, posix_days;
99
100	0	if (!is_valid_date(year, month, day) \|\|
101	0	!is_valid_time(hours, minutes, seconds))
102	0	return 0;
103	0	if (month <= 2)
104	0	year--; /* Start years on Mar 1, so leap days end a year. */
105
106		/* At this point year will be in the range -1 and 9999. */
107	0	era = (year >= 0 ? year : year - 399) / 400;
108	0	year_of_era = year - era * 400;
109	0	day_of_year = (153 * (month > 2 ? month - 3 : month + 9) + 2) /
110	0	5 + day - 1;
111	0	day_of_era = year_of_era * 365 + year_of_era / 4 - year_of_era /
112	0	100 + day_of_year;
113	0	posix_days = era * 146097 + day_of_era - 719468;
114	0	out_time = posix_days SECS_PER_DAY + hours * SECS_PER_HOUR +
115	0	minutes * 60 + seconds;
116
117	0	return 1;
118	0	}
119
120		/*
121		* Inspired by algorithms presented in
122		* https://howardhinnant.github.io/date_algorithms.html
123		* (Public Domain)
124		*/
125		static int utc_from_posix_time(int64_t time, int out_year, int out_month,
126		int out_day, int out_hours, int *out_minutes,
127		int *out_seconds)
128	0	{
129	0	int64_t days, leftover_seconds, era, day_of_era, year_of_era, day_of_year;
130	0	int64_t month_of_year;
131
132	0	if (!is_valid_posix_time(time))
133	0	return 0;
134
135	0	days = time / SECS_PER_DAY;
136	0	leftover_seconds = time % SECS_PER_DAY;
137	0	if (leftover_seconds < 0) {
138	0	days--;
139	0	leftover_seconds += SECS_PER_DAY;
140	0	}
141	0	days += 719468; /* Shift to starting epoch of Mar 1 0000. */
142
143		/* At this point, days will be in the range -61 and 3652364. */
144	0	era = (days > 0 ? days : days - 146096) / 146097;
145	0	day_of_era = days - era * 146097;
146	0	year_of_era = (day_of_era - day_of_era / 1460 + day_of_era / 36524 -
147	0	day_of_era / 146096) / 365;
148	0	out_year = (int) (year_of_era + era 400); /* Year starts on Mar 1 */
149	0	day_of_year = day_of_era - (365 * year_of_era + year_of_era / 4 -
150	0	year_of_era / 100);
151	0	month_of_year = (5 * day_of_year + 2) / 153;
152	0	*out_month = (int) (month_of_year < 10 ? month_of_year + 3 :
153	0	month_of_year - 9);
154	0	if (*out_month <= 2)
155	0	(out_year)++; / Adjust year back to Jan 1 start of year. */
156
157	0	out_day = (int) (day_of_year - (153 month_of_year + 2) / 5 + 1);
158	0	*out_hours = (int) leftover_seconds / SECS_PER_HOUR;
159	0	leftover_seconds %= SECS_PER_HOUR;
160	0	*out_minutes = (int) leftover_seconds / 60;
161	0	*out_seconds = (int) leftover_seconds % 60;
162
163	0	return 1;
164	0	}
165
166		int OPENSSL_tm_to_posix(const struct tm tm, int64_t out)
167	0	{
168	0	return posix_time_from_utc(tm->tm_year + (int64_t)1900,
169	0	tm->tm_mon + (int64_t)1, tm->tm_mday,
170	0	tm->tm_hour, tm->tm_min, tm->tm_sec, out);
171	0	}
172
173		int OPENSSL_posix_to_tm(int64_t time, struct tm *out_tm)
174	0	{
175	0	struct tm tmp_tm = {0};
176
177	0	memset(out_tm, 0, sizeof(*out_tm));
178
179	0	if (!utc_from_posix_time(time, &tmp_tm.tm_year, &tmp_tm.tm_mon,
180	0	&tmp_tm.tm_mday, &tmp_tm.tm_hour,
181	0	&tmp_tm.tm_min, &tmp_tm.tm_sec))
182	0	return 0;
183
184	0	tmp_tm.tm_year -= 1900;
185	0	tmp_tm.tm_mon -= 1;
186
187	0	*out_tm = tmp_tm;
188
189	0	return 1;
190	0	}
191
192		int ossl_asn1_time_tm_to_time_t(const struct tm tm, time_t out)
193	0	{
194	0	int64_t posix_time;
195	0	time_t test_t = -1;
196	0	int bad_idea_bears = (test_t > 0); /* time_t is unsigned */
197
198	0	if (!OPENSSL_tm_to_posix(tm, &posix_time))
199	0	return 0;
200
201	0	if (sizeof(time_t) == sizeof(int32_t)
202	0	&& ((!bad_idea_bears && (posix_time > INT32_MAX
203	0	\|\| posix_time < INT32_MIN))
204	0	\|\| (bad_idea_bears && (posix_time > UINT32_MAX
205	0	\|\| posix_time < 0))))
206	0	return 0;
207
208	0	*out = posix_time;
209	0	return 1;
210	0	}
211
212		int ossl_asn1_time_time_t_to_tm(const time_t time, struct tm out_tm)
213	0	{
214	0	int64_t posix_time = *time;
215
216	0	return OPENSSL_posix_to_tm(posix_time, out_tm);
217	0	}
218
219		int OPENSSL_timegm(const struct tm tm, time_t out)
220	0	{
221	0	return ossl_asn1_time_tm_to_time_t(tm, out);
222	0	}
223
224		struct tm * OPENSSL_gmtime(const time_t time, struct tm out_tm)
225	0	{
226	0	if (!ossl_asn1_time_time_t_to_tm(time, out_tm))
227	0	return NULL;
228	0	return out_tm;
229	0	}
230
231		/* LibreSSL and BoringSSL use int64_t instead of long. */
232		int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec)
233	0	{
234	0	int64_t posix_time;
235
236	0	if (!OPENSSL_tm_to_posix(tm, &posix_time))
237	0	return 0;
238
239	0	OPENSSL_assert(INT_MAX <= INT64_MAX / SECS_PER_DAY);
240	0	OPENSSL_assert(MAX_POSIX_TIME <= INT64_MAX - INT_MAX * SECS_PER_DAY);
241	0	OPENSSL_assert(MIN_POSIX_TIME >= INT64_MIN - INT_MIN * SECS_PER_DAY);
242
243	0	posix_time += offset_day * SECS_PER_DAY;
244
245	0	if (posix_time > 0 && offset_sec > INT64_MAX - posix_time)
246	0	return 0;
247	0	if (posix_time < 0 && offset_sec < INT64_MIN - posix_time)
248	0	return 0;
249	0	posix_time += offset_sec;
250
251	0	if (!OPENSSL_posix_to_tm(posix_time, tm))
252	0	return 0;
253
254	0	return 1;
255	0	}
256
257		int OPENSSL_gmtime_diff(int out_days, int out_secs, const struct tm *from,
258		const struct tm *to)
259	0	{
260	0	int64_t time_to, time_from, timediff, daydiff;
261
262	0	if (!OPENSSL_tm_to_posix(to, &time_to) \|\|
263	0	!OPENSSL_tm_to_posix(from, &time_from))
264	0	return 0;
265
266		/* Times are in range, so these calculations cannot overflow. */
267	0	OPENSSL_assert(SECS_PER_DAY <= INT_MAX);
268	0	OPENSSL_assert((MAX_POSIX_TIME - MIN_POSIX_TIME) / SECS_PER_DAY <= INT_MAX);
269
270	0	timediff = time_to - time_from;
271	0	daydiff = timediff / SECS_PER_DAY;
272	0	timediff %= SECS_PER_DAY;
273
274	0	*out_secs = (int) timediff;
275	0	*out_days = (int) daydiff;
276
277	0	return 1;
278	0	}
279
280		int ossl_posix_to_asn1_time(int64_t posix_time, ASN1_TIME **out_time)
281	0	{
282	0	struct tm ts;
283
284	0	if (!OPENSSL_posix_to_tm(posix_time, &ts))
285	0	return 0;
286
287	0	if ((out_time = ossl_asn1_time_from_tm(out_time, &ts, V_ASN1_UNDEF)) == NULL)
288	0	return 0;
289
290	0	return 1;
291	0	}