Prepare to expose OPENSSL_gmtime and OPENSSL_timegm as public

This matches when BoringSSL has done, and allows for getting
rid of the dependency on system timegm() and gmtime() in libtls.
which will make life easier for portable, and remove our
dependency on the potentially very slow system versions.

ok tb@ - tb will handle the minor bump bits and expose
on the next minor bump
CVS :----------------------------------------------------------------------

4 files changed, 68 insertions, 5 deletions

diff --git a/src/lib/libcrypto/asn1/a_time_posix.c b/src/lib/libcrypto/asn1/a_time_posix.c
index 9327aa8bf0..5d10d21d3c 100644
--- a/src/lib/libcrypto/asn1/a_time_posix.c
+++ b/src/lib/libcrypto/asn1/a_time_posix.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_time_posix.c,v 1.3 2023/01/01 16:58:23 miod Exp $ */
+/* $OpenBSD: a_time_posix.c,v 1.4 2023/11/13 12:46:07 beck Exp $ */
 /*
  * Copyright (c) 2022, Google Inc.
  * Copyright (c) 2022, Bob Beck <beck@obtuse.com>
@@ -26,6 +26,8 @@
 #include <string.h>
 #include <time.h>
 
+#include <openssl/asn1.h>
+
 #define SECS_PER_HOUR (int64_t)(60 * 60)
 #define SECS_PER_DAY (int64_t)(24 * SECS_PER_HOUR)
 
@@ -221,6 +223,20 @@ asn1_time_time_t_to_tm(const time_t *time, struct tm *out_tm)
 }
 
 int
+OPENSSL_timegm(const struct tm *tm, time_t *out) {
+        return asn1_time_tm_to_time_t(tm, out);
+}
+LCRYPTO_ALIAS(OPENSSL_timegm);
+
+struct tm *
+OPENSSL_gmtime(const time_t *time, struct tm *out_tm) {
+        if (!asn1_time_time_t_to_tm(time, out_tm))
+                return NULL;
+        return out_tm;
+}
+LCRYPTO_ALIAS(OPENSSL_gmtime);
+
+int
 OPENSSL_gmtime_adj(struct tm *tm, int off_day, long offset_sec)
 {
         int64_t posix_time;
diff --git a/src/lib/libcrypto/asn1/asn1.h b/src/lib/libcrypto/asn1/asn1.h
index 5eeee3317b..0816f2ac9a 100644
--- a/src/lib/libcrypto/asn1/asn1.h
+++ b/src/lib/libcrypto/asn1/asn1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1.h,v 1.80 2023/07/28 10:33:13 tb Exp $ */
+/* $OpenBSD: asn1.h,v 1.81 2023/11/13 12:46:07 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -914,6 +914,11 @@ int SMIME_text(BIO *in, BIO *out);
 
 void ERR_load_ASN1_strings(void);
 
+#if defined(LIBRESSL_INTERNAL) || defined(LIBRESSL_NEXT_API)
+int OPENSSL_timegm(const struct tm *tm, time_t *out);
+struct tm *OPENSSL_gmtime(const time_t *time, struct tm *out_tm);
+#endif
+
 /* Error codes for the ASN1 functions. */
 
 /* Function codes. */
diff --git a/src/lib/libcrypto/hidden/openssl/asn1.h b/src/lib/libcrypto/hidden/openssl/asn1.h
index fb1393f2a4..11db7b9902 100644
--- a/src/lib/libcrypto/hidden/openssl/asn1.h
+++ b/src/lib/libcrypto/hidden/openssl/asn1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1.h,v 1.6 2023/07/28 10:33:13 tb Exp $ */
+/* $OpenBSD: asn1.h,v 1.7 2023/11/13 12:46:07 beck Exp $ */
 /*
  * Copyright (c) 2023 Bob Beck <beck@openbsd.org>
  *
@@ -249,5 +249,7 @@ LCRYPTO_USED(SMIME_text);
 LCRYPTO_USED(ERR_load_ASN1_strings);
 LCRYPTO_USED(ASN1_time_parse);
 LCRYPTO_USED(ASN1_time_tm_cmp);
+LCRYPTO_USED(OPENSSL_gmtime);
+LCRYPTO_USED(OPENSSL_timegm);
 
 #endif /* _LIBCRYPTO_ASN1_H */
diff --git a/src/lib/libcrypto/man/ASN1_TIME_set.3 b/src/lib/libcrypto/man/ASN1_TIME_set.3
index 4f6a99673a..3b649e05be 100644
--- a/src/lib/libcrypto/man/ASN1_TIME_set.3
+++ b/src/lib/libcrypto/man/ASN1_TIME_set.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ASN1_TIME_set.3,v 1.19 2022/11/13 22:11:44 schwarze Exp $
+.\" $OpenBSD: ASN1_TIME_set.3,v 1.20 2023/11/13 12:46:07 beck Exp $
 .\" full merge up to: OpenSSL 3d0f1cb9 Jul 11 03:01:24 2017 +0800
 .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
@@ -68,7 +68,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: November 13 2022 $
+.Dd $Mdocdate: November 13 2023 $
 .Dt ASN1_TIME_SET 3
 .Os
 .Sh NAME
@@ -95,6 +95,8 @@
 .Nm ASN1_UTCTIME_cmp_time_t ,
 .Nm ASN1_TIME_compare ,
 .Nm ASN1_TIME_to_generalizedtime
+.Nm OPENSSL_gmtime,
+.Nm OPENSSL_timegm,
 .Nd ASN.1 Time functions
 .Sh SYNOPSIS
 .In openssl/asn1.h
@@ -217,6 +219,16 @@
 .Fa "const ASN1_TIME *t"
 .Fa "ASN1_GENERALIZEDTIME **out"
 .Fc
+.Ft struct tm *
+.Fo OPENSSL_gmtime
+.Fa "const time_t *time"
+.Fa "struct tm *out_tm"
+.Fc
+.Ft int
+.Fo OPENSSL_timegm
+.Fa "const struct tm *tm"
+.Fa "time_t *out_time"
+.Fc
 .Sh DESCRIPTION
 An
 .Vt ASN1_TIME
@@ -562,6 +574,28 @@ is earlier than
 is later than
 .Fa t ,
 or \-2 on error.
+.Pp
+.Fn OPENSSL_timegm
+converts a time structure in UTC time in
+.Fa tm
+to a time_t value in
+.Fa out_time
+.Fn OPENSSL_timegm
+returns 1 for success or 0 for failure.
+It can fail if the time is not representable in a time_t,
+or falls outside the range allowed in RFC 5280 times.
+.Pp
+.Fn OPENSSL_gmtime
+converts a time_t value in
+.Fa time
+to a struct tm in
+.Fa out_tm
+.Fn OPENSSL_gmtime
+returns
+.Fa out_tm
+on success or NULL for failure.
+It can fail if the time is not representable in a struct tm,
+or falls outside the range allowed in RFC 5280 times.
 .Sh EXAMPLES
 Set a time object to one hour after the current time and print it
 out:
@@ -651,6 +685,12 @@ and
 .Fn ASN1_TIME_compare
 first appeared in OpenSSL 1.1.1 and have been available since
 .Ox 7.2 .
+.Pp
+.Fn OPENSSL_gmtime
+and
+.Fn OPENSSL_timegm
+first appeared in BoringSSL and have been available since
+.Ox 7.5 .
 .Sh CAVEATS
 Some applications add offset times directly to a
 .Vt time_t