1 files changed, 56 insertions, 50 deletions
diff --git a/src/lib/libcrypto/asn1/a_time_posix.c b/src/lib/libcrypto/asn1/a_time_posix.c
index 5d10d21d3c..d4439b4701 100644
--- a/src/lib/libcrypto/asn1/a_time_posix.c
+++ b/src/lib/libcrypto/asn1/a_time_posix.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_time_posix.c,v 1.4 2023/11/13 12:46:07 beck Exp $ */
+/* $OpenBSD: a_time_posix.c,v 1.5 2024/02/18 16:28:38 tb Exp $ */
 /*
 * Copyright (c) 2022, Google Inc.
 * Copyright (c) 2022, Bob Beck <beck@obtuse.com>
@@ -23,10 +23,14 @@
 #include <inttypes.h>
 #include <limits.h>
+#include <stdint.h>
 #include <string.h>
 #include <time.h>
 #include <openssl/asn1.h>
+#include <openssl/posix_time.h>
+#include "crypto_internal.h"
 #define SECS_PER_HOUR (int64_t)(60 * 60)
 #define SECS_PER_DAY (int64_t)(24 * SECS_PER_HOUR)
@@ -36,7 +40,7 @@
 * to 9999?
 */
 static int
-is_valid_date(int year, int month, int day)
+is_valid_date(int64_t year, int64_t month, int64_t day)
 {
        int days_in_month;
        if (day < 1 || month < 1 || year < 0 || year > 9999)
@@ -80,13 +84,16 @@ is_valid_time(int hours, int minutes, int seconds)
            minutes <= 59 && seconds <= 59;
 }
+/* 0000-01-01 00:00:00 UTC */
+#define MIN_POSIX_TIME INT64_C(-62167219200)
+/* 9999-12-31 23:59:59 UTC */
+#define MAX_POSIX_TIME INT64_C(253402300799)
 /* Is a int64 time representing a time within our expected range? */
 static int
-is_valid_epoch_time(int64_t time)
+is_valid_posix_time(int64_t time)
 {
-        /* 0000-01-01 00:00:00 UTC to 9999-12-31 23:59:59 UTC */
+        return MIN_POSIX_TIME <= time && time <= MAX_POSIX_TIME;
-        return (int64_t)-62167219200LL <= time &&
-            time <= (int64_t)253402300799LL;
 }
 /*
@@ -95,8 +102,8 @@ is_valid_epoch_time(int64_t time)
 * (Public Domain)
 */
 static int
-posix_time_from_utc(int year, int month, int day, int hours,  int minutes,
+posix_time_from_utc(int64_t year, int64_t month, int64_t day, int64_t hours,
-    int seconds, int64_t *out_time)
+    int64_t minutes, int64_t seconds, int64_t *out_time)
 {
        int64_t era, year_of_era, day_of_year, day_of_era, posix_days;
@@ -132,7 +139,7 @@ utc_from_posix_time(int64_t time, int *out_year, int *out_month, int *out_day,
        int64_t days, leftover_seconds, era, day_of_era, year_of_era,
            day_of_year, month_of_year;
-        if (!is_valid_epoch_time(time))
+        if (!is_valid_posix_time(time))
                return 0;
        days = time / SECS_PER_DAY;
@@ -167,40 +174,41 @@ utc_from_posix_time(int64_t time, int *out_year, int *out_month, int *out_day,
        return 1;
 }
-static int
+int
-asn1_time_tm_to_posix(const struct tm *tm, int64_t *out)
+OPENSSL_tm_to_posix(const struct tm *tm, int64_t *out)
 {
-        /* Ensure additions below do not overflow */
+        return posix_time_from_utc(tm->tm_year + (int64_t)1900,
-        if (tm->tm_year > 9999)
+            tm->tm_mon + (int64_t)1, tm->tm_mday, tm->tm_hour, tm->tm_min,
-                return 0;
+            tm->tm_sec, out);
-        if (tm->tm_mon > 12)
-                return 0;
-        return posix_time_from_utc(tm->tm_year + 1900, tm->tm_mon + 1,
-            tm->tm_mday, tm->tm_hour, tm->tm_min, tm->tm_sec, out);
 }
+LCRYPTO_ALIAS(OPENSSL_tm_to_posix);
-static int
+int
-asn1_time_posix_to_tm(int64_t time, struct tm *out_tm)
+OPENSSL_posix_to_tm(int64_t time, struct tm *out_tm)
 {
-        memset(out_tm, 0, sizeof(struct tm));
+        struct tm tmp_tm = {0};
-        if (!utc_from_posix_time(time, &out_tm->tm_year, &out_tm->tm_mon,
-            &out_tm->tm_mday, &out_tm->tm_hour, &out_tm->tm_min,
+        memset(out_tm, 0, sizeof(*out_tm));
-            &out_tm->tm_sec))
+        if (!utc_from_posix_time(time, &tmp_tm.tm_year, &tmp_tm.tm_mon,
+            &tmp_tm.tm_mday, &tmp_tm.tm_hour, &tmp_tm.tm_min, &tmp_tm.tm_sec))
                return 0;
-        out_tm->tm_year -= 1900;
+        tmp_tm.tm_year -= 1900;
-        out_tm->tm_mon -= 1;
+        tmp_tm.tm_mon -= 1;
+        *out_tm = tmp_tm;
        return 1;
 }
+LCRYPTO_ALIAS(OPENSSL_posix_to_tm);
 int
 asn1_time_tm_to_time_t(const struct tm *tm, time_t *out)
 {
        int64_t posix_time;
-        if (!asn1_time_tm_to_posix(tm, &posix_time))
+        if (!OPENSSL_tm_to_posix(tm, &posix_time))
                return 0;
 #ifdef SMALL_TIME_T
@@ -219,7 +227,7 @@ asn1_time_time_t_to_tm(const time_t *time, struct tm *out_tm)
 {
        int64_t posix_time = *time;
-        return asn1_time_posix_to_tm(posix_time, out_tm);
+        return OPENSSL_posix_to_tm(posix_time, out_tm);
 }
 int
@@ -236,28 +244,29 @@ OPENSSL_gmtime(const time_t *time, struct tm *out_tm) {
 }
 LCRYPTO_ALIAS(OPENSSL_gmtime);
+/* Public API in OpenSSL. BoringSSL uses int64_t instead of long. */
 int
-OPENSSL_gmtime_adj(struct tm *tm, int off_day, long offset_sec)
+OPENSSL_gmtime_adj(struct tm *tm, int offset_day, int64_t offset_sec)
 {
        int64_t posix_time;
-        /* Ensure additions below do not overflow */
+        if (!OPENSSL_tm_to_posix(tm, &posix_time))
-        if (tm->tm_year > 9999)
-                return 0;
-        if (tm->tm_mon > 12)
                return 0;
-        if (!posix_time_from_utc(tm->tm_year + 1900, tm->tm_mon + 1,
+        CTASSERT(INT_MAX <= INT64_MAX / SECS_PER_DAY);
-            tm->tm_mday, tm->tm_hour, tm->tm_min, tm->tm_sec, &posix_time))
+        CTASSERT(MAX_POSIX_TIME <= INT64_MAX - INT_MAX * SECS_PER_DAY);
-                return 0;
+        CTASSERT(MIN_POSIX_TIME >= INT64_MIN - INT_MIN * SECS_PER_DAY);
+        posix_time += offset_day * SECS_PER_DAY;
-        if (!utc_from_posix_time(posix_time + off_day * SECS_PER_DAY +
+        if (posix_time > 0 && offset_sec > INT64_MAX - posix_time)
-            offset_sec, &tm->tm_year, &tm->tm_mon, &tm->tm_mday, &tm->tm_hour,
-            &tm->tm_min, &tm->tm_sec))
                return 0;
+        if (posix_time < 0 && offset_sec < INT64_MIN - posix_time)
+                return 0;
+        posix_time += offset_sec;
-        tm->tm_year -= 1900;
+        if (!OPENSSL_posix_to_tm(posix_time, tm))
-        tm->tm_mon -= 1;
+                return 0;
        return 1;
 }
@@ -268,20 +277,17 @@ OPENSSL_gmtime_diff(int *out_days, int *out_secs, const struct tm *from,
 {
        int64_t time_to, time_from, timediff, daydiff;
-        if (!posix_time_from_utc(to->tm_year + 1900, to->tm_mon + 1,
+        if (!OPENSSL_tm_to_posix(to, &time_to) ||
-            to->tm_mday, to->tm_hour, to->tm_min, to->tm_sec, &time_to))
+            !OPENSSL_tm_to_posix(from, &time_from))
                return 0;
-        if (!posix_time_from_utc(from->tm_year + 1900, from->tm_mon + 1,
+        /* Times are in range, so these calculations cannot overflow. */
-            from->tm_mday, from->tm_hour, from->tm_min,
+        CTASSERT(SECS_PER_DAY <= INT_MAX);
-            from->tm_sec, &time_from))
+        CTASSERT((MAX_POSIX_TIME - MIN_POSIX_TIME) / SECS_PER_DAY <= INT_MAX);
-                return 0;
        timediff = time_to - time_from;
        daydiff = timediff / SECS_PER_DAY;
        timediff %= SECS_PER_DAY;
-        if (daydiff > INT_MAX || daydiff < INT_MIN)
-                return 0;
        *out_secs = timediff;
        *out_days = daydiff;

diff --git a/src/lib/libcrypto/asn1/a_time_posix.c b/src/lib/libcrypto/asn1/a_time_posix.c index 5d10d21d3c..d4439b4701 100644 --- a/src/lib/libcrypto/asn1/a_time_posix.c +++ b/src/lib/libcrypto/asn1/a_time_posix.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: a_time_posix.c,v 1.4 2023/11/13 12:46:07 beck Exp $ */	1	/* $OpenBSD: a_time_posix.c,v 1.5 2024/02/18 16:28:38 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2022, Google Inc.	3	* Copyright (c) 2022, Google Inc.
4	* Copyright (c) 2022, Bob Beck <beck@obtuse.com>	4	* Copyright (c) 2022, Bob Beck <beck@obtuse.com>
@@ -23,10 +23,14 @@
23		23
24	#include <inttypes.h>	24	#include <inttypes.h>
25	#include <limits.h>	25	#include <limits.h>
		26	#include <stdint.h>
26	#include <string.h>	27	#include <string.h>
27	#include <time.h>	28	#include <time.h>
28		29
29	#include <openssl/asn1.h>	30	#include <openssl/asn1.h>
		31	#include <openssl/posix_time.h>
		32
		33	#include "crypto_internal.h"
30		34
31	#define SECS_PER_HOUR (int64_t)(60 * 60)	35	#define SECS_PER_HOUR (int64_t)(60 * 60)
32	#define SECS_PER_DAY (int64_t)(24 * SECS_PER_HOUR)	36	#define SECS_PER_DAY (int64_t)(24 * SECS_PER_HOUR)
@@ -36,7 +40,7 @@
36	* to 9999?	40	* to 9999?
37	*/	41	*/
38	static int	42	static int
39	is_valid_date(int year, int month, int day)	43	is_valid_date(int64_t year, int64_t month, int64_t day)
40	{	44	{
41	int days_in_month;	45	int days_in_month;
42	if (day < 1 \|\| month < 1 \|\| year < 0 \|\| year > 9999)	46	if (day < 1 \|\| month < 1 \|\| year < 0 \|\| year > 9999)
@@ -80,13 +84,16 @@ is_valid_time(int hours, int minutes, int seconds)
80	minutes <= 59 && seconds <= 59;	84	minutes <= 59 && seconds <= 59;
81	}	85	}
82		86
		87	/* 0000-01-01 00:00:00 UTC */
		88	#define MIN_POSIX_TIME INT64_C(-62167219200)
		89	/* 9999-12-31 23:59:59 UTC */
		90	#define MAX_POSIX_TIME INT64_C(253402300799)
		91
83	/* Is a int64 time representing a time within our expected range? */	92	/* Is a int64 time representing a time within our expected range? */
84	static int	93	static int
85	is_valid_epoch_time(int64_t time)	94	is_valid_posix_time(int64_t time)
86	{	95	{
87	/* 0000-01-01 00:00:00 UTC to 9999-12-31 23:59:59 UTC */	96	return MIN_POSIX_TIME <= time && time <= MAX_POSIX_TIME;
88	return (int64_t)-62167219200LL <= time &&
89	time <= (int64_t)253402300799LL;
90	}	97	}
91		98
92	/*	99	/*
@@ -95,8 +102,8 @@ is_valid_epoch_time(int64_t time)
95	* (Public Domain)	102	* (Public Domain)
96	*/	103	*/
97	static int	104	static int
98	posix_time_from_utc(int year, int month, int day, int hours, int minutes,	105	posix_time_from_utc(int64_t year, int64_t month, int64_t day, int64_t hours,
99	int seconds, int64_t *out_time)	106	int64_t minutes, int64_t seconds, int64_t *out_time)
100	{	107	{
101	int64_t era, year_of_era, day_of_year, day_of_era, posix_days;	108	int64_t era, year_of_era, day_of_year, day_of_era, posix_days;
102		109
@@ -132,7 +139,7 @@ utc_from_posix_time(int64_t time, int out_year, int out_month, int *out_day,
132	int64_t days, leftover_seconds, era, day_of_era, year_of_era,	139	int64_t days, leftover_seconds, era, day_of_era, year_of_era,
133	day_of_year, month_of_year;	140	day_of_year, month_of_year;
134		141
135	if (!is_valid_epoch_time(time))	142	if (!is_valid_posix_time(time))
136	return 0;	143	return 0;
137		144
138	days = time / SECS_PER_DAY;	145	days = time / SECS_PER_DAY;
@@ -167,40 +174,41 @@ utc_from_posix_time(int64_t time, int out_year, int out_month, int *out_day,
167	return 1;	174	return 1;
168	}	175	}
169		176
170	static int	177	int
171	asn1_time_tm_to_posix(const struct tm tm, int64_t out)	178	OPENSSL_tm_to_posix(const struct tm tm, int64_t out)
172	{	179	{
173	/* Ensure additions below do not overflow */	180	return posix_time_from_utc(tm->tm_year + (int64_t)1900,
174	if (tm->tm_year > 9999)	181	tm->tm_mon + (int64_t)1, tm->tm_mday, tm->tm_hour, tm->tm_min,
175	return 0;	182	tm->tm_sec, out);
176	if (tm->tm_mon > 12)
177	return 0;
178
179	return posix_time_from_utc(tm->tm_year + 1900, tm->tm_mon + 1,
180	tm->tm_mday, tm->tm_hour, tm->tm_min, tm->tm_sec, out);
181	}	183	}
		184	LCRYPTO_ALIAS(OPENSSL_tm_to_posix);
182		185
183	static int	186	int
184	asn1_time_posix_to_tm(int64_t time, struct tm *out_tm)	187	OPENSSL_posix_to_tm(int64_t time, struct tm *out_tm)
185	{	188	{
186	memset(out_tm, 0, sizeof(struct tm));	189	struct tm tmp_tm = {0};
187	if (!utc_from_posix_time(time, &out_tm->tm_year, &out_tm->tm_mon,	190
188	&out_tm->tm_mday, &out_tm->tm_hour, &out_tm->tm_min,	191	memset(out_tm, 0, sizeof(*out_tm));
189	&out_tm->tm_sec))	192
		193	if (!utc_from_posix_time(time, &tmp_tm.tm_year, &tmp_tm.tm_mon,
		194	&tmp_tm.tm_mday, &tmp_tm.tm_hour, &tmp_tm.tm_min, &tmp_tm.tm_sec))
190	return 0;	195	return 0;
191		196
192	out_tm->tm_year -= 1900;	197	tmp_tm.tm_year -= 1900;
193	out_tm->tm_mon -= 1;	198	tmp_tm.tm_mon -= 1;
		199
		200	*out_tm = tmp_tm;
194		201
195	return 1;	202	return 1;
196	}	203	}
		204	LCRYPTO_ALIAS(OPENSSL_posix_to_tm);
197		205
198	int	206	int
199	asn1_time_tm_to_time_t(const struct tm tm, time_t out)	207	asn1_time_tm_to_time_t(const struct tm tm, time_t out)
200	{	208	{
201	int64_t posix_time;	209	int64_t posix_time;
202		210
203	if (!asn1_time_tm_to_posix(tm, &posix_time))	211	if (!OPENSSL_tm_to_posix(tm, &posix_time))
204	return 0;	212	return 0;
205		213
206	#ifdef SMALL_TIME_T	214	#ifdef SMALL_TIME_T
@@ -219,7 +227,7 @@ asn1_time_time_t_to_tm(const time_t time, struct tm out_tm)
219	{	227	{
220	int64_t posix_time = *time;	228	int64_t posix_time = *time;
221		229
222	return asn1_time_posix_to_tm(posix_time, out_tm);	230	return OPENSSL_posix_to_tm(posix_time, out_tm);
223	}	231	}
224		232
225	int	233	int
@@ -236,28 +244,29 @@ OPENSSL_gmtime(const time_t time, struct tm out_tm) {
236	}	244	}
237	LCRYPTO_ALIAS(OPENSSL_gmtime);	245	LCRYPTO_ALIAS(OPENSSL_gmtime);
238		246
		247	/* Public API in OpenSSL. BoringSSL uses int64_t instead of long. */
239	int	248	int
240	OPENSSL_gmtime_adj(struct tm *tm, int off_day, long offset_sec)	249	OPENSSL_gmtime_adj(struct tm *tm, int offset_day, int64_t offset_sec)
241	{	250	{
242	int64_t posix_time;	251	int64_t posix_time;
243		252
244	/* Ensure additions below do not overflow */	253	if (!OPENSSL_tm_to_posix(tm, &posix_time))
245	if (tm->tm_year > 9999)
246	return 0;
247	if (tm->tm_mon > 12)
248	return 0;	254	return 0;
249		255
250	if (!posix_time_from_utc(tm->tm_year + 1900, tm->tm_mon + 1,	256	CTASSERT(INT_MAX <= INT64_MAX / SECS_PER_DAY);
251	tm->tm_mday, tm->tm_hour, tm->tm_min, tm->tm_sec, &posix_time))	257	CTASSERT(MAX_POSIX_TIME <= INT64_MAX - INT_MAX * SECS_PER_DAY);
252	return 0;	258	CTASSERT(MIN_POSIX_TIME >= INT64_MIN - INT_MIN * SECS_PER_DAY);
		259
		260	posix_time += offset_day * SECS_PER_DAY;
253		261
254	if (!utc_from_posix_time(posix_time + off_day * SECS_PER_DAY +	262	if (posix_time > 0 && offset_sec > INT64_MAX - posix_time)
255	offset_sec, &tm->tm_year, &tm->tm_mon, &tm->tm_mday, &tm->tm_hour,
256	&tm->tm_min, &tm->tm_sec))
257	return 0;	263	return 0;
		264	if (posix_time < 0 && offset_sec < INT64_MIN - posix_time)
		265	return 0;
		266	posix_time += offset_sec;
258		267
259	tm->tm_year -= 1900;	268	if (!OPENSSL_posix_to_tm(posix_time, tm))
260	tm->tm_mon -= 1;	269	return 0;
261		270
262	return 1;	271	return 1;
263	}	272	}
@@ -268,20 +277,17 @@ OPENSSL_gmtime_diff(int out_days, int out_secs, const struct tm *from,
268	{	277	{
269	int64_t time_to, time_from, timediff, daydiff;	278	int64_t time_to, time_from, timediff, daydiff;
270		279
271	if (!posix_time_from_utc(to->tm_year + 1900, to->tm_mon + 1,	280	if (!OPENSSL_tm_to_posix(to, &time_to) \|\|
272	to->tm_mday, to->tm_hour, to->tm_min, to->tm_sec, &time_to))	281	!OPENSSL_tm_to_posix(from, &time_from))
273	return 0;	282	return 0;
274		283
275	if (!posix_time_from_utc(from->tm_year + 1900, from->tm_mon + 1,	284	/* Times are in range, so these calculations cannot overflow. */
276	from->tm_mday, from->tm_hour, from->tm_min,	285	CTASSERT(SECS_PER_DAY <= INT_MAX);
277	from->tm_sec, &time_from))	286	CTASSERT((MAX_POSIX_TIME - MIN_POSIX_TIME) / SECS_PER_DAY <= INT_MAX);
278	return 0;
279		287
280	timediff = time_to - time_from;	288	timediff = time_to - time_from;
281	daydiff = timediff / SECS_PER_DAY;	289	daydiff = timediff / SECS_PER_DAY;
282	timediff %= SECS_PER_DAY;	290	timediff %= SECS_PER_DAY;
283	if (daydiff > INT_MAX \|\| daydiff < INT_MIN)
284	return 0;
285		291
286	*out_secs = timediff;	292	*out_secs = timediff;
287	*out_days = daydiff;	293	*out_days = daydiff;