Make time_t conversions. Give up on the OS provided ones.

We only care about dates within years 0000 to 9999 for
RFC5280. timegm() is only semi-standard. Some things require the
setting awkward defines to get libc to give it to you. Other things
let you have it but make it stop working at year 3000. Still other
things have 32 bit time_t.....

Let's just make our own that actually works. all the time, does
everything with an int64_t, and fails if you want to send something
out that would overflow a 32 bit time_t.

In the process of doing this, we get rid of the old Julian date stuff
from OpenSSL, which while functional was a bit awkward dealing only
with days, and using the Julian calendar as the reference point instead of potentially something more useful. Julian seconds since Jan 1 1970
00:00:00 UCT are much more useful to us than Julian days since a
Julian epoch.

The OS implementations of timegm() and gmtime() also can be pretty
complex, due to the nature of needing multiple timezone, daylight
saving, day of week, and other stuff we simply do not need for
doing things with certificate times. A small microbenchmark of
10000000 of each operation comparing this implementation to
the system version on my M1 mac gives:

bbe-macbookpro:tmp bbe$ time ./openssl_gmtime

real    0m0.152s
user    0m0.127s
sys     0m0.018s
bbe-macbookpro:tmp bbe$ time ./gmtime

real    0m0.422s
user    0m0.403s
sys     0m0.014s
bbe-macbookpro:tmp bbe$ time ./openssl_timegm

real    0m0.041s
user    0m0.015s
sys     0m0.019s
bbe-macbookpro:tmp bbe$ time ./timegm

real    0m30.432s
user    0m30.383s
sys     0m0.040s

Similarly On a glinux machine:

bbe@bbe-glinux1:~$ time ./openssl_gmtime

real    0m0.157s
user    0m0.152s
sys     0m0.008s
bbe@bbe-glinux1:~$ time ./gmtime

real    0m0.336s
user    0m0.336s
sys     0m0.002s
bbe@bbe-glinux1:~$ time ./openssl_timegm

real    0m0.018s
user    0m0.019s
sys     0m0.002s
bbe@bbe-glinux1:~$ time ./timegm

real    0m0.680s
user    0m0.671s
sys     0m0.011s
bbe@bbe-glinux1:~$


Bug: 501

Change-Id: If445272d365f2c9673b5f3264d082af1a342e0a1
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/53245
Commit-Queue: Bob Beck <bbe@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
9 files changed
tree: 9ce0ed9994df92c1c8235a2162c5b88941b79451
  1. .github/
  2. crypto/
  3. decrepit/
  4. fuzz/
  5. include/
  6. rust/
  7. ssl/
  8. third_party/
  9. tool/
  10. util/
  11. .clang-format
  12. .gitignore
  13. API-CONVENTIONS.md
  14. BREAKING-CHANGES.md
  15. BUILDING.md
  16. CMakeLists.txt
  17. codereview.settings
  18. CONTRIBUTING.md
  19. FUZZING.md
  20. go.mod
  21. go.sum
  22. INCORPORATING.md
  23. LICENSE
  24. OpenSSLConfig.cmake
  25. PORTING.md
  26. README.md
  27. SANDBOXING.md
  28. sources.cmake
  29. STYLE.md
README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

Project links:

There are other files in this directory which might be helpful: