Fix sign issue with unix time conversions

diff --git a/src/lib/tls/cert.c b/src/lib/tls/cert.c
index ff5a40752dfb4e5f9747edc1a38ff2d43f37e416..ddd1333dd4d7b23a9892117b8012726ff3626446 100644 (file)
--- a/src/lib/tls/cert.c
+++ b/src/lib/tls/cert.c
@@ -64,8 +64,8 @@ int fr_tls_cert_is_valid(fr_unix_time_t *not_before_p, fr_unix_time_t *not_after
                return -1;
        }
 
-       if (not_before_p) *not_before_p = fr_unix_time_from_sec(not_before);
-       if (not_after_p) *not_after_p = fr_unix_time_from_sec(not_after);
+       if (not_before_p) *not_before_p = fr_unix_time_from_time(not_before);
+       if (not_after_p) *not_after_p = fr_unix_time_from_time(not_after);
 
        /*
         *      Check the cert hasn't expired
@@ -73,7 +73,7 @@ int fr_tls_cert_is_valid(fr_unix_time_t *not_before_p, fr_unix_time_t *not_after
        if (fr_time_from_sec(not_after) < now) {
                fr_strerror_printf("Certificate has expired.  "
                                   "Validity period (notAfter) ends %pV, current time is %pV",
-                                  fr_box_date(fr_unix_time_from_sec(not_before)), fr_box_date(now));
+                                  fr_box_date(fr_unix_time_from_time(not_before)), fr_box_date(now));
                return -2;
        }
 
@@ -84,7 +84,7 @@ int fr_tls_cert_is_valid(fr_unix_time_t *not_before_p, fr_unix_time_t *not_after
        if (fr_time_from_sec(not_before) > now) {
                fr_strerror_printf("Certificate is not yet valid.  "
                                   "Validity period (notBefore) starts %pV, current time is %pV",
-                                  fr_box_date(fr_unix_time_from_sec(not_before)), fr_box_date(now));
+                                  fr_box_date(fr_unix_time_from_time(not_before)), fr_box_date(now));
                return -3;
        }
 

diff --git a/src/lib/tls/pairs.c b/src/lib/tls/pairs.c
index 7a13440c848d8a86f26d3ae6e0b9098bc4e5c261..751881a20504d7d9d88082e59ff132262434b899 100644 (file)
--- a/src/lib/tls/pairs.c
+++ b/src/lib/tls/pairs.c
@@ -160,7 +160,7 @@ int fr_tls_session_pairs_from_x509_cert(fr_pair_list_t *pair_list, TALLOC_CTX *c
        }
 
        MEM(fr_pair_append_by_da(ctx, &vp, pair_list, attr_tls_certificate_not_before) == 0);
-       vp->vp_date = fr_unix_time_from_sec(time);
+       vp->vp_date = fr_unix_time_from_time(time);
 
        /*
         *      Not valid after
@@ -173,7 +173,7 @@ int fr_tls_session_pairs_from_x509_cert(fr_pair_list_t *pair_list, TALLOC_CTX *c
        }
 
        MEM(fr_pair_append_by_da(ctx, &vp, pair_list, attr_tls_certificate_not_after) == 0);
-       vp->vp_date = fr_unix_time_from_sec(time);
+       vp->vp_date = fr_unix_time_from_time(time);
 
        /*
         *      Get the RFC822 Subject Alternative Name

diff --git a/src/lib/util/time.h b/src/lib/util/time.h
index dbb147d2970df4f4d357e6311b48132c87341ef0..265db12452d85cb03307dbafbd6be50453dada60 100644 (file)
--- a/src/lib/util/time.h
+++ b/src/lib/util/time.h
@@ -99,10 +99,27 @@ extern uint64_t                             our_mach_epoch;
 /*
  *     Need cast because of difference in sign
  */
-#define fr_unix_time_from_nsec(_x)     ((_x) < 0 ? 0 : (fr_unix_time_t)(_x))
-#define fr_unix_time_from_usec(_x)     ((_x) < 0 ? 0 : (fr_unix_time_t)fr_time_delta_from_usec((fr_time_delta_t)(_x)))
-#define fr_unix_time_from_msec(_x)     ((_x) < 0 ? 0 : (fr_unix_time_t)fr_time_delta_from_msec((fr_time_delta_t)(_x)))
-#define fr_unix_time_from_sec(_x)      ((_x) < 0 ? 0 : (fr_unix_time_t)fr_time_delta_from_sec((fr_time_delta_t)(_x)))
+#define fr_unix_time_from_nsec(_x)     (fr_unix_time_t)(_x)
+#define fr_unix_time_from_usec(_x)     (fr_unix_time_t)fr_time_delta_from_usec((fr_time_delta_t)(_x))
+#define fr_unix_time_from_msec(_x)     (fr_unix_time_t)fr_time_delta_from_msec((fr_time_delta_t)(_x))
+#define fr_unix_time_from_sec(_x)      (fr_unix_time_t)fr_time_delta_from_sec((fr_time_delta_t)(_x))
+
+/** Covert a time_t into out internal fr_unix_time_t
+ *
+ * Our internal unix time representation is unsigned and in nanoseconds which
+ * is different from time_t which is signed and has seconds resolution.
+ *
+ * If time is negative we return 0.
+ *
+ * @param[in] time to convert.
+ * @return Unix time in seconds.
+ */
+static inline CC_HINT(nonnull) fr_unix_time_t fr_unix_time_from_time(time_t time)
+{
+       if (time < 0) return 0;
+
+       return (time * NSEC);
+}
 
 #define fr_unix_time_to_nsec(_x)       (uint64_t)(_x)
 #define fr_unix_time_to_usec(_x)       (uint64_t)fr_time_delta_to_usec(_x)