Clarify the safety of NetClock::time_point arithmetic:

* NetClock::rep is uint32_t and can be error-prone when
  used with subtraction.
* Fixes #3656

src/ripple/app/tx/impl/CreateOffer.cpp

@@ -638,7 +638,7 @@ CreateOffer::takerCross(
     Sandbox& sbCancel,
     Amounts const& takerAmount)
 {
-    NetClock::time_point const when{ctx_.view().parentCloseTime()};
+    NetClock::time_point const when = ctx_.view().parentCloseTime();
 
     beast::WrappedSink takerSink(j_, "Taker ");
 

src/ripple/consensus/Validations.h

@@ -152,7 +152,9 @@ isCurrent(
     // Because this can be called on untrusted, possibly
     // malicious validations, we do our math in a way
     // that avoids any chance of overflowing or underflowing
-    // the signing time.
+    // the signing time.  All of the expressions below are
+    // promoted from unsigned 32 bit to signed 64 bit prior
+    // to computation.
 
     return (signTime > (now - p.validationCURRENT_EARLY)) &&
         (signTime < (now + p.validationCURRENT_WALL)) &&

src/ripple/overlay/impl/Handshake.cpp

@@ -268,7 +268,6 @@ verifyHandshake(
         // We can't blindly "return a-b;" because TimeKeeper::time_point
         // uses an unsigned integer for representing durations, which is
         // a problem when trying to subtract time points.
-        // FIXME: @HowardHinnant, should we migrate to using std::int64_t?
         auto calculateOffset = [](TimeKeeper::time_point a,
                                   TimeKeeper::time_point b) {
             if (a > b)