mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-24 13:55:42 +08:00
Code Issues Packages Projects Releases Wiki Activity

ssl: modify libssl so that it uses OSSL_TIME

Browse Source 
This is instead of time_t and struct timeval.  Some public APIs mandate a
presence of these two types, but they are converted to OSSL_TIME internally.

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19082)
This commit is contained in:
Pauli 2022-08-29 14:17:25 +10:00
parent 364c3b7b1a
commit f0131dc04a
14 changed files with 105 additions and 135 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
ssl/d1_lib.c
View File

@ -14,7 +14,6 @@
#include "ssl_local.h"
#include "internal/time.h"
static void get_current_time(struct timeval *t);
static int dtls1_handshake_write(SSL_CONNECTION *s);
static size_t dtls1_link_min_mtu(void);
@ -56,13 +55,13 @@ const SSL3_ENC_METHOD DTLSv1_2_enc_data = {
dtls1_handshake_write
};
long dtls1_default_timeout(void)
OSSL_TIME dtls1_default_timeout(void)
{
/*
* 2 hours, the 24 hours mentioned in the DTLSv1 spec is way too long for
* http, the cache would over fill
*/
return (60 * 60 * 2);
return ossl_seconds2time(60 * 60 * 2);
}
int dtls1_new(SSL *ssl)
@ -222,6 +221,7 @@ int dtls1_clear(SSL *ssl)
long dtls1_ctrl(SSL *ssl, int cmd, long larg, void *parg)
{
int ret = 0;
OSSL_TIME t;
SSL_CONNECTION *s = SSL_CONNECTION_FROM_SSL_ONLY(ssl);
if (s == NULL)
@ -229,7 +229,8 @@ long dtls1_ctrl(SSL *ssl, int cmd, long larg, void *parg)
switch (cmd) {
case DTLS_CTRL_GET_TIMEOUT:
if (dtls1_get_timeout(s, (struct timeval *)parg) != NULL) {
if (dtls1_get_timeout(s, &t) != NULL) {
*(struct timeval *)parg = ossl_time_to_timeval(t);
ret = 1;
}
break;
@ -261,13 +262,14 @@ long dtls1_ctrl(SSL *ssl, int cmd, long larg, void *parg)
void dtls1_start_timer(SSL_CONNECTION *s)
{
unsigned int sec, usec;
struct timeval tv;
OSSL_TIME duration;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
#ifndef OPENSSL_NO_SCTP
/* Disable timer for SCTP */
if (BIO_dgram_is_sctp(SSL_get_wbio(ssl))) {
memset(&s->d1->next_timeout, 0, sizeof(s->d1->next_timeout));
s->d1->next_timeout = ossl_time_zero();
return;
}
#endif
@ -276,77 +278,46 @@ void dtls1_start_timer(SSL_CONNECTION *s)
* If timer is not set, initialize duration with 1 second or
* a user-specified value if the timer callback is installed.
*/
if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) {
if (ossl_time_is_zero(s->d1->next_timeout)) {
if (s->d1->timer_cb != NULL)
s->d1->timeout_duration_us = s->d1->timer_cb(ssl, 0);
else
s->d1->timeout_duration_us = 1000000;
}
/* Set timeout to current time */
get_current_time(&(s->d1->next_timeout));
/* Set timeout to current time plus duration */
duration = ossl_us2time(s->d1->timeout_duration_us);
s->d1->next_timeout = ossl_time_add(ossl_time_now(), duration);
/* Add duration to current time */
sec = s->d1->timeout_duration_us / 1000000;
usec = s->d1->timeout_duration_us - (sec * 1000000);
s->d1->next_timeout.tv_sec += sec;
s->d1->next_timeout.tv_usec += usec;
if (s->d1->next_timeout.tv_usec >= 1000000) {
s->d1->next_timeout.tv_sec++;
s->d1->next_timeout.tv_usec -= 1000000;
}
BIO_ctrl(SSL_get_rbio(ssl), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
&(s->d1->next_timeout));
tv = ossl_time_to_timeval(s->d1->next_timeout);
BIO_ctrl(SSL_get_rbio(ssl), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &tv);
}
struct timeval *dtls1_get_timeout(SSL_CONNECTION *s, struct timeval *timeleft)
OSSL_TIME *dtls1_get_timeout(SSL_CONNECTION *s, OSSL_TIME *timeleft)
{
struct timeval timenow;
OSSL_TIME timenow;
/* If no timeout is set, just return NULL */
if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) {
if (ossl_time_is_zero(s->d1->next_timeout))
return NULL;
}
/* Get current time */
get_current_time(&timenow);
/* If timer already expired, set remaining time to 0 */
if (s->d1->next_timeout.tv_sec < timenow.tv_sec ||
(s->d1->next_timeout.tv_sec == timenow.tv_sec &&
s->d1->next_timeout.tv_usec <= timenow.tv_usec)) {
memset(timeleft, 0, sizeof(*timeleft));
return timeleft;
}
/* Calculate time left until timer expires */
memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval));
timeleft->tv_sec -= timenow.tv_sec;
timeleft->tv_usec -= timenow.tv_usec;
if (timeleft->tv_usec < 0) {
timeleft->tv_sec--;
timeleft->tv_usec += 1000000;
}
timenow = ossl_time_now();
/*
* If remaining time is less than 15 ms, set it to 0 to prevent issues
* because of small divergences with socket timeouts.
* If timer already expired or if remaining time is less than 15 ms,
* set it to 0 to prevent issues because of small divergences with
* socket timeouts.
*/
if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) {
memset(timeleft, 0, sizeof(*timeleft));
}
*timeleft = ossl_time_subtract(s->d1->next_timeout, timenow);
if (ossl_time_compare(*timeleft, ossl_ms2time(15)) <= 0)
*timeleft = ossl_time_zero();
return timeleft;
}
int dtls1_is_timer_expired(SSL_CONNECTION *s)
{
struct timeval timeleft;
OSSL_TIME timeleft;
/* Get time left until timeout, return false if no timer running */
if (dtls1_get_timeout(s, &timeleft) == NULL) {
@ -354,7 +325,7 @@ int dtls1_is_timer_expired(SSL_CONNECTION *s)
}
/* Return false if timer is not expired yet */
if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0) {
if (!ossl_time_is_zero(timeleft)) {
return 0;
}
@ -371,12 +342,14 @@ static void dtls1_double_timeout(SSL_CONNECTION *s)
void dtls1_stop_timer(SSL_CONNECTION *s)
{
struct timeval tv;
/* Reset everything */
s->d1->timeout_num_alerts = 0;
memset(&s->d1->next_timeout, 0, sizeof(s->d1->next_timeout));
s->d1->next_timeout = ossl_time_zero();
s->d1->timeout_duration_us = 1000000;
BIO_ctrl(s->rbio, BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
&(s->d1->next_timeout));
tv = ossl_time_to_timeval(s->d1->next_timeout);
BIO_ctrl(s->rbio, BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &tv);
/* Clear retransmission buffer */
dtls1_clear_sent_buffer(s);
}
@ -429,11 +402,6 @@ int dtls1_handle_timeout(SSL_CONNECTION *s)
return dtls1_retransmit_buffered_messages(s);
}
static void get_current_time(struct timeval *t)
{
ossl_time_time_to_timeval(ossl_time_now(), t);
}
#define LISTEN_SUCCESS 2
#define LISTEN_SEND_VERIFY_REQUEST 1

4
ssl/quic/quic_impl.c
View File

@ -197,9 +197,9 @@ size_t ossl_quic_pending(const SSL *s)
return 0;
}
long ossl_quic_default_timeout(void)
OSSL_TIME ossl_quic_default_timeout(void)
{
return 0;
return ossl_time_zero();
}
int ossl_quic_num_ciphers(void)

2
ssl/quic/quic_local.h
View File

@ -103,7 +103,7 @@ __owur long ossl_quic_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg);
__owur long ossl_quic_callback_ctrl(SSL *s, int cmd, void (*fp) (void));
__owur long ossl_quic_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void));
__owur size_t ossl_quic_pending(const SSL *s);
__owur long ossl_quic_default_timeout(void);
__owur OSSL_TIME ossl_quic_default_timeout(void);
__owur int ossl_quic_num_ciphers(void);
__owur const SSL_CIPHER *ossl_quic_get_cipher(unsigned int u);
int ossl_quic_renegotiate_check(SSL *ssl, int initok);

4
ssl/s3_lib.c
View File

@ -3286,13 +3286,13 @@ const SSL3_ENC_METHOD SSLv3_enc_data = {
ssl3_handshake_write
};
long ssl3_default_timeout(void)
OSSL_TIME ssl3_default_timeout(void)
{
/*
* 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
* http, the cache would over fill
*/
return (60 * 60 * 2);
return ossl_seconds2time(60 * 60 * 2);
}
int ssl3_num_ciphers(void)

12
ssl/ssl_asn1.c
View File

@ -163,8 +163,8 @@ int i2d_SSL_SESSION(const SSL_SESSION *in, unsigned char **pp)
ssl_session_oinit(&as.session_id_context, &sid_ctx,
in->sid_ctx, in->sid_ctx_length);
as.time = (int64_t)in->time;
as.timeout = (int64_t)in->timeout;
as.time = (int64_t)ossl_time_to_time_t(in->time);
as.timeout = (int64_t)ossl_time2seconds(in->timeout);
as.verify_result = in->verify_result;
as.peer = in->peer;
@ -302,14 +302,14 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
ret->master_key_length = tmpl;
if (as->time != 0)
ret->time = (time_t)as->time;
ret->time = ossl_time_from_time_t(as->time);
else
ret->time = time(NULL);
ret->time = ossl_time_now();
if (as->timeout != 0)
ret->timeout = (time_t)as->timeout;
ret->timeout = ossl_seconds2time(as->timeout);
else
ret->timeout = 3;
ret->timeout = ossl_seconds2time(3);
ssl_session_calculate_timeout(ret);
X509_free(ret->peer);

2
ssl/ssl_lib.c
View File

@ -2047,7 +2047,7 @@ int SSL_connect(SSL *s)
long SSL_get_default_timeout(const SSL *s)
{
return s->method->get_timeout();
return (long int)ossl_time2seconds(s->method->get_timeout());
}
static int ssl_async_wait_ctx_cb(void *arg)

23
ssl/ssl_local.h
View File

@ -520,7 +520,7 @@ struct ssl_method_st {
size_t (*ssl_pending) (const SSL *s);
int (*num_ciphers) (void);
const SSL_CIPHER *(*get_cipher) (unsigned ncipher);
long (*get_timeout) (void);
OSSL_TIME (*get_timeout) (void);
const struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
int (*ssl_version) (void);
long (*ssl_callback_ctrl) (SSL *s, int cb_id, void (*fp) (void));
@ -601,8 +601,8 @@ struct ssl_session_st {
*/
long verify_result; /* only for servers */
CRYPTO_REF_COUNT references;
time_t timeout;
time_t time;
OSSL_TIME timeout;
OSSL_TIME time;
OSSL_TIME calc_timeout;
unsigned int compress_meth; /* Need to lookup the method */
const SSL_CIPHER *cipher;
@ -701,11 +701,11 @@ typedef enum {
/*
* The allowance we have between the client's calculated ticket age and our own.
* We allow for 10 seconds (units are in ms). If a ticket is presented and the
* We allow for 10 seconds. If a ticket is presented and the
* client's age calculation is different by more than this than our own then we
* do not allow that ticket for early_data.
*/
# define TICKET_AGE_ALLOWANCE (10 * 1000)
# define TICKET_AGE_ALLOWANCE ossl_seconds2time(10)
#define MAX_COMPRESSIONS_SIZE 255
@ -874,7 +874,7 @@ struct ssl_ctx_st {
* SSL_new() is called. This has been put in to make life easier to set
* things up
*/
long session_timeout;
OSSL_TIME session_timeout;
/*
* If this callback is not null, it will be called each time a session id
* is added to the cache. If this function returns 1, it means that the
@ -1973,7 +1973,7 @@ typedef struct dtls1_state_st {
/*
* Indicates when the last handshake msg sent will timeout
*/
struct timeval next_timeout;
OSSL_TIME next_timeout;
/* Timeout duration */
unsigned int timeout_duration_us;
@ -2602,7 +2602,7 @@ __owur long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void));
__owur long ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp) (void));
__owur int ssl3_do_change_cipher_spec(SSL_CONNECTION *s);
__owur long ssl3_default_timeout(void);
__owur OSSL_TIME ssl3_default_timeout(void);
__owur int ssl3_set_handshake_header(SSL_CONNECTION *s, WPACKET *pkt,
int htype);
@ -2627,7 +2627,7 @@ __owur int ssl_choose_client_version(SSL_CONNECTION *s, int version,
__owur int ssl_get_min_max_version(const SSL_CONNECTION *s, int *min_version,
int *max_version, int *real_max);
__owur long tls1_default_timeout(void);
__owur OSSL_TIME tls1_default_timeout(void);
__owur int dtls1_do_write(SSL_CONNECTION *s, int type);
void dtls1_set_message_header(SSL_CONNECTION *s,
unsigned char mt,
@ -2647,9 +2647,8 @@ void dtls1_clear_received_buffer(SSL_CONNECTION *s);
void dtls1_clear_sent_buffer(SSL_CONNECTION *s);
void dtls1_get_message_header(unsigned char *data,
struct hm_header_st *msg_hdr);
__owur long dtls1_default_timeout(void);
__owur struct timeval *dtls1_get_timeout(SSL_CONNECTION *s,
struct timeval *timeleft);
__owur OSSL_TIME dtls1_default_timeout(void);
__owur OSSL_TIME *dtls1_get_timeout(SSL_CONNECTION *s, OSSL_TIME *timeleft);
__owur int dtls1_check_timeout_num(SSL_CONNECTION *s);
__owur int dtls1_handle_timeout(SSL_CONNECTION *s);
void dtls1_start_timer(SSL_CONNECTION *s);

42
ssl/ssl_sess.c
View File

@ -26,9 +26,9 @@ static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
DEFINE_STACK_OF(SSL_SESSION)
__owur static ossl_inline int sess_timedout(time_t t, SSL_SESSION *ss)
__owur static ossl_inline int sess_timedout(OSSL_TIME t, SSL_SESSION *ss)
{
return ossl_time_compare(ossl_time_from_time_t(t), ss->calc_timeout) > 0;
return ossl_time_compare(t, ss->calc_timeout) > 0;
}
/*
@ -46,12 +46,7 @@ __owur static ossl_inline int timeoutcmp(SSL_SESSION *a, SSL_SESSION *b)
*/
void ssl_session_calculate_timeout(SSL_SESSION *ss)
{
/* Force positive timeout */
if (ss->timeout < 0)
ss->timeout = 0;
ss->calc_timeout = ossl_time_add(ossl_time_from_time_t(ss->time),
ossl_time_from_time_t(ss->timeout));
ss->calc_timeout = ossl_time_add(ss->time, ss->timeout);
}
/*
@ -118,8 +113,9 @@ SSL_SESSION *SSL_SESSION_new(void)
ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
ss->references = 1;
ss->timeout = 60 * 5 + 4; /* 5 minute timeout by default */
ss->time = time(NULL);
/* 5 minute timeout by default */
ss->timeout = ossl_seconds2time(60 * 5 + 4);
ss->time = ossl_time_now();
ssl_session_calculate_timeout(ss);
ss->lock = CRYPTO_THREAD_lock_new();
if (ss->lock == NULL) {
@ -418,8 +414,8 @@ int ssl_get_new_session(SSL_CONNECTION *s, int session)
}
/* If the context has a default timeout, use it */
if (s->session_ctx->session_timeout == 0)
ss->timeout = SSL_get_default_timeout(SSL_CONNECTION_GET_SSL(s));
if (ossl_time_is_zero(s->session_ctx->session_timeout))
ss->timeout = SSL_CONNECTION_GET_SSL(s)->method->get_timeout();
else
ss->timeout = s->session_ctx->session_timeout;
ssl_session_calculate_timeout(ss);
@ -629,7 +625,7 @@ int ssl_get_prev_session(SSL_CONNECTION *s, CLIENTHELLO_MSG *hello)
goto err;
}
if (sess_timedout(time(NULL), ret)) {
if (sess_timedout(ossl_time_now(), ret)) {
ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_timeout);
if (try_session_cache) {
/* session was from the cache, so remove it */
@ -732,7 +728,7 @@ int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
/* Adjust last used time, and add back into the cache at the appropriate spot */
if (ctx->session_cache_mode & SSL_SESS_CACHE_UPDATE_TIME) {
c->time = time(NULL);
c->time = ossl_time_now();
ssl_session_calculate_timeout(c);
}
@ -886,7 +882,7 @@ int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
long SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
{
time_t new_timeout = (time_t)t;
OSSL_TIME new_timeout = ossl_seconds2time(t);
if (s == NULL || t < 0)
return 0;
@ -908,19 +904,19 @@ long SSL_SESSION_get_timeout(const SSL_SESSION *s)
{
if (s == NULL)
return 0;
return (long)s->timeout;
return (long)ossl_time_to_time_t(s->timeout);
}
long SSL_SESSION_get_time(const SSL_SESSION *s)
{
if (s == NULL)
return 0;
return (long)s->time;
return (long)ossl_time_to_time_t(s->time);
}
long SSL_SESSION_set_time(SSL_SESSION *s, long t)
{
time_t new_time = (time_t)t;
OSSL_TIME new_time = ossl_time_from_time_t((time_t)t);
if (s == NULL)
return 0;
@ -1066,10 +1062,11 @@ int SSL_SESSION_is_resumable(const SSL_SESSION *s)
long SSL_CTX_set_timeout(SSL_CTX *s, long t)
{
long l;
if (s == NULL)
return 0;
l = s->session_timeout;
s->session_timeout = t;
l = (long)ossl_time2seconds(s->session_timeout);
s->session_timeout = ossl_seconds2time(t);
return l;
}
@ -1077,7 +1074,7 @@ long SSL_CTX_get_timeout(const SSL_CTX *s)
{
if (s == NULL)
return 0;
return s->session_timeout;
return (long)ossl_time2seconds(s->session_timeout);
}
int SSL_set_session_secret_cb(SSL *s,
@ -1144,6 +1141,7 @@ void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
STACK_OF(SSL_SESSION) *sk;
SSL_SESSION *current;
unsigned long i;
const OSSL_TIME timeout = ossl_time_from_time_t(t);
if (!CRYPTO_THREAD_write_lock(s->lock))
return;
@ -1161,7 +1159,7 @@ void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
*/
while (s->session_cache_tail != NULL) {
current = s->session_cache_tail;
if (t == 0 || sess_timedout((time_t)t, current)) {
if (t == 0 || sess_timedout(timeout, current)) {
lh_SSL_SESSION_delete(s->sessions, current);
SSL_SESSION_list_remove(s, current);
current->not_resumable = 1;

10
ssl/ssl_txt.c
View File

@ -128,12 +128,14 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
}
}
#endif
if (x->time != 0L) {
if (BIO_printf(bp, "\n Start Time: %lld", (long long)x->time) <= 0)
if (!ossl_time_is_zero(x->time)) {
if (BIO_printf(bp, "\n Start Time: %lld",
(long long)ossl_time_to_time_t(x->time)) <= 0)
goto err;
}
if (x->timeout != 0L) {
if (BIO_printf(bp, "\n Timeout : %lld (sec)", (long long)x->timeout) <= 0)
if (!ossl_time_is_zero(x->timeout)) {
if (BIO_printf(bp, "\n Timeout : %lld (sec)",
(long long)ossl_time2seconds(x->timeout)) <= 0)
goto err;
}
if (BIO_puts(bp, "\n") <= 0)

4
ssl/statem/extensions_clnt.c
View File

@ -1011,6 +1011,7 @@ EXT_RETURN tls_construct_ctos_psk(SSL_CONNECTION *s, WPACKET *pkt,
const EVP_MD *handmd = NULL, *mdres = NULL, *mdpsk = NULL;
int dores = 0;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
OSSL_TIME t;
s->ext.tick_identity = 0;
@ -1062,7 +1063,8 @@ EXT_RETURN tls_construct_ctos_psk(SSL_CONNECTION *s, WPACKET *pkt,
* this in multiple places in the code, so portability shouldn't be an
* issue.
*/
agesec = (uint32_t)(time(NULL) - s->session->time);
t = ossl_time_subtract(ossl_time_now(), s->session->time);
agesec = (uint32_t)ossl_time2seconds(t);
/*
* We calculate the age in seconds but the server may work in ms. Due to
* rounding errors we could overestimate the age by up to 1s. It is

30
ssl/statem/extensions_srvr.c
View File

@ -1102,7 +1102,7 @@ int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
s->ext.early_data_ok = 1;
s->ext.ticket_expected = 1;
} else {
uint32_t ticket_age = 0, agesec, agems;
OSSL_TIME t, age, expire;
int ret;
/*
@ -1141,24 +1141,24 @@ int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
continue;
}
ticket_age = (uint32_t)ticket_agel;
agesec = (uint32_t)(time(NULL) - sess->time);
agems = agesec * (uint32_t)1000;
ticket_age -= sess->ext.tick_age_add;
age = ossl_time_subtract(ossl_seconds2time(ticket_agel),
ossl_seconds2time(sess->ext.tick_age_add));
t = ossl_time_subtract(ossl_time_now(), sess->time);
/*
* For simplicity we do our age calculations in seconds. If the
* client does it in ms then it could appear that their ticket age
* is longer than ours (our ticket age calculation should always be
* slightly longer than the client's due to the network latency).
* Therefore we add 1000ms to our age calculation to adjust for
* rounding errors.
* Beause we use second granuality, it could appear that
* the client's ticket age is longer than ours (our ticket
* age calculation should always be slightly longer than the
* client's due to the network latency). Therefore we add
* 1000ms to our age calculation to adjust for rounding errors.
*/
expire = ossl_time_add(t, ossl_ms2time(1000));
if (id == 0
&& sess->timeout >= (long)agesec
&& agems / (uint32_t)1000 == agesec
&& ticket_age <= agems + 1000
&& ticket_age + TICKET_AGE_ALLOWANCE >= agems + 1000) {
&& ossl_time_compare(sess->timeout, t) >= 0
&& ossl_time_compare(age, expire) <= 0
&& ossl_time_compare(ossl_time_add(age, TICKET_AGE_ALLOWANCE),
expire) >= 0) {
/*
* Ticket age is within tolerance and not expired. We allow it
* for early data

2
ssl/statem/statem_clnt.c
View File

@ -2542,7 +2542,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL_CONNECTION *s,
s->session = new_sess;
}
s->session->time = time(NULL);
s->session->time = ossl_time_now();
ssl_session_calculate_timeout(s->session);
OPENSSL_free(s->session->ext.tick);

7
ssl/statem/statem_srvr.c
View File

@ -3656,7 +3656,7 @@ int tls_construct_server_certificate(SSL_CONNECTION *s, WPACKET *pkt)
static int create_ticket_prequel(SSL_CONNECTION *s, WPACKET *pkt,
uint32_t age_add, unsigned char *tick_nonce)
{
uint32_t timeout = (uint32_t)s->session->timeout;
uint32_t timeout = (uint32_t)ossl_time2seconds(s->session->timeout);
/*
* Ticket lifetime hint:
@ -3668,7 +3668,8 @@ static int create_ticket_prequel(SSL_CONNECTION *s, WPACKET *pkt,
#define ONE_WEEK_SEC (7 * 24 * 60 * 60)
if (SSL_CONNECTION_IS_TLS13(s)) {
if (s->session->timeout > ONE_WEEK_SEC)
if (ossl_time_compare(s->session->timeout,
ossl_seconds2time(ONE_WEEK_SEC)) > 0)
timeout = ONE_WEEK_SEC;
} else if (s->hit)
timeout = 0;
@ -3978,7 +3979,7 @@ int tls_construct_new_session_ticket(SSL_CONNECTION *s, WPACKET *pkt)
}
s->session->master_key_length = hashlen;
s->session->time = time(NULL);
s->session->time = ossl_time_now();
ssl_session_calculate_timeout(s->session);
if (s->s3.alpn_selected != NULL) {
OPENSSL_free(s->session->ext.alpn_selected);

4
ssl/t1_lib.c
View File

@ -98,13 +98,13 @@ SSL3_ENC_METHOD const TLSv1_3_enc_data = {
ssl3_handshake_write
};
long tls1_default_timeout(void)
OSSL_TIME tls1_default_timeout(void)
{
/*
* 2 hours, the 24 hours mentioned in the TLSv1 spec is way too long for
* http, the cache would over fill
*/
return (60 * 60 * 2);
return ossl_seconds2time(60 * 60 * 2);
}
int tls1_new(SSL *s)