diff options
| author |   guenther <guenther@openbsd.org> | 2014-04-20 12:48:19 +0000 |
|---|---|---|
| committer | guenther <guenther@openbsd.org> | 2014-04-20 12:48:19 +0000 |
| commit | aa8444d1b1189fd1265d520d7e58af29deb94156 (patch) | |
| tree | 904756879c67d51a6a1adad95dfe645be13dcce7 /lib/libssl/ssl_sess.c | |
| parent | return after error instead of plowing ahead. noticed by mancha1 at zoho (diff) | |
| download | wireguard-openbsd-aa8444d1b1189fd1265d520d7e58af29deb94156.tar.xz wireguard-openbsd-aa8444d1b1189fd1265d520d7e58af29deb94156.zip | |
Chop off more SSLv2 tentacles and start fixing and noting y2038 issues.
APIs that pass times as longs will have to change at some point...
Bump major on both libcrypto and libssl.
ok tedu@
Diffstat (limited to 'lib/libssl/ssl_sess.c')
| -rw-r--r-- | lib/libssl/ssl_sess.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c index c67ae1c22f6..c032154d48f 100644 --- a/lib/libssl/ssl_sess.c +++ b/lib/libssl/ssl_sess.c @@ -205,7 +205,7 @@ SSL_SESSION_new(void) ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ ss->references = 1; ss->timeout=60*5+4; /* 5 minute timeout by default */ - ss->time = (unsigned long)time(NULL); + ss->time = time(NULL); ss->prev = NULL; ss->next = NULL; ss->compress_meth = 0; @@ -555,7 +555,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, goto err; } - if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */ + if (ret->timeout < (time(NULL) - ret->time)) /* timeout */ { s->session_ctx->stats.sess_timeout++; if (try_session_cache) { @@ -699,7 +699,6 @@ SSL_SESSION_free(SSL_SESSION *ss) CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); - OPENSSL_cleanse(ss->key_arg, sizeof ss->key_arg); OPENSSL_cleanse(ss->master_key, sizeof ss->master_key); OPENSSL_cleanse(ss->session_id, sizeof ss->session_id); if (ss->sess_cert != NULL) @@ -807,6 +806,7 @@ SSL_SESSION_get_timeout(const SSL_SESSION *s) return (s->timeout); } +/* XXX 2038 */ long SSL_SESSION_get_time(const SSL_SESSION *s) { @@ -815,6 +815,7 @@ SSL_SESSION_get_time(const SSL_SESSION *s) return (s->time); } +/* XXX 2038 */ long SSL_SESSION_set_time(SSL_SESSION *s, long t) { @@ -926,7 +927,7 @@ typedef struct timeout_param_st { static void timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) { - if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */ + if ((p->time == 0) || (p->time > (s->time + s->timeout))) /* timeout */ { /* The reason we don't call SSL_CTX_remove_session() is to * save on locking overhead */ @@ -942,6 +943,7 @@ timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) static IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM) +/* XXX 2038 */ void SSL_CTX_flush_sessions(SSL_CTX *s, long t) { |