From 18631d238e17cbab753053e191bc71df71874ad6 Mon Sep 17 00:00:00 2001 From: jsing Date: Sat, 23 Oct 2021 08:13:02 +0000 Subject: [PATCH] Change tlsext_tick_lifetime_hint to uint32_t. Now that SSL_SESSION is opaque, change tlsext_tick_lifetime_hint from long to uint32_t (matching RFC4507), rather than continuing to work around an inappropriate type choice. ok tb@ --- lib/libssl/ssl_asn1.c | 9 +++------ lib/libssl/ssl_clnt.c | 7 ++----- lib/libssl/ssl_locl.h | 8 ++++---- lib/libssl/ssl_txt.c | 4 ++-- 4 files changed, 11 insertions(+), 17 deletions(-) diff --git a/lib/libssl/ssl_asn1.c b/lib/libssl/ssl_asn1.c index 6ff7ca54762..2af6834d88f 100644 --- a/lib/libssl/ssl_asn1.c +++ b/lib/libssl/ssl_asn1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_asn1.c,v 1.59 2021/05/16 14:10:43 jsing Exp $ */ +/* $OpenBSD: ssl_asn1.c,v 1.60 2021/10/23 08:13:02 jsing Exp $ */ /* * Copyright (c) 2016 Joel Sing * @@ -388,16 +388,13 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length) /* Ticket lifetime [9]. */ s->tlsext_tick_lifetime_hint = 0; - /* XXX - tlsext_ticklen is not yet set... */ - if (s->tlsext_ticklen > 0 && s->session_id_length > 0) - s->tlsext_tick_lifetime_hint = -1; if (!CBS_get_optional_asn1_uint64(&session, &lifetime, SSLASN1_LIFETIME_TAG, 0)) goto err; - if (lifetime > LONG_MAX) + if (lifetime > UINT32_MAX) goto err; if (lifetime > 0) - s->tlsext_tick_lifetime_hint = (long)lifetime; + s->tlsext_tick_lifetime_hint = (uint32_t)lifetime; /* Ticket [10]. */ free(s->tlsext_tick); diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c index ddab394db94..bcf51089756 100644 --- a/lib/libssl/ssl_clnt.c +++ b/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.111 2021/09/03 13:18:17 jsing Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.112 2021/10/23 08:13:02 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1789,16 +1789,13 @@ ssl3_get_new_session_ticket(SSL *s) CBS_init(&cbs, s->internal->init_msg, n); if (!CBS_get_u32(&cbs, &lifetime_hint) || -#if UINT32_MAX > LONG_MAX - lifetime_hint > LONG_MAX || -#endif !CBS_get_u16_length_prefixed(&cbs, &session_ticket) || CBS_len(&cbs) != 0) { al = SSL_AD_DECODE_ERROR; SSLerror(s, SSL_R_LENGTH_MISMATCH); goto fatal_err; } - s->session->tlsext_tick_lifetime_hint = (long)lifetime_hint; + s->session->tlsext_tick_lifetime_hint = lifetime_hint; if (!CBS_stow(&session_ticket, &s->session->tlsext_tick, &s->session->tlsext_ticklen)) { diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index f102c2fc95c..6a6903d95b0 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.359 2021/10/15 16:48:47 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.360 2021/10/23 08:13:02 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -496,9 +496,9 @@ struct ssl_session_st { char *tlsext_hostname; /* RFC4507 info */ - unsigned char *tlsext_tick; /* Session ticket */ - size_t tlsext_ticklen; /* Session ticket length */ - long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ + unsigned char *tlsext_tick; /* Session ticket */ + size_t tlsext_ticklen; /* Session ticket length */ + uint32_t tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ struct ssl_session_internal_st *internal; }; diff --git a/lib/libssl/ssl_txt.c b/lib/libssl/ssl_txt.c index 4281cd279d4..e06808ac800 100644 --- a/lib/libssl/ssl_txt.c +++ b/lib/libssl/ssl_txt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_txt.c,v 1.29 2021/06/11 11:13:53 jsing Exp $ */ +/* $OpenBSD: ssl_txt.c,v 1.30 2021/10/23 08:13:02 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -151,7 +151,7 @@ SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) } if (x->tlsext_tick_lifetime_hint) { if (BIO_printf(bp, - "\n TLS session ticket lifetime hint: %ld (seconds)", + "\n TLS session ticket lifetime hint: %u (seconds)", x->tlsext_tick_lifetime_hint) <= 0) goto err; } -- 2.20.1