#include "ssl_local.h"
#include "internal/time.h"
-static void get_current_time(struct timeval *t);
static int dtls1_handshake_write(SSL_CONNECTION *s);
static size_t dtls1_link_min_mtu(void);
dtls1_handshake_write
};
-long dtls1_default_timeout(void)
+OSSL_TIME dtls1_default_timeout(void)
{
/*
* 2 hours, the 24 hours mentioned in the DTLSv1 spec is way too long for
* http, the cache would over fill
*/
- return (60 * 60 * 2);
+ return ossl_seconds2time(60 * 60 * 2);
}
int dtls1_new(SSL *ssl)
long dtls1_ctrl(SSL *ssl, int cmd, long larg, void *parg)
{
int ret = 0;
+ OSSL_TIME t;
SSL_CONNECTION *s = SSL_CONNECTION_FROM_SSL_ONLY(ssl);
if (s == NULL)
switch (cmd) {
case DTLS_CTRL_GET_TIMEOUT:
- if (dtls1_get_timeout(s, (struct timeval *)parg) != NULL) {
+ if (dtls1_get_timeout(s, &t) != NULL) {
+ *(struct timeval *)parg = ossl_time_to_timeval(t);
ret = 1;
}
break;
void dtls1_start_timer(SSL_CONNECTION *s)
{
- unsigned int sec, usec;
+ struct timeval tv;
+ OSSL_TIME duration;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
#ifndef OPENSSL_NO_SCTP
/* Disable timer for SCTP */
if (BIO_dgram_is_sctp(SSL_get_wbio(ssl))) {
- memset(&s->d1->next_timeout, 0, sizeof(s->d1->next_timeout));
+ s->d1->next_timeout = ossl_time_zero();
return;
}
#endif
* If timer is not set, initialize duration with 1 second or
* a user-specified value if the timer callback is installed.
*/
- if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) {
-
+ if (ossl_time_is_zero(s->d1->next_timeout)) {
if (s->d1->timer_cb != NULL)
s->d1->timeout_duration_us = s->d1->timer_cb(ssl, 0);
else
s->d1->timeout_duration_us = 1000000;
}
- /* Set timeout to current time */
- get_current_time(&(s->d1->next_timeout));
-
- /* Add duration to current time */
-
- sec = s->d1->timeout_duration_us / 1000000;
- usec = s->d1->timeout_duration_us - (sec * 1000000);
-
- s->d1->next_timeout.tv_sec += sec;
- s->d1->next_timeout.tv_usec += usec;
+ /* Set timeout to current time plus duration */
+ duration = ossl_us2time(s->d1->timeout_duration_us);
+ s->d1->next_timeout = ossl_time_add(ossl_time_now(), duration);
- if (s->d1->next_timeout.tv_usec >= 1000000) {
- s->d1->next_timeout.tv_sec++;
- s->d1->next_timeout.tv_usec -= 1000000;
- }
-
- BIO_ctrl(SSL_get_rbio(ssl), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
- &(s->d1->next_timeout));
+ tv = ossl_time_to_timeval(s->d1->next_timeout);
+ BIO_ctrl(SSL_get_rbio(ssl), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &tv);
}
-struct timeval *dtls1_get_timeout(SSL_CONNECTION *s, struct timeval *timeleft)
+OSSL_TIME *dtls1_get_timeout(SSL_CONNECTION *s, OSSL_TIME *timeleft)
{
- struct timeval timenow;
+ OSSL_TIME timenow;
/* If no timeout is set, just return NULL */
- if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) {
+ if (ossl_time_is_zero(s->d1->next_timeout))
return NULL;
- }
/* Get current time */
- get_current_time(&timenow);
-
- /* If timer already expired, set remaining time to 0 */
- if (s->d1->next_timeout.tv_sec < timenow.tv_sec ||
- (s->d1->next_timeout.tv_sec == timenow.tv_sec &&
- s->d1->next_timeout.tv_usec <= timenow.tv_usec)) {
- memset(timeleft, 0, sizeof(*timeleft));
- return timeleft;
- }
-
- /* Calculate time left until timer expires */
- memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval));
- timeleft->tv_sec -= timenow.tv_sec;
- timeleft->tv_usec -= timenow.tv_usec;
- if (timeleft->tv_usec < 0) {
- timeleft->tv_sec--;
- timeleft->tv_usec += 1000000;
- }
+ timenow = ossl_time_now();
/*
- * If remaining time is less than 15 ms, set it to 0 to prevent issues
- * because of small divergences with socket timeouts.
+ * If timer already expired or if remaining time is less than 15 ms,
+ * set it to 0 to prevent issues because of small divergences with
+ * socket timeouts.
*/
- if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) {
- memset(timeleft, 0, sizeof(*timeleft));
- }
-
+ *timeleft = ossl_time_subtract(s->d1->next_timeout, timenow);
+ if (ossl_time_compare(*timeleft, ossl_ms2time(15)) <= 0)
+ *timeleft = ossl_time_zero();
return timeleft;
}
int dtls1_is_timer_expired(SSL_CONNECTION *s)
{
- struct timeval timeleft;
+ OSSL_TIME timeleft;
/* Get time left until timeout, return false if no timer running */
if (dtls1_get_timeout(s, &timeleft) == NULL) {
}
/* Return false if timer is not expired yet */
- if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0) {
+ if (!ossl_time_is_zero(timeleft)) {
return 0;
}
void dtls1_stop_timer(SSL_CONNECTION *s)
{
+ struct timeval tv;
+
/* Reset everything */
s->d1->timeout_num_alerts = 0;
- memset(&s->d1->next_timeout, 0, sizeof(s->d1->next_timeout));
+ s->d1->next_timeout = ossl_time_zero();
s->d1->timeout_duration_us = 1000000;
- BIO_ctrl(s->rbio, BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
- &(s->d1->next_timeout));
+ tv = ossl_time_to_timeval(s->d1->next_timeout);
+ BIO_ctrl(s->rbio, BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &tv);
/* Clear retransmission buffer */
dtls1_clear_sent_buffer(s);
}
return dtls1_retransmit_buffered_messages(s);
}
-static void get_current_time(struct timeval *t)
-{
- ossl_time_time_to_timeval(ossl_time_now(), t);
-}
-
#define LISTEN_SUCCESS 2
#define LISTEN_SEND_VERIFY_REQUEST 1
return 0;
}
-long ossl_quic_default_timeout(void)
+OSSL_TIME ossl_quic_default_timeout(void)
{
- return 0;
+ return ossl_time_zero();
}
int ossl_quic_num_ciphers(void)
__owur long ossl_quic_callback_ctrl(SSL *s, int cmd, void (*fp) (void));
__owur long ossl_quic_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void));
__owur size_t ossl_quic_pending(const SSL *s);
-__owur long ossl_quic_default_timeout(void);
+__owur OSSL_TIME ossl_quic_default_timeout(void);
__owur int ossl_quic_num_ciphers(void);
__owur const SSL_CIPHER *ossl_quic_get_cipher(unsigned int u);
int ossl_quic_renegotiate_check(SSL *ssl, int initok);
ssl3_handshake_write
};
-long ssl3_default_timeout(void)
+OSSL_TIME ssl3_default_timeout(void)
{
/*
* 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
* http, the cache would over fill
*/
- return (60 * 60 * 2);
+ return ossl_seconds2time(60 * 60 * 2);
}
int ssl3_num_ciphers(void)
ssl_session_oinit(&as.session_id_context, &sid_ctx,
in->sid_ctx, in->sid_ctx_length);
- as.time = (int64_t)in->time;
- as.timeout = (int64_t)in->timeout;
+ as.time = (int64_t)ossl_time_to_time_t(in->time);
+ as.timeout = (int64_t)ossl_time2seconds(in->timeout);
as.verify_result = in->verify_result;
as.peer = in->peer;
ret->master_key_length = tmpl;
if (as->time != 0)
- ret->time = (time_t)as->time;
+ ret->time = ossl_time_from_time_t(as->time);
else
- ret->time = time(NULL);
+ ret->time = ossl_time_now();
if (as->timeout != 0)
- ret->timeout = (time_t)as->timeout;
+ ret->timeout = ossl_seconds2time(as->timeout);
else
- ret->timeout = 3;
+ ret->timeout = ossl_seconds2time(3);
ssl_session_calculate_timeout(ret);
X509_free(ret->peer);
long SSL_get_default_timeout(const SSL *s)
{
- return s->method->get_timeout();
+ return (long int)ossl_time2seconds(s->method->get_timeout());
}
static int ssl_async_wait_ctx_cb(void *arg)
size_t (*ssl_pending) (const SSL *s);
int (*num_ciphers) (void);
const SSL_CIPHER *(*get_cipher) (unsigned ncipher);
- long (*get_timeout) (void);
+ OSSL_TIME (*get_timeout) (void);
const struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
int (*ssl_version) (void);
long (*ssl_callback_ctrl) (SSL *s, int cb_id, void (*fp) (void));
*/
long verify_result; /* only for servers */
CRYPTO_REF_COUNT references;
- time_t timeout;
- time_t time;
+ OSSL_TIME timeout;
+ OSSL_TIME time;
OSSL_TIME calc_timeout;
unsigned int compress_meth; /* Need to lookup the method */
const SSL_CIPHER *cipher;
/*
* The allowance we have between the client's calculated ticket age and our own.
- * We allow for 10 seconds (units are in ms). If a ticket is presented and the
+ * We allow for 10 seconds. If a ticket is presented and the
* client's age calculation is different by more than this than our own then we
* do not allow that ticket for early_data.
*/
-# define TICKET_AGE_ALLOWANCE (10 * 1000)
+# define TICKET_AGE_ALLOWANCE ossl_seconds2time(10)
#define MAX_COMPRESSIONS_SIZE 255
* SSL_new() is called. This has been put in to make life easier to set
* things up
*/
- long session_timeout;
+ OSSL_TIME session_timeout;
/*
* If this callback is not null, it will be called each time a session id
* is added to the cache. If this function returns 1, it means that the
/*
* Indicates when the last handshake msg sent will timeout
*/
- struct timeval next_timeout;
+ OSSL_TIME next_timeout;
/* Timeout duration */
unsigned int timeout_duration_us;
__owur long ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp) (void));
__owur int ssl3_do_change_cipher_spec(SSL_CONNECTION *s);
-__owur long ssl3_default_timeout(void);
+__owur OSSL_TIME ssl3_default_timeout(void);
__owur int ssl3_set_handshake_header(SSL_CONNECTION *s, WPACKET *pkt,
int htype);
__owur int ssl_get_min_max_version(const SSL_CONNECTION *s, int *min_version,
int *max_version, int *real_max);
-__owur long tls1_default_timeout(void);
+__owur OSSL_TIME tls1_default_timeout(void);
__owur int dtls1_do_write(SSL_CONNECTION *s, int type);
void dtls1_set_message_header(SSL_CONNECTION *s,
unsigned char mt,
void dtls1_clear_sent_buffer(SSL_CONNECTION *s);
void dtls1_get_message_header(unsigned char *data,
struct hm_header_st *msg_hdr);
-__owur long dtls1_default_timeout(void);
-__owur struct timeval *dtls1_get_timeout(SSL_CONNECTION *s,
- struct timeval *timeleft);
+__owur OSSL_TIME dtls1_default_timeout(void);
+__owur OSSL_TIME *dtls1_get_timeout(SSL_CONNECTION *s, OSSL_TIME *timeleft);
__owur int dtls1_check_timeout_num(SSL_CONNECTION *s);
__owur int dtls1_handle_timeout(SSL_CONNECTION *s);
void dtls1_start_timer(SSL_CONNECTION *s);
DEFINE_STACK_OF(SSL_SESSION)
-__owur static ossl_inline int sess_timedout(time_t t, SSL_SESSION *ss)
+__owur static ossl_inline int sess_timedout(OSSL_TIME t, SSL_SESSION *ss)
{
- return ossl_time_compare(ossl_time_from_time_t(t), ss->calc_timeout) > 0;
+ return ossl_time_compare(t, ss->calc_timeout) > 0;
}
/*
*/
void ssl_session_calculate_timeout(SSL_SESSION *ss)
{
- /* Force positive timeout */
- if (ss->timeout < 0)
- ss->timeout = 0;
-
- ss->calc_timeout = ossl_time_add(ossl_time_from_time_t(ss->time),
- ossl_time_from_time_t(ss->timeout));
+ ss->calc_timeout = ossl_time_add(ss->time, ss->timeout);
}
/*
ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
ss->references = 1;
- ss->timeout = 60 * 5 + 4; /* 5 minute timeout by default */
- ss->time = time(NULL);
+ /* 5 minute timeout by default */
+ ss->timeout = ossl_seconds2time(60 * 5 + 4);
+ ss->time = ossl_time_now();
ssl_session_calculate_timeout(ss);
ss->lock = CRYPTO_THREAD_lock_new();
if (ss->lock == NULL) {
}
/* If the context has a default timeout, use it */
- if (s->session_ctx->session_timeout == 0)
- ss->timeout = SSL_get_default_timeout(SSL_CONNECTION_GET_SSL(s));
+ if (ossl_time_is_zero(s->session_ctx->session_timeout))
+ ss->timeout = SSL_CONNECTION_GET_SSL(s)->method->get_timeout();
else
ss->timeout = s->session_ctx->session_timeout;
ssl_session_calculate_timeout(ss);
goto err;
}
- if (sess_timedout(time(NULL), ret)) {
+ if (sess_timedout(ossl_time_now(), ret)) {
ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_timeout);
if (try_session_cache) {
/* session was from the cache, so remove it */
/* Adjust last used time, and add back into the cache at the appropriate spot */
if (ctx->session_cache_mode & SSL_SESS_CACHE_UPDATE_TIME) {
- c->time = time(NULL);
+ c->time = ossl_time_now();
ssl_session_calculate_timeout(c);
}
long SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
{
- time_t new_timeout = (time_t)t;
+ OSSL_TIME new_timeout = ossl_seconds2time(t);
if (s == NULL || t < 0)
return 0;
{
if (s == NULL)
return 0;
- return (long)s->timeout;
+ return (long)ossl_time_to_time_t(s->timeout);
}
long SSL_SESSION_get_time(const SSL_SESSION *s)
{
if (s == NULL)
return 0;
- return (long)s->time;
+ return (long)ossl_time_to_time_t(s->time);
}
long SSL_SESSION_set_time(SSL_SESSION *s, long t)
{
- time_t new_time = (time_t)t;
+ OSSL_TIME new_time = ossl_time_from_time_t((time_t)t);
if (s == NULL)
return 0;
long SSL_CTX_set_timeout(SSL_CTX *s, long t)
{
long l;
+
if (s == NULL)
return 0;
- l = s->session_timeout;
- s->session_timeout = t;
+ l = (long)ossl_time2seconds(s->session_timeout);
+ s->session_timeout = ossl_seconds2time(t);
return l;
}
{
if (s == NULL)
return 0;
- return s->session_timeout;
+ return (long)ossl_time2seconds(s->session_timeout);
}
int SSL_set_session_secret_cb(SSL *s,
STACK_OF(SSL_SESSION) *sk;
SSL_SESSION *current;
unsigned long i;
+ const OSSL_TIME timeout = ossl_time_from_time_t(t);
if (!CRYPTO_THREAD_write_lock(s->lock))
return;
*/
while (s->session_cache_tail != NULL) {
current = s->session_cache_tail;
- if (t == 0 || sess_timedout((time_t)t, current)) {
+ if (t == 0 || sess_timedout(timeout, current)) {
lh_SSL_SESSION_delete(s->sessions, current);
SSL_SESSION_list_remove(s, current);
current->not_resumable = 1;
}
}
#endif
- if (x->time != 0L) {
- if (BIO_printf(bp, "\n Start Time: %lld", (long long)x->time) <= 0)
+ if (!ossl_time_is_zero(x->time)) {
+ if (BIO_printf(bp, "\n Start Time: %lld",
+ (long long)ossl_time_to_time_t(x->time)) <= 0)
goto err;
}
- if (x->timeout != 0L) {
- if (BIO_printf(bp, "\n Timeout : %lld (sec)", (long long)x->timeout) <= 0)
+ if (!ossl_time_is_zero(x->timeout)) {
+ if (BIO_printf(bp, "\n Timeout : %lld (sec)",
+ (long long)ossl_time2seconds(x->timeout)) <= 0)
goto err;
}
if (BIO_puts(bp, "\n") <= 0)
const EVP_MD *handmd = NULL, *mdres = NULL, *mdpsk = NULL;
int dores = 0;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
+ OSSL_TIME t;
s->ext.tick_identity = 0;
* this in multiple places in the code, so portability shouldn't be an
* issue.
*/
- agesec = (uint32_t)(time(NULL) - s->session->time);
+ t = ossl_time_subtract(ossl_time_now(), s->session->time);
+ agesec = (uint32_t)ossl_time2seconds(t);
/*
* We calculate the age in seconds but the server may work in ms. Due to
* rounding errors we could overestimate the age by up to 1s. It is
s->ext.early_data_ok = 1;
s->ext.ticket_expected = 1;
} else {
- uint32_t ticket_age = 0, agesec, agems;
+ OSSL_TIME t, age, expire;
int ret;
/*
continue;
}
- ticket_age = (uint32_t)ticket_agel;
- agesec = (uint32_t)(time(NULL) - sess->time);
- agems = agesec * (uint32_t)1000;
- ticket_age -= sess->ext.tick_age_add;
+ age = ossl_time_subtract(ossl_seconds2time(ticket_agel),
+ ossl_seconds2time(sess->ext.tick_age_add));
+ t = ossl_time_subtract(ossl_time_now(), sess->time);
/*
- * For simplicity we do our age calculations in seconds. If the
- * client does it in ms then it could appear that their ticket age
- * is longer than ours (our ticket age calculation should always be
- * slightly longer than the client's due to the network latency).
- * Therefore we add 1000ms to our age calculation to adjust for
- * rounding errors.
+ * Beause we use second granuality, it could appear that
+ * the client's ticket age is longer than ours (our ticket
+ * age calculation should always be slightly longer than the
+ * client's due to the network latency). Therefore we add
+ * 1000ms to our age calculation to adjust for rounding errors.
*/
+ expire = ossl_time_add(t, ossl_ms2time(1000));
+
if (id == 0
- && sess->timeout >= (long)agesec
- && agems / (uint32_t)1000 == agesec
- && ticket_age <= agems + 1000
- && ticket_age + TICKET_AGE_ALLOWANCE >= agems + 1000) {
+ && ossl_time_compare(sess->timeout, t) >= 0
+ && ossl_time_compare(age, expire) <= 0
+ && ossl_time_compare(ossl_time_add(age, TICKET_AGE_ALLOWANCE),
+ expire) >= 0) {
/*
* Ticket age is within tolerance and not expired. We allow it
* for early data
s->session = new_sess;
}
- s->session->time = time(NULL);
+ s->session->time = ossl_time_now();
ssl_session_calculate_timeout(s->session);
OPENSSL_free(s->session->ext.tick);
static int create_ticket_prequel(SSL_CONNECTION *s, WPACKET *pkt,
uint32_t age_add, unsigned char *tick_nonce)
{
- uint32_t timeout = (uint32_t)s->session->timeout;
+ uint32_t timeout = (uint32_t)ossl_time2seconds(s->session->timeout);
/*
* Ticket lifetime hint:
#define ONE_WEEK_SEC (7 * 24 * 60 * 60)
if (SSL_CONNECTION_IS_TLS13(s)) {
- if (s->session->timeout > ONE_WEEK_SEC)
+ if (ossl_time_compare(s->session->timeout,
+ ossl_seconds2time(ONE_WEEK_SEC)) > 0)
timeout = ONE_WEEK_SEC;
} else if (s->hit)
timeout = 0;
}
s->session->master_key_length = hashlen;
- s->session->time = time(NULL);
+ s->session->time = ossl_time_now();
ssl_session_calculate_timeout(s->session);
if (s->s3.alpn_selected != NULL) {
OPENSSL_free(s->session->ext.alpn_selected);
ssl3_handshake_write
};
-long tls1_default_timeout(void)
+OSSL_TIME tls1_default_timeout(void)
{
/*
* 2 hours, the 24 hours mentioned in the TLSv1 spec is way too long for
* http, the cache would over fill
*/
- return (60 * 60 * 2);
+ return ossl_seconds2time(60 * 60 * 2);
}
int tls1_new(SSL *s)