From 340fe504e42e3e4b6399caff165097cedc994c5e Mon Sep 17 00:00:00 2001 From: Todd Short Date: Thu, 11 Aug 2022 09:58:52 -0400 Subject: [PATCH] Update session timeout code with OSSL_TIME Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/18985) --- include/internal/time.h | 10 ++++++++++ ssl/ssl_local.h | 4 ++-- ssl/ssl_sess.c | 40 +++++++++------------------------------- 3 files changed, 21 insertions(+), 33 deletions(-) diff --git a/include/internal/time.h b/include/internal/time.h index 50f50822a8..6a7a05aae5 100644 --- a/include/internal/time.h +++ b/include/internal/time.h @@ -77,6 +77,16 @@ void ossl_time_time_to_timeval(OSSL_TIME t, struct timeval *out) out->tv_usec = (t.t % OSSL_TIME_SECOND) / (OSSL_TIME_SECOND / 1000000); } +/* Convert time_t to OSSL_TIME */ +static ossl_inline OSSL_TIME ossl_time_from_time_t(time_t t) +{ + OSSL_TIME ot; + + ot.t = t; + ot.t *= OSSL_TIME_SECOND; + return ot; +} + /* Compare two time values, return -1 if less, 1 if greater and 0 if equal */ static ossl_unused ossl_inline int ossl_time_compare(OSSL_TIME a, OSSL_TIME b) diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index 8b27e792ae..76719f9e2c 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -35,6 +35,7 @@ # include "internal/tsan_assist.h" # include "internal/bio.h" # include "internal/ktls.h" +# include "internal/time.h" # ifdef OPENSSL_BUILD_SHLIBSSL # undef OPENSSL_EXTERN @@ -600,8 +601,7 @@ struct ssl_session_st { CRYPTO_REF_COUNT references; time_t timeout; time_t time; - time_t calc_timeout; - int timeout_ovf; + OSSL_TIME calc_timeout; unsigned int compress_meth; /* Need to lookup the method */ const SSL_CIPHER *cipher; unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used to diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 942b1b82ce..e52635d087 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -26,35 +26,22 @@ static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck); DEFINE_STACK_OF(SSL_SESSION) -__owur static int sess_timedout(time_t t, SSL_SESSION *ss) +__owur static ossl_inline int sess_timedout(time_t t, SSL_SESSION *ss) { - /* if timeout overflowed, it can never timeout! */ - if (ss->timeout_ovf) - return 0; - return t > ss->calc_timeout; + return ossl_time_compare(ossl_time_from_time_t(t), ss->calc_timeout) > 0; } /* * Returns -1/0/+1 as other XXXcmp-type functions - * Takes overflow of calculated timeout into consideration + * Takes calculated timeout into consideration */ -__owur static int timeoutcmp(SSL_SESSION *a, SSL_SESSION *b) +__owur static ossl_inline int timeoutcmp(SSL_SESSION *a, SSL_SESSION *b) { - /* if only one overflowed, then it is greater */ - if (a->timeout_ovf && !b->timeout_ovf) - return 1; - if (!a->timeout_ovf && b->timeout_ovf) - return -1; - /* No overflow, or both overflowed, so straight compare is safe */ - if (a->calc_timeout < b->calc_timeout) - return -1; - if (a->calc_timeout > b->calc_timeout) - return 1; - return 0; + return ossl_time_compare(a->calc_timeout, b->calc_timeout); } /* - * Calculates effective timeout, saving overflow state + * Calculates effective timeout * Locking must be done by the caller of this function */ void ssl_session_calculate_timeout(SSL_SESSION *ss) @@ -62,18 +49,9 @@ void ssl_session_calculate_timeout(SSL_SESSION *ss) /* Force positive timeout */ if (ss->timeout < 0) ss->timeout = 0; - ss->calc_timeout = ss->time + ss->timeout; - /* - * |timeout| is always zero or positive, so the check for - * overflow only needs to consider if |time| is positive - */ - ss->timeout_ovf = ss->time > 0 && ss->calc_timeout < ss->time; - /* - * N.B. Realistic overflow can only occur in our lifetimes on a - * 32-bit machine in January 2038. - * However, There are no controls to limit the |timeout| - * value, except to keep it positive. - */ + + ss->calc_timeout = ossl_time_add(ossl_time_from_time_t(ss->time), + ossl_time_from_time_t(ss->timeout)); } /* -- 2.34.1