diff options
| author | Ijtaba Hussain <ijtabahussain@live.com> | 2023-06-09 11:04:53 +0500 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2024-02-21 10:28:17 +0100 |
| commit | ffc853bcb5f431d57b8a24dd062ff76d52891e63 (patch) | |
| tree | 2e3f884536c6d23fb114bbe255ba39600fe5dac5 | |
| parent | 709637c8764e153f77c1d55d00b37fb08634aca9 (diff) | |
| download | openssl-ffc853bcb5f431d57b8a24dd062ff76d52891e63.tar.gz | |
Extended SSL_SESSION functions using time_t
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21206)
| -rw-r--r-- | CHANGES.md | 6 | ||||
| -rw-r--r-- | doc/man3/SSL_SESSION_get_time.pod | 17 | ||||
| -rw-r--r-- | include/openssl/ssl.h.in | 3 | ||||
| -rw-r--r-- | ssl/ssl_sess.c | 16 | ||||
| -rw-r--r-- | test/sslapitest.c | 6 | ||||
| -rw-r--r-- | util/libssl.num | 2 |
6 files changed, 42 insertions, 8 deletions
diff --git a/CHANGES.md b/CHANGES.md index ee06c06c2e..49bb7671b4 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -28,6 +28,12 @@ OpenSSL 3.3 ### Changes between 3.2 and 3.3 [xx XXX xxxx] + * Added API functions SSL_SESSION_get_time_ex(), SSL_SESSION_set_time_ex() + using time_t which is Y2038 safe on 32 bit systems when 64 bit time + is enabled (e.g via setting glibc macro _TIME_BITS=64). + + *Ijtaba Hussain* + * The EVP_PKEY_fromdata function has been augmented to allow for the derivation of CRT (Chinese Remainder Theorem) parameters when requested. See the OSSL_PKEY_PARAM_RSA_DERIVE_FROM_PQ param in the EVP_PKEY-RSA documentation. diff --git a/doc/man3/SSL_SESSION_get_time.pod b/doc/man3/SSL_SESSION_get_time.pod index 00b693bae6..cdab6da4ae 100644 --- a/doc/man3/SSL_SESSION_get_time.pod +++ b/doc/man3/SSL_SESSION_get_time.pod @@ -3,7 +3,7 @@ =head1 NAME SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, -SSL_SESSION_set_timeout, +SSL_SESSION_set_timeout, SSL_SESSION_get_time_ex, SSL_SESSION_set_time_ex, SSL_get_time, SSL_set_time, SSL_get_timeout, SSL_set_timeout - retrieve and manipulate session time and timeout settings @@ -21,6 +21,9 @@ SSL_get_time, SSL_set_time, SSL_get_timeout, SSL_set_timeout long SSL_get_timeout(const SSL_SESSION *s); long SSL_set_timeout(SSL_SESSION *s, long tm); + time_t SSL_SESSION_get_time_ex(const SSL_SESSION *s); + time_t SSL_SESSION_set_time_ex(SSL_SESSION *s, time_t tm); + =head1 DESCRIPTION SSL_SESSION_get_time() returns the time at which the session B<s> was @@ -36,6 +39,10 @@ in seconds. SSL_SESSION_set_timeout() sets the timeout value for session B<s> in seconds to B<tm>. +SSL_SESSION_get_time_ex() and SSL_SESSION_set_time_ex() extended functions use +the time_t datatype instead of long to fix the Y2038 problem on systems with +64 bit time_t type. + The SSL_get_time(), SSL_set_time(), SSL_get_timeout(), and SSL_set_timeout() functions are synonyms for the SSL_SESSION_*() counterparts. @@ -58,6 +65,12 @@ SSL_SESSION_set_time() and SSL_SESSION_set_timeout() return 1 on success. If any of the function is passed the NULL pointer for the session B<s>, 0 is returned. +=head1 BUGS + +The data type long is typically 32 bits on many systems, hence the old +functions SSL_SESSION_get_time() and SSL_SESSION_set_time() are not always +Y2038 safe. + =head1 SEE ALSO L<ssl(7)>, @@ -66,7 +79,7 @@ L<SSL_get_default_timeout(3)> =head1 COPYRIGHT -Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in index 4c5477de98..0667fc3ec8 100644 --- a/include/openssl/ssl.h.in +++ b/include/openssl/ssl.h.in @@ -1691,6 +1691,9 @@ __owur long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); __owur int SSL_SESSION_get_protocol_version(const SSL_SESSION *s); __owur int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version); +__owur time_t SSL_SESSION_get_time_ex(const SSL_SESSION *s); +__owur time_t SSL_SESSION_set_time_ex(SSL_SESSION *s, time_t t); + __owur const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s); __owur int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname); void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s, diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 3dcc4d81e5..c6190b92d2 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -919,14 +919,19 @@ long SSL_SESSION_get_timeout(const SSL_SESSION *s) long SSL_SESSION_get_time(const SSL_SESSION *s) { + return (long) SSL_SESSION_get_time_ex(s); +} + +time_t SSL_SESSION_get_time_ex(const SSL_SESSION *s) +{ if (s == NULL) return 0; - return (long)ossl_time_to_time_t(s->time); + return ossl_time_to_time_t(s->time); } -long SSL_SESSION_set_time(SSL_SESSION *s, long t) +time_t SSL_SESSION_set_time_ex(SSL_SESSION *s, time_t t) { - OSSL_TIME new_time = ossl_time_from_time_t((time_t)t); + OSSL_TIME new_time = ossl_time_from_time_t(t); if (s == NULL) return 0; @@ -944,6 +949,11 @@ long SSL_SESSION_set_time(SSL_SESSION *s, long t) return t; } +long SSL_SESSION_set_time(SSL_SESSION *s, long t) +{ + return (long) SSL_SESSION_set_time_ex(s, (time_t) t); +} + int SSL_SESSION_get_protocol_version(const SSL_SESSION *s) { return s->ssl_version; diff --git a/test/sslapitest.c b/test/sslapitest.c index 6ef64740db..243488020e 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -3389,7 +3389,7 @@ static int ed_gen_cb(SSL *s, void *arg) return 1; artificial_ticket_time--; - if (SSL_SESSION_set_time(sess, SSL_SESSION_get_time(sess) - 10) == 0) + if (SSL_SESSION_set_time_ex(sess, SSL_SESSION_get_time_ex(sess) - 10) == 0) return 0; return 1; @@ -3492,8 +3492,8 @@ static int setupearly_data_test(SSL_CTX **cctx, SSL_CTX **sctx, SSL **clientssl, * gave it on the server side */ if (artificial - && !TEST_long_gt(SSL_SESSION_set_time(*sess, - SSL_SESSION_get_time(*sess) - 10), 0)) + && !TEST_time_t_gt(SSL_SESSION_set_time_ex(*sess, + SSL_SESSION_get_time_ex(*sess) - 10), 0)) return 0; if (!TEST_true(create_ssl_objects(*sctx, *cctx, serverssl, diff --git a/util/libssl.num b/util/libssl.num index ad858bbf8a..63b240ff9e 100644 --- a/util/libssl.num +++ b/util/libssl.num @@ -581,3 +581,5 @@ SSL_write_ex2 ? 3_3_0 EXIST::FUNCTION: SSL_get_value_uint ? 3_3_0 EXIST::FUNCTION: SSL_set_value_uint ? 3_3_0 EXIST::FUNCTION: SSL_poll ? 3_3_0 EXIST::FUNCTION: +SSL_SESSION_get_time_ex ? 3_3_0 EXIST::FUNCTION: +SSL_SESSION_set_time_ex ? 3_3_0 EXIST::FUNCTION: |