Chop off more SSLv2 tentacles and start fixing and noting y2038 issues.

APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl. ok tedu@
author: guenther <> 2014-04-20 12:48:19 +0000
committer: guenther <> 2014-04-20 12:48:19 +0000
commit: 71d6ded93deb4d1edc464874b5359ece0ef857d2 (patch)
tree: cca6edfc57a2953a5fb440052243f46cd8d7eb12 /src/lib/libssl/ssl_sess.c
parent: 4b4a5d4b04e0ebd28c425210967942e4fa5d834c (diff)
download: openbsd-71d6ded93deb4d1edc464874b5359ece0ef857d2.tar.gz
openbsd-71d6ded93deb4d1edc464874b5359ece0ef857d2.tar.bz2
openbsd-71d6ded93deb4d1edc464874b5359ece0ef857d2.zip
1 files changed, 6 insertions, 4 deletions
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index c67ae1c22f..c032154d48 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -205,7 +205,7 @@ SSL_SESSION_new(void)
        ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
        ss->references = 1;
        ss->timeout=60*5+4; /* 5 minute timeout by default */
-        ss->time = (unsigned long)time(NULL);
+        ss->time = time(NULL);
        ss->prev = NULL;
        ss->next = NULL;
        ss->compress_meth = 0;
@@ -555,7 +555,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
                        goto err;
        }
-        if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */
+        if (ret->timeout < (time(NULL) - ret->time)) /* timeout */
        {
                s->session_ctx->stats.sess_timeout++;
                if (try_session_cache) {
@@ -699,7 +699,6 @@ SSL_SESSION_free(SSL_SESSION *ss)
        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
-        OPENSSL_cleanse(ss->key_arg, sizeof ss->key_arg);
        OPENSSL_cleanse(ss->master_key, sizeof ss->master_key);
        OPENSSL_cleanse(ss->session_id, sizeof ss->session_id);
        if (ss->sess_cert != NULL)
@@ -807,6 +806,7 @@ SSL_SESSION_get_timeout(const SSL_SESSION *s)
        return (s->timeout);
 }
+/* XXX 2038 */
 long
 SSL_SESSION_get_time(const SSL_SESSION *s)
 {
@@ -815,6 +815,7 @@ SSL_SESSION_get_time(const SSL_SESSION *s)
        return (s->time);
 }
+/* XXX 2038 */
 long
 SSL_SESSION_set_time(SSL_SESSION *s, long t)
 {
@@ -926,7 +927,7 @@ typedef struct timeout_param_st {
 static void
 timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p)
 {
-        if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */
+        if ((p->time == 0) || (p->time > (s->time + s->timeout))) /* timeout */
        {
                /* The reason we don't call SSL_CTX_remove_session() is to
                 * save on locking overhead */
@@ -942,6 +943,7 @@ timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p)
 static
 IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM)
+/* XXX 2038 */
 void
 SSL_CTX_flush_sessions(SSL_CTX *s, long t)
 {
author	guenther <>	2014-04-20 12:48:19 +0000
committer	guenther <>	2014-04-20 12:48:19 +0000
commit	71d6ded93deb4d1edc464874b5359ece0ef857d2 (patch)
tree	cca6edfc57a2953a5fb440052243f46cd8d7eb12 /src/lib/libssl/ssl_sess.c
parent	4b4a5d4b04e0ebd28c425210967942e4fa5d834c (diff)
download	openbsd-71d6ded93deb4d1edc464874b5359ece0ef857d2.tar.gz openbsd-71d6ded93deb4d1edc464874b5359ece0ef857d2.tar.bz2 openbsd-71d6ded93deb4d1edc464874b5359ece0ef857d2.zip