From 0b36022618e1b10350432bff13aba6c2b4eaef60 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sat, 23 Oct 2021 08:13:02 +0000
Subject: Change tlsext_tick_lifetime_hint to uint32_t.
Now that SSL_SESSION is opaque, change tlsext_tick_lifetime_hint from long
to uint32_t (matching RFC4507), rather than continuing to work around an
inappropriate type choice.
ok tb@
---
src/lib/libssl/ssl_asn1.c | 9 +++------
src/lib/libssl/ssl_clnt.c | 7 ++-----
src/lib/libssl/ssl_locl.h | 8 ++++----
src/lib/libssl/ssl_txt.c | 4 ++--
4 files changed, 11 insertions(+), 17 deletions(-)
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c
index 6ff7ca5476..2af6834d88 100644
--- a/src/lib/libssl/ssl_asn1.c
+++ b/src/lib/libssl/ssl_asn1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_asn1.c,v 1.59 2021/05/16 14:10:43 jsing Exp $ */
+/* $OpenBSD: ssl_asn1.c,v 1.60 2021/10/23 08:13:02 jsing Exp $ */
/*
* Copyright (c) 2016 Joel Sing <jsing@openbsd.org>
*
@@ -388,16 +388,13 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length)
/* Ticket lifetime [9]. */
s->tlsext_tick_lifetime_hint = 0;
- /* XXX - tlsext_ticklen is not yet set... */
- if (s->tlsext_ticklen > 0 && s->session_id_length > 0)
- s->tlsext_tick_lifetime_hint = -1;
if (!CBS_get_optional_asn1_uint64(&session, &lifetime,
SSLASN1_LIFETIME_TAG, 0))
goto err;
- if (lifetime > LONG_MAX)
+ if (lifetime > UINT32_MAX)
goto err;
if (lifetime > 0)
- s->tlsext_tick_lifetime_hint = (long)lifetime;
+ s->tlsext_tick_lifetime_hint = (uint32_t)lifetime;
/* Ticket [10]. */
free(s->tlsext_tick);
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index ddab394db9..bcf5108975 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.111 2021/09/03 13:18:17 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.112 2021/10/23 08:13:02 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -1789,16 +1789,13 @@ ssl3_get_new_session_ticket(SSL *s)
CBS_init(&cbs, s->internal->init_msg, n);
if (!CBS_get_u32(&cbs, &lifetime_hint) ||
-#if UINT32_MAX > LONG_MAX
- lifetime_hint > LONG_MAX ||
-#endif
!CBS_get_u16_length_prefixed(&cbs, &session_ticket) ||
CBS_len(&cbs) != 0) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_LENGTH_MISMATCH);
goto fatal_err;
}
- s->session->tlsext_tick_lifetime_hint = (long)lifetime_hint;
+ s->session->tlsext_tick_lifetime_hint = lifetime_hint;
if (!CBS_stow(&session_ticket, &s->session->tlsext_tick,
&s->session->tlsext_ticklen)) {
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index f102c2fc95..6a6903d95b 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.359 2021/10/15 16:48:47 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.360 2021/10/23 08:13:02 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -496,9 +496,9 @@ struct ssl_session_st {
char *tlsext_hostname;
/* RFC4507 info */
- unsigned char *tlsext_tick; /* Session ticket */
- size_t tlsext_ticklen; /* Session ticket length */
- long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
+ unsigned char *tlsext_tick; /* Session ticket */
+ size_t tlsext_ticklen; /* Session ticket length */
+ uint32_t tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
struct ssl_session_internal_st *internal;
};
diff --git a/src/lib/libssl/ssl_txt.c b/src/lib/libssl/ssl_txt.c
index 4281cd279d..e06808ac80 100644
--- a/src/lib/libssl/ssl_txt.c
+++ b/src/lib/libssl/ssl_txt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_txt.c,v 1.29 2021/06/11 11:13:53 jsing Exp $ */
+/* $OpenBSD: ssl_txt.c,v 1.30 2021/10/23 08:13:02 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -151,7 +151,7 @@ SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
}
if (x->tlsext_tick_lifetime_hint) {
if (BIO_printf(bp,
- "\n TLS session ticket lifetime hint: %ld (seconds)",
+ "\n TLS session ticket lifetime hint: %u (seconds)",
x->tlsext_tick_lifetime_hint) <= 0)
goto err;
}
--
cgit v1.2.3-55-g6feb