commit ad8f5e1de94676fd674178705beb1e9697a67ab3
author David Benjamin <davidben@google.com> Mon Feb 20 17:00:20 2017 -0500
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Wed Mar 01 21:58:38 2017 +0000
tree fac753180458cc91913ab7eef3fe398417698172
parent 7dd4e429a5b2dc3ec4e9bb274f76c442035abe81

Don't use long for timestamps.

This is the first part to fixing the SSL stack to be 2038-clean.
Internal structures and functions are switched to use OPENSSL_timeval
which, unlike timeval and long, are suitable for timestamps on all
platforms.

It is generally accepted that the year is now sometime after 1970, so
use uint64_t for the timestamps to avoid worrying about serializing
negative numbers in SSL_SESSION.

A follow-up change will fix SSL_CTX_set_current_time_cb to use
OPENSSL_timeval. This will require some coordinating with WebRTC.
DTLSv1_get_timeout is left alone for compatibility and because it stores
time remaining rather than an absolute time.

BUG=155

Change-Id: I1a5054813300874b6f29e348f9cd8ca80f6b9729
Reviewed-on: https://boringssl-review.googlesource.com/13944
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/ssl_asn1.c

diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index 3533225..cfcc12a 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -210,28 +210,10 @@
       !CBB_add_bytes(&child, in->session_id,
                      for_ticket ? 0 : in->session_id_length) ||
       !CBB_add_asn1(&session, &child, CBS_ASN1_OCTETSTRING) ||
-      !CBB_add_bytes(&child, in->master_key, in->master_key_length)) {
-    OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
-    goto err;
-  }
-
-  if (in->time < 0) {
-    OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION);
-    goto err;
-  }
-
-  if (!CBB_add_asn1(&session, &child, kTimeTag) ||
-      !CBB_add_asn1_uint64(&child, in->time)) {
-    OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
-    goto err;
-  }
-
-  if (in->timeout < 0) {
-    OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION);
-    goto err;
-  }
-
-  if (!CBB_add_asn1(&session, &child, kTimeoutTag) ||
+      !CBB_add_bytes(&child, in->master_key, in->master_key_length) ||
+      !CBB_add_asn1(&session, &child, kTimeTag) ||
+      !CBB_add_asn1_uint64(&child, in->time) ||
+      !CBB_add_asn1(&session, &child, kTimeoutTag) ||
       !CBB_add_asn1_uint64(&child, in->timeout)) {
     OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
     goto err;
@@ -634,19 +616,17 @@
   ret->master_key_length = CBS_len(&master_key);
 
   CBS child;
-  uint64_t time, timeout;
+  uint64_t timeout;
   if (!CBS_get_asn1(&session, &child, kTimeTag) ||
-      !CBS_get_asn1_uint64(&child, &time) ||
-      time > LONG_MAX ||
+      !CBS_get_asn1_uint64(&child, &ret->time) ||
       !CBS_get_asn1(&session, &child, kTimeoutTag) ||
       !CBS_get_asn1_uint64(&child, &timeout) ||
-      timeout > LONG_MAX) {
+      timeout > UINT32_MAX) {
     OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION);
     goto err;
   }
 
-  ret->time = (long)time;
-  ret->timeout = (long)timeout;
+  ret->timeout = (uint32_t)timeout;
 
   CBS peer;
   int has_peer;
@@ -811,8 +791,8 @@
                              kPeerSignatureAlgorithmTag, 0) ||
       !SSL_SESSION_parse_u32(&session, &ret->ticket_max_early_data,
                              kTicketMaxEarlyDataTag, 0) ||
-      !SSL_SESSION_parse_long(&session, &ret->auth_timeout, kAuthTimeoutTag,
-                              ret->timeout) ||
+      !SSL_SESSION_parse_u32(&session, &ret->auth_timeout, kAuthTimeoutTag,
+                             ret->timeout) ||
       !SSL_SESSION_parse_octet_string(&session, &ret->early_alpn,
                                       &ret->early_alpn_len, kEarlyALPNTag) ||
       CBS_len(&session) != 0) {