time_t remarks

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

time_t remarks

Peter Sylvester-3

I saw in the lastest snapshots that in the ssl library the fundction
time has been casted to an unsigned long.
This seems to be some hack to cover the 2038 problem on 32 bit machines.
I am not sure
whether the attempted solution is good:

As far as I see the only usage is to determine whether a timeout has
occured. How much can a
session last? More than 20 years? If not, I think one should define a
notion of epoch which
covers the problem that it seems to be undefined whether in 2038 the
value goes to 0 or to
a large negative value depending on the implementation. I.e.
the time is also initialized with time(NULL)|x3fffffff
and in ssl_sess.c
   if (ret->time+ter->timeout < (time(NULL) | x7fffffff)
and similar in ssl_bio etc.

Comments?
Peter


--
To verify the signature, see http://edelpki.edelweb.fr/ 
Cela vous permet de charger le certificat de l'autorité;
die Liste mit zurückgerufenen Zertifikaten finden Sie da auch.


smime.p7s (6K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: time_t remarks

Kurt Roeckx
On Thu, Dec 29, 2005 at 02:44:18PM +0100, Peter Sylvester wrote:

>
> I saw in the lastest snapshots that in the ssl library the fundction
> time has been casted to an unsigned long.
> This seems to be some hack to cover the 2038 problem on 32 bit machines.
> I am not sure
> whether the attempted solution is good:
>
> As far as I see the only usage is to determine whether a timeout has
> occured. How much can a
> session last? More than 20 years? If not, I think one should define a
> notion of epoch which
> covers the problem that it seems to be undefined whether in 2038 the
> value goes to 0 or to
> a large negative value depending on the implementation. I.e.
> the time is also initialized with time(NULL)|x3fffffff
> and in ssl_sess.c
>   if (ret->time+ter->timeout < (time(NULL) | x7fffffff)
> and similar in ssl_bio etc.

The proper way to do a check for a timeout is:
time(NULL) - ret->time > ter->timeout

Or something simular, the important part is the substraction of
the 2 time variables.

This will avoid any problems you have with overflows.  If
time(NULL) has overflown, the substraction of time(NULL) with
ret->time will still give a positive number.


PS: Depending on the platform, time_t can be signed or unsigned.


Kurt

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]