Fix possible integer overflows before widening
When calculating a result to go into an mbedtls_ms_time_t, make sure
that arithmetic is performed at the final size to prevent overflow.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
diff --git a/library/ssl_client.c b/library/ssl_client.c
index 55fe352..270db41 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -753,7 +753,8 @@
session_negotiate->ticket != NULL) {
mbedtls_ms_time_t now = mbedtls_ms_time();
mbedtls_ms_time_t age = now - session_negotiate->ticket_reception_time;
- if (age < 0 || age > session_negotiate->ticket_lifetime * 1000) {
+ if (age < 0 ||
+ age > (mbedtls_ms_time_t) session_negotiate->ticket_lifetime * 1000) {
/* Without valid ticket, disable session resumption.*/
MBEDTLS_SSL_DEBUG_MSG(
3, ("Ticket expired, disable session resumption"));