ms vs. seconds error in ticket lifetime check?

[Stephen Farrell]

Hiya,

I had problems with some ECH tests doing early data part
of which seems to be an underlying bug. Happy to create a
PR to fix if this is right, but figured worth checking I
wasn't getting something wrong first.

The issue seems to be interpreting ticket lifetimes on the
server in seconds when those are in ms, but then comparing
that to a ms expiry, giving basically ~1s for using any
ticket.

The fix seems to be this change (top one working) in
ssl/statem/extensions_srvr.c:

    <             age = ossl_time_subtract(ossl_ms2time(ticket_agel),
    < 
ossl_ms2time(sess->ext.tick_age_add));
    ---
    >             age = ossl_time_subtract(ossl_seconds2time(ticket_agel),
    > 
ossl_seconds2time(sess->ext.tick_age_add)

As I say if that's right, happy to make a PR but it
seems a bit odd that that'd not have been caught in
tests. (Though maybe automated tests all run too
quickly to hit the problem?)

Cheers,
S.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE4D8E9F997A833DD.asc
Type: application/pgp-keys
Size: 1197 bytes
Desc: OpenPGP public key
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230228/ff07207e/attachment.asc>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230228/ff07207e/attachment.sig>