diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-05-15 16:35:32 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-05-24 09:48:50 +0200 |
| commit | 160366190b990a38606d367cd9d6bd98430175c4 (patch) | |
| tree | 165b094d342280f4d85a92688d9832357bee0934 | |
| parent | 26253a4941da72ad9a5ceebd37c526681fc9c65a (diff) | |
| download | gnutls-160366190b990a38606d367cd9d6bd98430175c4.tar.gz | |
session_ticket: use random nonces
Avoid using any time values in plain as this could allow association
of clients.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | lib/ext/session_ticket.c | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/lib/ext/session_ticket.c b/lib/ext/session_ticket.c index 2c91c9ec2d..40bbe5b112 100644 --- a/lib/ext/session_ticket.c +++ b/lib/ext/session_ticket.c @@ -278,7 +278,6 @@ _gnutls_encrypt_session_ticket(gnutls_session_t session, gnutls_datum_t encrypted_state = {NULL,0}; uint8_t iv[IV_SIZE]; gnutls_datum_t mac_secret; - uint32_t t; struct ticket_st ticket; int ret; @@ -300,9 +299,7 @@ _gnutls_encrypt_session_ticket(gnutls_session_t session, IV.data = iv; IV.size = IV_SIZE; - t = gnutls_time(0); - memcpy(iv, &t, 4); - ret = gnutls_rnd(GNUTLS_RND_NONCE, iv+4, IV_SIZE-4); + ret = gnutls_rnd(GNUTLS_RND_NONCE, iv, IV_SIZE); if (ret < 0) { gnutls_assert(); goto cleanup; |