diff options
-rw-r--r-- | lib/ext/pre_shared_key.c | 17 | ||||
-rw-r--r-- | lib/gnutls_int.h | 2 | ||||
-rw-r--r-- | lib/session_pack.c | 8 | ||||
-rw-r--r-- | lib/tls13/session_ticket.c | 4 |
4 files changed, 19 insertions, 12 deletions
diff --git a/lib/ext/pre_shared_key.c b/lib/ext/pre_shared_key.c index 445abe4a8d..a58c870bf5 100644 --- a/lib/ext/pre_shared_key.c +++ b/lib/ext/pre_shared_key.c @@ -201,7 +201,7 @@ client_send_params(gnutls_session_t session, unsigned next_idx; const mac_entry_st *prf_res = NULL; const mac_entry_st *prf_psk = NULL; - time_t cur_time; + struct timespec cur_time; uint32_t ticket_age, ob_ticket_age; int free_username = 0; psk_auth_info_t info = NULL; @@ -235,16 +235,21 @@ client_send_params(gnutls_session_t session, prf_res = session->internals.tls13_ticket.prf; - cur_time = gnutls_time(0); - if (unlikely(cur_time < session->internals.tls13_ticket.timestamp)) { + gnutls_gettime(&cur_time); + if (unlikely(_gnutls_timespec_cmp(&cur_time, + &session->internals. + tls13_ticket. + arrival_time) < 0)) { gnutls_assert(); _gnutls13_session_ticket_unset(session); goto ignore_ticket; } /* Check whether the ticket is stale */ - ticket_age = cur_time - session->internals.tls13_ticket.timestamp; - if (ticket_age > session->internals.tls13_ticket.lifetime) { + ticket_age = timespec_sub_ms(&cur_time, + &session->internals.tls13_ticket. + arrival_time); + if (ticket_age / 1000 > session->internals.tls13_ticket.lifetime) { _gnutls13_session_ticket_unset(session); goto ignore_ticket; } @@ -256,7 +261,7 @@ client_send_params(gnutls_session_t session, } /* Calculate obfuscated ticket age, in milliseconds, mod 2^32 */ - ob_ticket_age = ticket_age * 1000 + session->internals.tls13_ticket.age_add; + ob_ticket_age = ticket_age + session->internals.tls13_ticket.age_add; if ((ret = _gnutls_buffer_append_data_prefix(extdata, 16, session->internals.tls13_ticket.ticket.data, diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 576eaa6786..2eff31caff 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -1017,7 +1017,7 @@ typedef struct gnutls_dh_params_int { /* TLS 1.3 session ticket */ typedef struct { - time_t timestamp; + struct timespec arrival_time; uint32_t lifetime; uint32_t age_add; uint8_t nonce[255]; diff --git a/lib/session_pack.c b/lib/session_pack.c index 82ec51c0db..b83c9c7440 100644 --- a/lib/session_pack.c +++ b/lib/session_pack.c @@ -310,6 +310,7 @@ _gnutls_session_unpack(gnutls_session_t session, * x bytes the ticket * 1 bytes the resumption master secret length * x bytes the resumption master secret + * 12 bytes the ticket arrival time * * WE DON'T STORE NewSessionTicket EXTENSIONS, as we don't support them yet. * @@ -329,8 +330,6 @@ tls13_pack_security_parameters(gnutls_session_t session, gnutls_buffer_st *ps) BUFFER_APPEND_NUM(ps, 0); if (ticket->ticket.data != NULL) { - BUFFER_APPEND_NUM(ps, ticket->timestamp); - length += 4; BUFFER_APPEND_NUM(ps, ticket->lifetime); length += 4; BUFFER_APPEND_NUM(ps, ticket->age_add); @@ -347,6 +346,8 @@ tls13_pack_security_parameters(gnutls_session_t session, gnutls_buffer_st *ps) ticket->resumption_master_secret, ticket->prf->output_size); length += (1 + ticket->prf->output_size); + BUFFER_APPEND_TS(ps, ticket->arrival_time); + length += 12; /* Overwrite the length field */ _gnutls_write_uint32(length, ps->data + length_pos); @@ -366,7 +367,6 @@ tls13_unpack_security_parameters(gnutls_session_t session, gnutls_buffer_st *ps) BUFFER_POP_NUM(ps, ttl_len); if (ttl_len > 0) { - BUFFER_POP_NUM(ps, ticket->timestamp); BUFFER_POP_NUM(ps, ticket->lifetime); BUFFER_POP_NUM(ps, ticket->age_add); @@ -394,6 +394,8 @@ tls13_unpack_security_parameters(gnutls_session_t session, gnutls_buffer_st *ps) return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); ticket->prf = session->internals.resumed_security_parameters.prf; + + BUFFER_POP_TS(ps, ticket->arrival_time); } error: diff --git a/lib/tls13/session_ticket.c b/lib/tls13/session_ticket.c index a28c847c17..ad04a60919 100644 --- a/lib/tls13/session_ticket.c +++ b/lib/tls13/session_ticket.c @@ -395,8 +395,8 @@ int _gnutls13_recv_session_ticket(gnutls_session_t session, gnutls_buffer_st *bu if (ret < 0) return gnutls_assert_val(ret); - /* Set the ticket timestamp */ - ticket->timestamp = gnutls_time(0); + /* Record the ticket arrival time */ + gnutls_gettime(&ticket->arrival_time); return 0; } |