4 files changed, 19 insertions, 12 deletions

diff --git a/lib/ext/pre_shared_key.c b/lib/ext/pre_shared_key.c
index 445abe4a8d..a58c870bf5 100644
--- a/lib/ext/pre_shared_key.c
+++ b/lib/ext/pre_shared_key.c
@@ -201,7 +201,7 @@ client_send_params(gnutls_session_t session,
 	unsigned next_idx;
 	const mac_entry_st *prf_res = NULL;
 	const mac_entry_st *prf_psk = NULL;
-	time_t cur_time;
+	struct timespec cur_time;
 	uint32_t ticket_age, ob_ticket_age;
 	int free_username = 0;
 	psk_auth_info_t info = NULL;
@@ -235,16 +235,21 @@ client_send_params(gnutls_session_t session,
 
 		prf_res = session->internals.tls13_ticket.prf;
 
-		cur_time = gnutls_time(0);
-		if (unlikely(cur_time < session->internals.tls13_ticket.timestamp)) {
+		gnutls_gettime(&cur_time);
+		if (unlikely(_gnutls_timespec_cmp(&cur_time,
+						  &session->internals.
+						  tls13_ticket.
+						  arrival_time) < 0)) {
 			gnutls_assert();
 			_gnutls13_session_ticket_unset(session);
 			goto ignore_ticket;
 		}
 
 		/* Check whether the ticket is stale */
-		ticket_age = cur_time - session->internals.tls13_ticket.timestamp;
-		if (ticket_age > session->internals.tls13_ticket.lifetime) {
+		ticket_age = timespec_sub_ms(&cur_time,
+					     &session->internals.tls13_ticket.
+					     arrival_time);
+		if (ticket_age / 1000 > session->internals.tls13_ticket.lifetime) {
 			_gnutls13_session_ticket_unset(session);
 			goto ignore_ticket;
 		}
@@ -256,7 +261,7 @@ client_send_params(gnutls_session_t session,
 		}
 
 		/* Calculate obfuscated ticket age, in milliseconds, mod 2^32 */
-		ob_ticket_age = ticket_age * 1000 + session->internals.tls13_ticket.age_add;
+		ob_ticket_age = ticket_age + session->internals.tls13_ticket.age_add;
 
 		if ((ret = _gnutls_buffer_append_data_prefix(extdata, 16,
 							     session->internals.tls13_ticket.ticket.data,
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 576eaa6786..2eff31caff 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -1017,7 +1017,7 @@ typedef struct gnutls_dh_params_int {
 /* TLS 1.3 session ticket
  */
 typedef struct {
-	time_t timestamp;
+	struct timespec arrival_time;
 	uint32_t lifetime;
 	uint32_t age_add;
 	uint8_t nonce[255];
diff --git a/lib/session_pack.c b/lib/session_pack.c
index 82ec51c0db..b83c9c7440 100644
--- a/lib/session_pack.c
+++ b/lib/session_pack.c
@@ -310,6 +310,7 @@ _gnutls_session_unpack(gnutls_session_t session,
  *      x bytes the ticket
  *      1 bytes the resumption master secret length
  *      x bytes the resumption master secret
+ *     12 bytes the ticket arrival time
  *
  * WE DON'T STORE NewSessionTicket EXTENSIONS, as we don't support them yet.
  *
@@ -329,8 +330,6 @@ tls13_pack_security_parameters(gnutls_session_t session, gnutls_buffer_st *ps)
 	BUFFER_APPEND_NUM(ps, 0);
 
 	if (ticket->ticket.data != NULL) {
-		BUFFER_APPEND_NUM(ps, ticket->timestamp);
-		length += 4;
 		BUFFER_APPEND_NUM(ps, ticket->lifetime);
 		length += 4;
 		BUFFER_APPEND_NUM(ps, ticket->age_add);
@@ -347,6 +346,8 @@ tls13_pack_security_parameters(gnutls_session_t session, gnutls_buffer_st *ps)
 				   ticket->resumption_master_secret,
 				   ticket->prf->output_size);
 		length += (1 + ticket->prf->output_size);
+		BUFFER_APPEND_TS(ps, ticket->arrival_time);
+		length += 12;
 
 		/* Overwrite the length field */
 		_gnutls_write_uint32(length, ps->data + length_pos);
@@ -366,7 +367,6 @@ tls13_unpack_security_parameters(gnutls_session_t session, gnutls_buffer_st *ps)
 	BUFFER_POP_NUM(ps, ttl_len);
 
 	if (ttl_len > 0) {
-		BUFFER_POP_NUM(ps, ticket->timestamp);
 		BUFFER_POP_NUM(ps, ticket->lifetime);
 		BUFFER_POP_NUM(ps, ticket->age_add);
 
@@ -394,6 +394,8 @@ tls13_unpack_security_parameters(gnutls_session_t session, gnutls_buffer_st *ps)
 			return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
 
 		ticket->prf = session->internals.resumed_security_parameters.prf;
+
+		BUFFER_POP_TS(ps, ticket->arrival_time);
 	}
 
 error:
diff --git a/lib/tls13/session_ticket.c b/lib/tls13/session_ticket.c
index a28c847c17..ad04a60919 100644
--- a/lib/tls13/session_ticket.c
+++ b/lib/tls13/session_ticket.c
@@ -395,8 +395,8 @@ int _gnutls13_recv_session_ticket(gnutls_session_t session, gnutls_buffer_st *bu
 	if (ret < 0)
 		return gnutls_assert_val(ret);
 
-	/* Set the ticket timestamp */
-	ticket->timestamp = gnutls_time(0);
+	/* Record the ticket arrival time */
+	gnutls_gettime(&ticket->arrival_time);
 
 	return 0;
 }