Merge pull request #6207 from daverodgman/ticket_time
Fix type used for capturing TLS ticket generation time
This commit is contained in:
Dave Rodgman
GitHub
commit
0edfa9dd26
2 changed files with 12 additions and 6 deletions
|
|
@ -34,6 +34,10 @@
|
||||||
#include "mbedtls/ssl.h"
|
#include "mbedtls/ssl.h"
|
||||||
#include "mbedtls/cipher.h"
|
#include "mbedtls/cipher.h"
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_HAVE_TIME)
|
||||||
|
#include "mbedtls/platform_time.h"
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
#include "psa/crypto.h"
|
#include "psa/crypto.h"
|
||||||
#endif
|
#endif
|
||||||
|
|
@ -56,7 +60,9 @@ typedef struct mbedtls_ssl_ticket_key
|
||||||
{
|
{
|
||||||
unsigned char MBEDTLS_PRIVATE(name)[MBEDTLS_SSL_TICKET_KEY_NAME_BYTES];
|
unsigned char MBEDTLS_PRIVATE(name)[MBEDTLS_SSL_TICKET_KEY_NAME_BYTES];
|
||||||
/*!< random key identifier */
|
/*!< random key identifier */
|
||||||
uint32_t MBEDTLS_PRIVATE(generation_time); /*!< key generation timestamp (seconds) */
|
#if defined(MBEDTLS_HAVE_TIME)
|
||||||
|
mbedtls_time_t MBEDTLS_PRIVATE(generation_time); /*!< key generation timestamp (seconds) */
|
||||||
|
#endif
|
||||||
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
mbedtls_cipher_context_t MBEDTLS_PRIVATE(ctx); /*!< context for auth enc/decryption */
|
mbedtls_cipher_context_t MBEDTLS_PRIVATE(ctx); /*!< context for auth enc/decryption */
|
||||||
#else
|
#else
|
||||||
|
|
|
||||||
|
|
@ -79,7 +79,7 @@ static int ssl_ticket_gen_key( mbedtls_ssl_ticket_context *ctx,
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_HAVE_TIME)
|
#if defined(MBEDTLS_HAVE_TIME)
|
||||||
key->generation_time = (uint32_t) mbedtls_time( NULL );
|
key->generation_time = mbedtls_time( NULL );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if( ( ret = ctx->f_rng( ctx->p_rng, key->name, sizeof( key->name ) ) ) != 0 )
|
if( ( ret = ctx->f_rng( ctx->p_rng, key->name, sizeof( key->name ) ) ) != 0 )
|
||||||
|
|
@ -122,15 +122,15 @@ static int ssl_ticket_update_keys( mbedtls_ssl_ticket_context *ctx )
|
||||||
#else
|
#else
|
||||||
if( ctx->ticket_lifetime != 0 )
|
if( ctx->ticket_lifetime != 0 )
|
||||||
{
|
{
|
||||||
uint32_t current_time = (uint32_t) mbedtls_time( NULL );
|
mbedtls_time_t current_time = mbedtls_time( NULL );
|
||||||
uint32_t key_time = ctx->keys[ctx->active].generation_time;
|
mbedtls_time_t key_time = ctx->keys[ctx->active].generation_time;
|
||||||
|
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if( current_time >= key_time &&
|
if( current_time >= key_time &&
|
||||||
current_time - key_time < ctx->ticket_lifetime )
|
(uint64_t) ( current_time - key_time ) < ctx->ticket_lifetime )
|
||||||
{
|
{
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
@ -204,7 +204,7 @@ int mbedtls_ssl_ticket_rotate( mbedtls_ssl_ticket_context *ctx,
|
||||||
ctx->ticket_lifetime = lifetime;
|
ctx->ticket_lifetime = lifetime;
|
||||||
memcpy( key->name, name, TICKET_KEY_NAME_BYTES );
|
memcpy( key->name, name, TICKET_KEY_NAME_BYTES );
|
||||||
#if defined(MBEDTLS_HAVE_TIME)
|
#if defined(MBEDTLS_HAVE_TIME)
|
||||||
key->generation_time = (uint32_t) mbedtls_time( NULL );
|
key->generation_time = mbedtls_time( NULL );
|
||||||
#endif
|
#endif
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue