Improve comment and changlog

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu 2023-01-10 14:58:08 +08:00
parent 99e902f479
commit 3e60cada5d
2 changed files with 17 additions and 11 deletions

View file

@ -1,6 +1,7 @@
Bugfix
* Workaround #6623. That is time unit issue. The unit of ticket age is
seconds in MBedTLS and milliseconds in GnuTLS. If the real age is 10ms,
it might be 1s(1000ms), as a result, the age of MBedTLS is greater than
GnuTLS server. Reduce 1 if the age is greater than 1 second to workaround
it.
* In TLS 1.3, when using a ticket for session resumption, tweak its age
calculation on the client side. It prevents a server with more accurate
ticket timestamps (typically timestamps in milliseconds) compared to the
Mbed TLS ticket timestamps (in seconds) to compute a ticket age smaller
than the age computed and transmitted by the client and thus potentially
reject the ticket. Fix #6623.

View file

@ -947,12 +947,17 @@ int mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext(
uint32_t obfuscated_ticket_age =
(uint32_t)( now - session->ticket_received );
/* Workaround for anti replay fail of GnuTLS server.
*
* The time unit of ticket age is milliseconds, but current unit is
* seconds. If the ticket was received at the end of first second and
* sent in next second, GnuTLS think it is replay attack.
*
/*
* The ticket timestamp is in seconds but the ticket age is in
* milliseconds. If the ticket was received at the end of a second and
* re-used here just at the beginning of the next second, the computed
* age `now - session->ticket_received` is equal to 1s thus 1000 ms
* while the actual age could be just a few milliseconds or tens of
* milliseconds. If the server has more accurate ticket timestamps
* (typically timestamps in milliseconds), as part of the processing of
* the ClientHello, it may compute a ticket lifetime smaller than the
* one computed here and potentially reject the ticket. To avoid that,
* remove one second to the ticket age if possible.
*/
if( obfuscated_ticket_age > 0 )
obfuscated_ticket_age -= 1;