Improve comment and changlog
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
parent
99e902f479
commit
3e60cada5d
2 changed files with 17 additions and 11 deletions
|
@ -1,6 +1,7 @@
|
|||
Bugfix
|
||||
* Workaround #6623. That is time unit issue. The unit of ticket age is
|
||||
seconds in MBedTLS and milliseconds in GnuTLS. If the real age is 10ms,
|
||||
it might be 1s(1000ms), as a result, the age of MBedTLS is greater than
|
||||
GnuTLS server. Reduce 1 if the age is greater than 1 second to workaround
|
||||
it.
|
||||
* In TLS 1.3, when using a ticket for session resumption, tweak its age
|
||||
calculation on the client side. It prevents a server with more accurate
|
||||
ticket timestamps (typically timestamps in milliseconds) compared to the
|
||||
Mbed TLS ticket timestamps (in seconds) to compute a ticket age smaller
|
||||
than the age computed and transmitted by the client and thus potentially
|
||||
reject the ticket. Fix #6623.
|
||||
|
|
|
@ -947,12 +947,17 @@ int mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext(
|
|||
uint32_t obfuscated_ticket_age =
|
||||
(uint32_t)( now - session->ticket_received );
|
||||
|
||||
/* Workaround for anti replay fail of GnuTLS server.
|
||||
*
|
||||
* The time unit of ticket age is milliseconds, but current unit is
|
||||
* seconds. If the ticket was received at the end of first second and
|
||||
* sent in next second, GnuTLS think it is replay attack.
|
||||
*
|
||||
/*
|
||||
* The ticket timestamp is in seconds but the ticket age is in
|
||||
* milliseconds. If the ticket was received at the end of a second and
|
||||
* re-used here just at the beginning of the next second, the computed
|
||||
* age `now - session->ticket_received` is equal to 1s thus 1000 ms
|
||||
* while the actual age could be just a few milliseconds or tens of
|
||||
* milliseconds. If the server has more accurate ticket timestamps
|
||||
* (typically timestamps in milliseconds), as part of the processing of
|
||||
* the ClientHello, it may compute a ticket lifetime smaller than the
|
||||
* one computed here and potentially reject the ticket. To avoid that,
|
||||
* remove one second to the ticket age if possible.
|
||||
*/
|
||||
if( obfuscated_ticket_age > 0 )
|
||||
obfuscated_ticket_age -= 1;
|
||||
|
|
Loading…
Reference in a new issue