yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Improve comment and changlog

Browse source 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu 2023-01-10 14:58:08 +08:00
parent 99e902f479
commit 3e60cada5d
2 changed files with 17 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
ChangeLog.d/workaround_gnutls_anti_replay_fail.txt
View file

@ -1,6 +1,7 @@
Bugfix Bugfix
* Workaround #6623. That is time unit issue. The unit of ticket age is * In TLS 1.3, when using a ticket for session resumption, tweak its age
seconds in MBedTLS and milliseconds in GnuTLS. If the real age is 10ms, calculation on the client side. It prevents a server with more accurate
it might be 1s(1000ms), as a result, the age of MBedTLS is greater than ticket timestamps (typically timestamps in milliseconds) compared to the
GnuTLS server. Reduce 1 if the age is greater than 1 second to workaround Mbed TLS ticket timestamps (in seconds) to compute a ticket age smaller
it. than the age computed and transmitted by the client and thus potentially
reject the ticket. Fix #6623.

17
library/ssl_tls13_client.c
View file

@ -947,12 +947,17 @@ int mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext(
uint32_t obfuscated_ticket_age = uint32_t obfuscated_ticket_age =
(uint32_t)( now - session->ticket_received ); (uint32_t)( now - session->ticket_received );
/* Workaround for anti replay fail of GnuTLS server. /*
* * The ticket timestamp is in seconds but the ticket age is in
* The time unit of ticket age is milliseconds, but current unit is * milliseconds. If the ticket was received at the end of a second and
* seconds. If the ticket was received at the end of first second and * re-used here just at the beginning of the next second, the computed
* sent in next second, GnuTLS think it is replay attack. * age `now - session->ticket_received` is equal to 1s thus 1000 ms
* * while the actual age could be just a few milliseconds or tens of
* milliseconds. If the server has more accurate ticket timestamps
* (typically timestamps in milliseconds), as part of the processing of
* the ClientHello, it may compute a ticket lifetime smaller than the
* one computed here and potentially reject the ticket. To avoid that,
* remove one second to the ticket age if possible.
*/ */
if( obfuscated_ticket_age > 0 ) if( obfuscated_ticket_age > 0 )
obfuscated_ticket_age -= 1; obfuscated_ticket_age -= 1;