Define ticket creation time in TLS 1.2 case as well

The purpose of this change is to eventually base the calculation in ssl_ticket.c of the ticket age when parsing a ticket on the ticket creation time both in TLS 1.2 and TLS 1.3 case. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-11-22 09:14:02 +01:00 · 2023-11-22 09:14:02 +01:00 · d1c106c787
commit d1c106c787
parent feb577a949
2 changed files with 10 additions and 9 deletions
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -1228,6 +1228,12 @@ struct mbedtls_ssl_session {
    uint32_t MBEDTLS_PRIVATE(ticket_lifetime);   /*!< ticket lifetime hint    */
 #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */

+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C) && \
+    defined(MBEDTLS_HAVE_TIME)
+    /*! Time in milliseconds when the ticket was created. */
+    mbedtls_ms_time_t MBEDTLS_PRIVATE(ticket_creation_time);
+#endif
+
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
    uint8_t MBEDTLS_PRIVATE(ticket_flags);      /*!< Ticket flags */
    uint32_t MBEDTLS_PRIVATE(ticket_age_add);               /*!< Randomly generated value used to obscure the age of the ticket */
@ -1238,15 +1244,10 @@ struct mbedtls_ssl_session {
    char *MBEDTLS_PRIVATE(hostname);             /*!< host name binded with tickets */
 #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION && MBEDTLS_SSL_CLI_C */

-#if defined(MBEDTLS_HAVE_TIME)
-#if defined(MBEDTLS_SSL_CLI_C)
-    mbedtls_ms_time_t MBEDTLS_PRIVATE(ticket_reception_time);   /*!< time when ticket was received. */
+#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_CLI_C)
+    /*! Time in milliseconds when the last ticket was received. */
+    mbedtls_ms_time_t MBEDTLS_PRIVATE(ticket_reception_time);
 #endif
-#if defined(MBEDTLS_SSL_SRV_C)
-    mbedtls_ms_time_t MBEDTLS_PRIVATE(ticket_creation_time);    /*!< time when ticket was created. */
-#endif
-#endif /* MBEDTLS_HAVE_TIME */
-
 #endif /*  MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */

 #if defined(MBEDTLS_SSL_EARLY_DATA)
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@ -1420,7 +1420,6 @@ int dummy_ticket_parse(void *p_ticket, mbedtls_ssl_session *session,
            return MBEDTLS_ERR_SSL_INVALID_MAC;
        case 2:
            return MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
        case 3:
            /* Creation time in the future. */
            session->ticket_creation_time = mbedtls_ms_time() + 1000;
@ -1430,6 +1429,7 @@ int dummy_ticket_parse(void *p_ticket, mbedtls_ssl_session *session,
            session->ticket_creation_time = mbedtls_ms_time() -
                                            (7 * 24 * 3600 * 1000 + 1000);
            break;
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
        case 5:
            /* Ticket is valid, but client age is below the lower bound of the tolerance window. */
            session->ticket_age_add += MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE + 4 * 1000;