yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Define ticket creation time in TLS 1.2 case as well

Browse source 
The purpose of this change is to eventually base
the calculation in ssl_ticket.c of the ticket age
when parsing a ticket on the ticket creation time
both in TLS 1.2 and TLS 1.3 case.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2023-11-22 09:14:02 +01:00
parent feb577a949
commit d1c106c787
2 changed files with 10 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
include/mbedtls/ssl.h
View file

@ -1228,6 +1228,12 @@ struct mbedtls_ssl_session {
uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< ticket lifetime hint */ uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< ticket lifetime hint */
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C) && \
defined(MBEDTLS_HAVE_TIME)
/*! Time in milliseconds when the ticket was created. */
mbedtls_ms_time_t MBEDTLS_PRIVATE(ticket_creation_time);
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
uint8_t MBEDTLS_PRIVATE(ticket_flags); /*!< Ticket flags */ uint8_t MBEDTLS_PRIVATE(ticket_flags); /*!< Ticket flags */
uint32_t MBEDTLS_PRIVATE(ticket_age_add); /*!< Randomly generated value used to obscure the age of the ticket */ uint32_t MBEDTLS_PRIVATE(ticket_age_add); /*!< Randomly generated value used to obscure the age of the ticket */
@ -1238,15 +1244,10 @@ struct mbedtls_ssl_session {
char *MBEDTLS_PRIVATE(hostname); /*!< host name binded with tickets */ char *MBEDTLS_PRIVATE(hostname); /*!< host name binded with tickets */
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION && MBEDTLS_SSL_CLI_C */ #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION && MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_HAVE_TIME) #if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_CLI_C)
#if defined(MBEDTLS_SSL_CLI_C) /*! Time in milliseconds when the last ticket was received. */
mbedtls_ms_time_t MBEDTLS_PRIVATE(ticket_reception_time); /*!< time when ticket was received. */ mbedtls_ms_time_t MBEDTLS_PRIVATE(ticket_reception_time);
#endif #endif
#if defined(MBEDTLS_SSL_SRV_C)
mbedtls_ms_time_t MBEDTLS_PRIVATE(ticket_creation_time); /*!< time when ticket was created. */
#endif
#endif /* MBEDTLS_HAVE_TIME */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */
#if defined(MBEDTLS_SSL_EARLY_DATA) #if defined(MBEDTLS_SSL_EARLY_DATA)

2
programs/ssl/ssl_server2.c
View file

@ -1420,7 +1420,6 @@ int dummy_ticket_parse(void *p_ticket, mbedtls_ssl_session *session,
return MBEDTLS_ERR_SSL_INVALID_MAC; return MBEDTLS_ERR_SSL_INVALID_MAC;
case 2: case 2:
return MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED; return MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
case 3: case 3:
/* Creation time in the future. */ /* Creation time in the future. */
session->ticket_creation_time = mbedtls_ms_time() + 1000; session->ticket_creation_time = mbedtls_ms_time() + 1000;
@ -1430,6 +1429,7 @@ int dummy_ticket_parse(void *p_ticket, mbedtls_ssl_session *session,
session->ticket_creation_time = mbedtls_ms_time() - session->ticket_creation_time = mbedtls_ms_time() -
(7 * 24 * 3600 * 1000 + 1000); (7 * 24 * 3600 * 1000 + 1000);
break; break;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
case 5: case 5:
/* Ticket is valid, but client age is below the lower bound of the tolerance window. */ /* Ticket is valid, but client age is below the lower bound of the tolerance window. */
session->ticket_age_add += MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE + 4 * 1000; session->ticket_age_add += MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE + 4 * 1000;