yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Replace start with ticket_creation

Browse source 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu 2023-10-31 14:42:20 +08:00
parent 702fc590ed
commit ec6d07870d
4 changed files with 17 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
library/ssl_ticket.c
View file

@ -498,16 +498,17 @@ int mbedtls_ssl_ticket_parse(void *p_ticket,
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if (session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
/* Check for expiration */
mbedtls_ms_time_t ticket_age = mbedtls_ms_time() - session->start;
mbedtls_ms_time_t ticket_age = mbedtls_ms_time() - session->ticket_creation;
mbedtls_ms_time_t ticket_lifetime = ctx->ticket_lifetime * 1000;
if (ticket_age < 0 || ticket_age > ticket_lifetime) {
ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
goto cleanup;
}
} else
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
{
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if (session->tls_version == MBEDTLS_SSL_VERSION_TLS1_2) {
/* Check for expiration */
mbedtls_time_t current_time = mbedtls_time(NULL);
@ -517,6 +518,7 @@ int mbedtls_ssl_ticket_parse(void *p_ticket,
goto cleanup;
}
}
#endif
#endif /* MBEDTLS_HAVE_TIME */
cleanup:

4
library/ssl_tls.c
View file

@ -2537,7 +2537,7 @@ static int ssl_tls13_session_save(const mbedtls_ssl_session *session,
#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C)
if (session->endpoint == MBEDTLS_SSL_IS_SERVER) {
MBEDTLS_PUT_UINT64_BE((uint64_t) session->start, p, 0);
MBEDTLS_PUT_UINT64_BE((uint64_t) session->ticket_creation, p, 0);
p += 8;
}
#endif /* MBEDTLS_HAVE_TIME */
@ -2616,7 +2616,7 @@ static int ssl_tls13_session_load(mbedtls_ssl_session *session,
if (end - p < 8) {
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
session->start = MBEDTLS_GET_UINT64_BE(p, 0);
session->ticket_creation = MBEDTLS_GET_UINT64_BE(p, 0);
p += 8;
}
#endif /* MBEDTLS_HAVE_TIME */

8
library/ssl_tls13_server.c
View file

@ -193,15 +193,15 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket(
#if defined(MBEDTLS_HAVE_TIME)
now = mbedtls_ms_time();
if (now < session->start) {
if (now < session->ticket_creation) {
MBEDTLS_SSL_DEBUG_MSG(
3, ("Invalid ticket start time ( now = %" MBEDTLS_PRINTF_MS_TIME
", start = %" MBEDTLS_PRINTF_MS_TIME " )",
now, session->start));
now, session->ticket_creation));
goto exit;
}
server_age = now - session->start;
server_age = now - session->ticket_creation;
/* RFC 8446 section 4.6.1
*
@ -2880,7 +2880,7 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG(2, ("=> prepare NewSessionTicket msg"));
#if defined(MBEDTLS_HAVE_TIME)
session->start = mbedtls_ms_time();
session->ticket_creation = mbedtls_ms_time();
#endif
/* Set ticket_flags depends on the advertised psk key exchange mode */

11
programs/ssl/ssl_server2.c
View file

@ -1421,22 +1421,23 @@ int dummy_ticket_parse(void *p_ticket, mbedtls_ssl_session *session,
case 2:
/* Callback function return ticket expired */
return MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
case 3:
/* Built-in check, the start time is in future. */
session->start = mbedtls_ms_time() + 10 * 1000;
session->ticket_creation = mbedtls_ms_time() + 10 * 1000;
break;
case 4:
/* Built-in check, ticket expired due to too old. */
session->start = mbedtls_ms_time() - 10 * 1000 - 7 * 24 * 3600 * 1000;
session->ticket_creation = mbedtls_ms_time() - 10 * 1000 - 7 * 24 * 3600 * 1000;
break;
case 5:
/* Built-in check, age outside tolerance window, too young. */
session->start = mbedtls_ms_time() - 10 * 1000;
session->ticket_creation = mbedtls_ms_time() - 10 * 1000;
break;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
case 6:
/* Built-in check, age outside tolerance window, too old. */
session->start = mbedtls_ms_time();
session->ticket_creation = mbedtls_ms_time();
session->ticket_age_add -= 1000;
break;
case 7: