Commit 7e70213f authored by Matt Caswell's avatar Matt Caswell
Browse files

Don't overestimate the ticket age 



On the client we calculate the age of the ticket in seconds but the server
may work in ms. Due to rounding errors we could overestimate the age by up
to 1s. It is better to underestimate it. Otherwise, if the RTT is very
short, when the server calculates the age reported by the client it could
be bigger than the age calculated on the server - which should never happen.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5306)
parent c684a2d3

ssl/statem/extensions_clnt.c

+10 −0
Original line number Diff line number Diff line
@@ -998,6 +998,16 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, 
         */

        now = (uint32_t)time(NULL);

        agesec = now - (uint32_t)s->session->time;

        /*

         * We calculate the age in seconds but the server may work in ms. Due to

         * rounding errors we could overestimate the age by up to 1s. It is

         * better to underestimate it. Otherwise, if the RTT is very short, when

         * the server calculates the age reported by the client it could be

         * bigger than the age calculated on the server - which should never

         * happen.

         */

        if (agesec > 0)

            agesec--;



        if (s->session->ext.tick_lifetime_hint < agesec) {

            /* Ticket is too old. Ignore it. */