mirror of https://github.com/openssl/openssl.git
Add support for the age_add field
Update SSL_SESSION to store the age_add and use it where needed. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
This commit is contained in:
Matt Caswell
parent
ec15acb6bc
commit
fc24f0bf45
|
|
@ -55,6 +55,7 @@ typedef struct {
|
|||
long verify_result;
|
||||
ASN1_OCTET_STRING *tlsext_hostname;
|
||||
long tlsext_tick_lifetime_hint;
|
||||
long tlsext_tick_age_add;
|
||||
ASN1_OCTET_STRING *tlsext_tick;
|
||||
#ifndef OPENSSL_NO_PSK
|
||||
ASN1_OCTET_STRING *psk_identity_hint;
|
||||
|
|
@ -89,7 +90,8 @@ ASN1_SEQUENCE(SSL_SESSION_ASN1) = {
|
|||
#ifndef OPENSSL_NO_SRP
|
||||
ASN1_EXP_OPT(SSL_SESSION_ASN1, srp_username, ASN1_OCTET_STRING, 12),
|
||||
#endif
|
||||
ASN1_EXP_OPT(SSL_SESSION_ASN1, flags, ZLONG, 13)
|
||||
ASN1_EXP_OPT(SSL_SESSION_ASN1, flags, ZLONG, 13),
|
||||
ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_tick_age_add, ZLONG, 14)
|
||||
} static_ASN1_SEQUENCE_END(SSL_SESSION_ASN1)
|
||||
|
||||
IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(SSL_SESSION_ASN1)
|
||||
|
|
@ -190,6 +192,7 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
|
|||
}
|
||||
if (in->ext.tick_lifetime_hint > 0)
|
||||
as.tlsext_tick_lifetime_hint = in->ext.tick_lifetime_hint;
|
||||
as.tlsext_tick_age_add = in->ext.tick_age_add;
|
||||
#ifndef OPENSSL_NO_PSK
|
||||
ssl_session_sinit(&as.psk_identity_hint, &psk_identity_hint,
|
||||
in->psk_identity_hint);
|
||||
|
|
@ -326,6 +329,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
|
|||
#endif
|
||||
|
||||
ret->ext.tick_lifetime_hint = as->tlsext_tick_lifetime_hint;
|
||||
ret->ext.tick_age_add = as->tlsext_tick_age_add;
|
||||
if (as->tlsext_tick) {
|
||||
ret->ext.tick = as->tlsext_tick->data;
|
||||
ret->ext.ticklen = as->tlsext_tick->length;
|
||||
|
|
|
|||
|
|
@ -574,6 +574,7 @@ struct ssl_session_st {
|
|||
size_t ticklen; /* Session ticket length */
|
||||
/* Session lifetime hint in seconds */
|
||||
unsigned long tick_lifetime_hint;
|
||||
uint32_t tick_age_add;
|
||||
int tick_identity;
|
||||
} ext;
|
||||
# ifndef OPENSSL_NO_SRP
|
||||
|
|
|
|||
|
|
@ -694,6 +694,11 @@ int tls_construct_ctos_psk(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
|
|||
now = (uint32_t)time(NULL);
|
||||
ages = now - (uint32_t)s->session->time;
|
||||
|
||||
if (s->session->ext.tick_lifetime_hint < ages) {
|
||||
/* Ticket is too old. Ignore it. */
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Calculate age in ms. We're just doing it to nearest second. Should be
|
||||
* good enough.
|
||||
|
|
@ -708,7 +713,11 @@ int tls_construct_ctos_psk(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
|
|||
return 1;
|
||||
}
|
||||
|
||||
/* TODO(TLS1.3): Obfuscate the age here */
|
||||
/*
|
||||
* Obfuscate the age. Overflow here is fine, this addition is supposed to
|
||||
* be mod 2^32.
|
||||
*/
|
||||
agems += s->session->ext.tick_age_add;
|
||||
|
||||
cipher = ssl3_get_cipher_by_id(s->session->cipher_id);
|
||||
if (cipher == NULL) {
|
||||
|
|
|
|||
|
|
@ -48,6 +48,7 @@
|
|||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <time.h>
|
||||
#include "../ssl_locl.h"
|
||||
#include "statem_locl.h"
|
||||
#include <openssl/buffer.h>
|
||||
|
|
@ -2195,12 +2196,12 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
|
|||
{
|
||||
int al;
|
||||
unsigned int ticklen;
|
||||
unsigned long ticket_lifetime_hint, add_age;
|
||||
unsigned long ticket_lifetime_hint, age_add;
|
||||
unsigned int sess_len;
|
||||
RAW_EXTENSION *exts = NULL;
|
||||
|
||||
if (!PACKET_get_net_4(pkt, &ticket_lifetime_hint)
|
||||
|| (SSL_IS_TLS13(s) && !PACKET_get_net_4(pkt, &add_age))
|
||||
|| (SSL_IS_TLS13(s) && !PACKET_get_net_4(pkt, &age_add))
|
||||
|| !PACKET_get_net_2(pkt, &ticklen)
|
||||
|| (!SSL_IS_TLS13(s) && PACKET_remaining(pkt) != ticklen)
|
||||
|| (SSL_IS_TLS13(s) && (ticklen == 0
|
||||
|
|
@ -2243,6 +2244,12 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
|
|||
s->session = new_sess;
|
||||
}
|
||||
|
||||
/*
|
||||
* Technically the cast to long here is not guaranteed by the C standard -
|
||||
* but we use it elsewhere, so this should be ok.
|
||||
*/
|
||||
s->session->time = (long)time(NULL);
|
||||
|
||||
OPENSSL_free(s->session->ext.tick);
|
||||
s->session->ext.tick = NULL;
|
||||
s->session->ext.ticklen = 0;
|
||||
|
|
@ -2259,6 +2266,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
|
|||
}
|
||||
|
||||
s->session->ext.tick_lifetime_hint = ticket_lifetime_hint;
|
||||
s->session->ext.tick_age_add = age_add;
|
||||
s->session->ext.ticklen = ticklen;
|
||||
|
||||
if (SSL_IS_TLS13(s)) {
|
||||
|
|
|
|||
|
|
@ -3250,6 +3250,12 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
|
|||
uint32_t age_add;
|
||||
} age_add_u;
|
||||
|
||||
if (SSL_IS_TLS13(s)) {
|
||||
if (RAND_bytes(age_add_u.age_add_c, sizeof(age_add_u)) <= 0)
|
||||
goto err;
|
||||
s->session->ext.tick_age_add = age_add_u.age_add;
|
||||
}
|
||||
|
||||
/* get session encoding length */
|
||||
slen_full = i2d_SSL_SESSION(s->session, NULL);
|
||||
/*
|
||||
|
|
@ -3341,10 +3347,6 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
|
|||
sizeof(tctx->ext.tick_key_name));
|
||||
}
|
||||
|
||||
if (SSL_IS_TLS13(s) && RAND_bytes(age_add_u.age_add_c,
|
||||
sizeof(age_add_u)) <= 0)
|
||||
goto err;
|
||||
|
||||
/*
|
||||
* Ticket lifetime hint (advisory only): We leave this unspecified
|
||||
* for resumed session (for simplicity), and guess that tickets for
|
||||
|
|
|
|||
Loading…
Reference in New Issue