diff options
| author | Daiki Ueno <dueno@redhat.com> | 2018-08-21 14:54:41 +0200 |
|---|---|---|
| committer | Daiki Ueno <ueno@gnu.org> | 2018-08-23 13:08:07 +0000 |
| commit | c89fd6fd4787e13243278de73db994df44ce0a4b (patch) | |
| tree | 6767004219c1cfaade75e33e350931e1d0649231 | |
| parent | 8fc0f36294b38bd77efa92f0f793cbb64dc98286 (diff) | |
| download | gnutls-c89fd6fd4787e13243278de73db994df44ce0a4b.tar.gz | |
ext/pre_shared_key: make ticket age calculation consistent
Previously we used a pattern like this:
uint32_t obfuscated_ticket_age, ticket_age_add;
time_t ticket_age;
ticket_age = obfuscated_ticket_age - ticket_age_add;
if (ticket_age < 0) {
...
}
This always evaluates to false, because subtraction between unsigned
integers yields an unsigned integer. Let's do the comparison before
subtraction and also use correct types for representing time: uint32_t
for protocol time and time_t for system time.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
| -rw-r--r-- | lib/ext/pre_shared_key.c | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/lib/ext/pre_shared_key.c b/lib/ext/pre_shared_key.c index 35ec94fe4a..b669e159fa 100644 --- a/lib/ext/pre_shared_key.c +++ b/lib/ext/pre_shared_key.c @@ -201,8 +201,8 @@ client_send_params(gnutls_session_t session, unsigned next_idx; const mac_entry_st *prf_res = NULL; const mac_entry_st *prf_psk = NULL; - time_t cur_time, ticket_age; - uint32_t ob_ticket_age; + time_t cur_time; + uint32_t ticket_age, ob_ticket_age; int free_username = 0; psk_auth_info_t info = NULL; unsigned psk_id_len = 0; @@ -235,16 +235,16 @@ client_send_params(gnutls_session_t session, prf_res = session->internals.tls13_ticket.prf; - /* Check whether the ticket is stale */ cur_time = gnutls_time(0); - ticket_age = cur_time - session->internals.tls13_ticket.timestamp; - if (ticket_age < 0 || ticket_age > cur_time) { + if (unlikely(cur_time < session->internals.tls13_ticket.timestamp)) { gnutls_assert(); _gnutls13_session_ticket_unset(session); goto ignore_ticket; } - if ((unsigned int) ticket_age > session->internals.tls13_ticket.lifetime) { + /* Check whether the ticket is stale */ + ticket_age = cur_time - session->internals.tls13_ticket.timestamp; + if (ticket_age > session->internals.tls13_ticket.lifetime) { _gnutls13_session_ticket_unset(session); goto ignore_ticket; } @@ -477,7 +477,7 @@ static int server_recv_params(gnutls_session_t session, struct psk_st psk; psk_auth_info_t info; tls13_ticket_t ticket_data; - time_t ticket_age; + uint32_t ticket_age; bool resuming; ret = _gnutls13_psk_ext_parser_init(&psk_parser, data, len); @@ -507,14 +507,14 @@ static int server_recv_params(gnutls_session_t session, session->internals.resumption_requested = 1; /* Check whether ticket is stale or not */ - ticket_age = psk.ob_ticket_age - ticket_data.age_add; - if (ticket_age < 0) { + if (psk.ob_ticket_age < ticket_data.age_add) { gnutls_assert(); tls13_ticket_deinit(&ticket_data); continue; } - if ((unsigned int) (ticket_age / 1000) > ticket_data.lifetime) { + ticket_age = psk.ob_ticket_age - ticket_data.age_add; + if (ticket_age / 1000 > ticket_data.lifetime) { gnutls_assert(); tls13_ticket_deinit(&ticket_data); continue; |