summaryrefslogtreecommitdiff
path: root/lib/ext
diff options
context:
space:
mode:
authorDaiki Ueno <dueno@redhat.com>2018-08-21 14:54:41 +0200
committerDaiki Ueno <ueno@gnu.org>2018-08-23 13:08:07 +0000
commitc89fd6fd4787e13243278de73db994df44ce0a4b (patch)
tree6767004219c1cfaade75e33e350931e1d0649231 /lib/ext
parent8fc0f36294b38bd77efa92f0f793cbb64dc98286 (diff)
downloadgnutls-c89fd6fd4787e13243278de73db994df44ce0a4b.tar.gz
ext/pre_shared_key: make ticket age calculation consistent
Previously we used a pattern like this: uint32_t obfuscated_ticket_age, ticket_age_add; time_t ticket_age; ticket_age = obfuscated_ticket_age - ticket_age_add; if (ticket_age < 0) { ... } This always evaluates to false, because subtraction between unsigned integers yields an unsigned integer. Let's do the comparison before subtraction and also use correct types for representing time: uint32_t for protocol time and time_t for system time. Signed-off-by: Daiki Ueno <dueno@redhat.com>
Diffstat (limited to 'lib/ext')
-rw-r--r--lib/ext/pre_shared_key.c20
1 files changed, 10 insertions, 10 deletions
diff --git a/lib/ext/pre_shared_key.c b/lib/ext/pre_shared_key.c
index 35ec94fe4a..b669e159fa 100644
--- a/lib/ext/pre_shared_key.c
+++ b/lib/ext/pre_shared_key.c
@@ -201,8 +201,8 @@ client_send_params(gnutls_session_t session,
unsigned next_idx;
const mac_entry_st *prf_res = NULL;
const mac_entry_st *prf_psk = NULL;
- time_t cur_time, ticket_age;
- uint32_t ob_ticket_age;
+ time_t cur_time;
+ uint32_t ticket_age, ob_ticket_age;
int free_username = 0;
psk_auth_info_t info = NULL;
unsigned psk_id_len = 0;
@@ -235,16 +235,16 @@ client_send_params(gnutls_session_t session,
prf_res = session->internals.tls13_ticket.prf;
- /* Check whether the ticket is stale */
cur_time = gnutls_time(0);
- ticket_age = cur_time - session->internals.tls13_ticket.timestamp;
- if (ticket_age < 0 || ticket_age > cur_time) {
+ if (unlikely(cur_time < session->internals.tls13_ticket.timestamp)) {
gnutls_assert();
_gnutls13_session_ticket_unset(session);
goto ignore_ticket;
}
- if ((unsigned int) ticket_age > session->internals.tls13_ticket.lifetime) {
+ /* Check whether the ticket is stale */
+ ticket_age = cur_time - session->internals.tls13_ticket.timestamp;
+ if (ticket_age > session->internals.tls13_ticket.lifetime) {
_gnutls13_session_ticket_unset(session);
goto ignore_ticket;
}
@@ -477,7 +477,7 @@ static int server_recv_params(gnutls_session_t session,
struct psk_st psk;
psk_auth_info_t info;
tls13_ticket_t ticket_data;
- time_t ticket_age;
+ uint32_t ticket_age;
bool resuming;
ret = _gnutls13_psk_ext_parser_init(&psk_parser, data, len);
@@ -507,14 +507,14 @@ static int server_recv_params(gnutls_session_t session,
session->internals.resumption_requested = 1;
/* Check whether ticket is stale or not */
- ticket_age = psk.ob_ticket_age - ticket_data.age_add;
- if (ticket_age < 0) {
+ if (psk.ob_ticket_age < ticket_data.age_add) {
gnutls_assert();
tls13_ticket_deinit(&ticket_data);
continue;
}
- if ((unsigned int) (ticket_age / 1000) > ticket_data.lifetime) {
+ ticket_age = psk.ob_ticket_age - ticket_data.age_add;
+ if (ticket_age / 1000 > ticket_data.lifetime) {
gnutls_assert();
tls13_ticket_deinit(&ticket_data);
continue;