From c89fd6fd4787e13243278de73db994df44ce0a4b Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Tue, 21 Aug 2018 14:54:41 +0200
Subject: ext/pre_shared_key: make ticket age calculation consistent

Previously we used a pattern like this:

  uint32_t obfuscated_ticket_age, ticket_age_add;
  time_t ticket_age;

  ticket_age = obfuscated_ticket_age - ticket_age_add;
  if (ticket_age < 0) {
  	...
  }

This always evaluates to false, because subtraction between unsigned
integers yields an unsigned integer.  Let's do the comparison before
subtraction and also use correct types for representing time: uint32_t
for protocol time and time_t for system time.

Signed-off-by: Daiki Ueno <dueno@redhat.com>
---
 lib/ext/pre_shared_key.c | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/lib/ext/pre_shared_key.c b/lib/ext/pre_shared_key.c
index 35ec94fe4a..b669e159fa 100644
--- a/lib/ext/pre_shared_key.c
+++ b/lib/ext/pre_shared_key.c
@@ -201,8 +201,8 @@ client_send_params(gnutls_session_t session,
 	unsigned next_idx;
 	const mac_entry_st *prf_res = NULL;
 	const mac_entry_st *prf_psk = NULL;
-	time_t cur_time, ticket_age;
-	uint32_t ob_ticket_age;
+	time_t cur_time;
+	uint32_t ticket_age, ob_ticket_age;
 	int free_username = 0;
 	psk_auth_info_t info = NULL;
 	unsigned psk_id_len = 0;
@@ -235,16 +235,16 @@ client_send_params(gnutls_session_t session,
 
 		prf_res = session->internals.tls13_ticket.prf;
 
-		/* Check whether the ticket is stale */
 		cur_time = gnutls_time(0);
-		ticket_age = cur_time - session->internals.tls13_ticket.timestamp;
-		if (ticket_age < 0 || ticket_age > cur_time) {
+		if (unlikely(cur_time < session->internals.tls13_ticket.timestamp)) {
 			gnutls_assert();
 			_gnutls13_session_ticket_unset(session);
 			goto ignore_ticket;
 		}
 
-		if ((unsigned int) ticket_age > session->internals.tls13_ticket.lifetime) {
+		/* Check whether the ticket is stale */
+		ticket_age = cur_time - session->internals.tls13_ticket.timestamp;
+		if (ticket_age > session->internals.tls13_ticket.lifetime) {
 			_gnutls13_session_ticket_unset(session);
 			goto ignore_ticket;
 		}
@@ -477,7 +477,7 @@ static int server_recv_params(gnutls_session_t session,
 	struct psk_st psk;
 	psk_auth_info_t info;
 	tls13_ticket_t ticket_data;
-	time_t ticket_age;
+	uint32_t ticket_age;
 	bool resuming;
 
 	ret = _gnutls13_psk_ext_parser_init(&psk_parser, data, len);
@@ -507,14 +507,14 @@ static int server_recv_params(gnutls_session_t session,
 			session->internals.resumption_requested = 1;
 
 			/* Check whether ticket is stale or not */
-			ticket_age = psk.ob_ticket_age - ticket_data.age_add;
-			if (ticket_age < 0) {
+			if (psk.ob_ticket_age < ticket_data.age_add) {
 				gnutls_assert();
 				tls13_ticket_deinit(&ticket_data);
 				continue;
 			}
 
-			if ((unsigned int) (ticket_age / 1000) > ticket_data.lifetime) {
+			ticket_age = psk.ob_ticket_age - ticket_data.age_add;
+			if (ticket_age / 1000 > ticket_data.lifetime) {
 				gnutls_assert();
 				tls13_ticket_deinit(&ticket_data);
 				continue;
-- 
cgit v1.2.1