From 5f7477980c504bb643596de593785042b3284e0f Mon Sep 17 00:00:00 2001 From: TakayukiMatsuo Date: Mon, 31 May 2021 18:14:33 +0900 Subject: [PATCH 1/3] Add session ticket timeout check in DoSessionTicket --- src/internal.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/src/internal.c b/src/internal.c index 88fab048b..292ef3e04 100644 --- a/src/internal.c +++ b/src/internal.c @@ -28054,7 +28054,6 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, { int ret = 0; WOLFSSL_SESSION* session; - (void)bogusID; session = GetSession(ssl, ssl->arrays->masterSecret, 1); @@ -28070,7 +28069,20 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (!session) { WOLFSSL_MSG("Session lookup for resume failed"); ssl->options.resuming = 0; + return ret; } + #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) + #ifdef WOLFSSL_TLS13 + word32 born; + /* check if the ticket is valid */ + ato32((const byte*)&(session->ticketSeen), &born); + if (LowResTimer() > born + ssl->timeout) { + WOLFSSL_MSG("Expired session ticket, fall back to full handshake."); + ssl->options.resuming = 0; + } + #endif /* WOLFSSL_TLS13 */ + #endif /* HAVE_SESSION_TICKET || !NO_PSK */ + else if (session->haveEMS != ssl->options.haveEMS) { /* RFC 7627, 5.3, server-side */ /* if old sess didn't have EMS, but new does, full handshake */ @@ -29485,6 +29497,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Copy the haveExtendedMasterSecret property from the ticket to * the saved session, so the property may be checked later. */ ssl->session.haveEMS = it.haveEMS; + #ifdef WOLFSSL_TLS13 + ssl->session.ticketSeen = it.timestamp; + #endif #ifndef NO_RESUME_SUITE_CHECK ssl->session.cipherSuite0 = it.suite[0]; ssl->session.cipherSuite = it.suite[1]; From 69cf5ef266be4fb527b4a835e3744ca701f3a4de Mon Sep 17 00:00:00 2001 From: TakayukiMatsuo Date: Tue, 1 Jun 2021 15:30:07 +0900 Subject: [PATCH 2/3] Chage to use WOLFSSL_SESSION.bornON instead of WOLFSSL_SESSION.timestamp to hold the ticket creation time. --- src/internal.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/src/internal.c b/src/internal.c index 292ef3e04..b60ff7c00 100644 --- a/src/internal.c +++ b/src/internal.c @@ -28071,17 +28071,13 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ssl->options.resuming = 0; return ret; } - #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) - #ifdef WOLFSSL_TLS13 - word32 born; +#if defined(HAVE_SESSION_TICKET) && !defined(WOLFSSL_NO_TICKET_EXPIRE) /* check if the ticket is valid */ - ato32((const byte*)&(session->ticketSeen), &born); - if (LowResTimer() > born + ssl->timeout) { + if (LowResTimer() > session->bornOn + ssl->timeout) { WOLFSSL_MSG("Expired session ticket, fall back to full handshake."); ssl->options.resuming = 0; } - #endif /* WOLFSSL_TLS13 */ - #endif /* HAVE_SESSION_TICKET || !NO_PSK */ +#endif /* HAVE_SESSION_TICKET || !WOLFSSL_NO_TICKET_EXPIRE */ else if (session->haveEMS != ssl->options.haveEMS) { /* RFC 7627, 5.3, server-side */ @@ -29497,9 +29493,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Copy the haveExtendedMasterSecret property from the ticket to * the saved session, so the property may be checked later. */ ssl->session.haveEMS = it.haveEMS; - #ifdef WOLFSSL_TLS13 - ssl->session.ticketSeen = it.timestamp; - #endif + ato32((const byte*)&it.timestamp, &ssl->session.bornOn); #ifndef NO_RESUME_SUITE_CHECK ssl->session.cipherSuite0 = it.suite[0]; ssl->session.cipherSuite = it.suite[1]; From 1a9b59b183d8624ccb23321ba47b43f5229b7251 Mon Sep 17 00:00:00 2001 From: TakayukiMatsuo Date: Fri, 11 Jun 2021 11:58:55 +0900 Subject: [PATCH 3/3] Add macro guard for LowResTimer --- src/internal.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/src/internal.c b/src/internal.c index b60ff7c00..4aa1490f0 100644 --- a/src/internal.c +++ b/src/internal.c @@ -28050,6 +28050,14 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #ifndef WOLFSSL_NO_TLS12 + /** + * Handles session resumption. + * Session tickets are checked for validity based on the time each ticket + * was created, timeout value and the current time. If the tickets are + * judged expired, falls back to full-handshake. If you want disable this + * sessin ticket validation check in TLS1.2 and below, define + * WOLFSSL_NO_TICKET_EXPRE. + */ int HandleTlsResumption(WOLFSSL* ssl, int bogusID, Suites* clSuites) { int ret = 0; @@ -28071,13 +28079,14 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ssl->options.resuming = 0; return ret; } -#if defined(HAVE_SESSION_TICKET) && !defined(WOLFSSL_NO_TICKET_EXPIRE) +#if defined(HAVE_SESSION_TICKET) && !defined(WOLFSSL_NO_TICKET_EXPIRE) && \ + !defined(NO_ASN_TIME) /* check if the ticket is valid */ if (LowResTimer() > session->bornOn + ssl->timeout) { WOLFSSL_MSG("Expired session ticket, fall back to full handshake."); ssl->options.resuming = 0; } -#endif /* HAVE_SESSION_TICKET || !WOLFSSL_NO_TICKET_EXPIRE */ +#endif /* HAVE_SESSION_TICKET && !WOLFSSL_NO_TICKET_EXPIRE && !NO_ASN_TIME */ else if (session->haveEMS != ssl->options.haveEMS) { /* RFC 7627, 5.3, server-side */ @@ -29323,7 +29332,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (!ssl->options.tls1_3) { XMEMCPY(it.msecret, ssl->arrays->masterSecret, SECRET_LEN); +#ifndef NO_ASN_TIME c32toa(LowResTimer(), (byte*)&it.timestamp); +#endif it.haveEMS = ssl->options.haveEMS; } else {