From 85ec6054c670bd828a368625207ea800869baf66 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Tue, 7 Dec 2021 13:58:38 +1000 Subject: [PATCH 1/2] TLS13: Skip if expired rather than turning off resuming --- src/tls13.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/tls13.c b/src/tls13.c index 13d428723..f4a6ddcdb 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -4003,8 +4003,8 @@ static int DoPreSharedKeys(WOLFSSL* ssl, byte* suite, int* usingPSK, int* first) */ if (diff > (int)ssl->timeout * 1000 || diff < -1000 || diff - MAX_TICKET_AGE_SECS * 1000 > 1000) { - /* Invalid difference, fallback to full handshake. */ - ssl->options.resuming = 0; + current = current->next; + continue; } #ifndef WOLFSSL_PSK_ONE_ID From 32014c69fd8708d0e842e94b53373f8fbb0aff86 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Thu, 9 Dec 2021 12:43:30 +1000 Subject: [PATCH 2/2] TLS 13 session ticket timeout: fixup checks Check difference between now and ticket seen from encrypted ticket against timeout. --- src/tls13.c | 24 +++++++++++++++--------- wolfssl/internal.h | 11 ++++++----- 2 files changed, 21 insertions(+), 14 deletions(-) diff --git a/src/tls13.c b/src/tls13.c index f4a6ddcdb..08e2adefb 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -3987,22 +3987,28 @@ static int DoPreSharedKeys(WOLFSSL* ssl, byte* suite, int* usingPSK, int* first) /* Decode the identity. */ if (DoClientTicket(ssl, current->identity, current->identityLen) == WOLFSSL_TICKET_RET_OK) { - word32 now; - int diff; + word32 now; + sword64 diff; now = TimeNowInMilliseconds(); if (now == (word32)GETTIME_ERROR) return now; - if (now < ssl->session.ticketSeen) - diff = (0xFFFFFFFFU - ssl->session.ticketSeen) + 1 + now; - else - diff = now - ssl->session.ticketSeen; - diff -= current->ticketAge - ssl->session.ticketAdd; + /* Difference between now and time ticket constructed + * (from decrypted ticket). */ + diff = now; + diff -= ssl->session.ticketSeen; + if (diff > (sword64)ssl->timeout * 1000 || + diff > (sword64)TLS13_MAX_TICKET_AGE * 1000) { + current = current->next; + continue; + } + /* Subtract client's ticket age and unobfuscate. */ + diff -= current->ticketAge; + diff += ssl->session.ticketAdd; /* Check session and ticket age timeout. * Allow +/- 1000 milliseconds on ticket age. */ - if (diff > (int)ssl->timeout * 1000 || diff < -1000 || - diff - MAX_TICKET_AGE_SECS * 1000 > 1000) { + if (diff < -1000 || diff - MAX_TICKET_AGE_DIFF * 1000 > 1000) { current = current->next; continue; } diff --git a/wolfssl/internal.h b/wolfssl/internal.h index b4313b7fe..369fd32a7 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1490,11 +1490,12 @@ enum Misc { DTLS_TIMEOUT_MAX = 64, /* default max timeout for DTLS receive */ DTLS_TIMEOUT_MULTIPLIER = 2, /* default timeout multiplier for DTLS recv */ - NULL_TERM_LEN = 1, /* length of null '\0' termination character */ - MAX_PSK_KEY_LEN = 64, /* max psk key supported */ - MIN_PSK_ID_LEN = 6, /* min length of identities */ - MIN_PSK_BINDERS_LEN= 33, /* min length of binders */ - MAX_TICKET_AGE_SECS= 10, /* maximum ticket age in seconds */ + NULL_TERM_LEN = 1, /* length of null '\0' termination character */ + MAX_PSK_KEY_LEN = 64, /* max psk key supported */ + MIN_PSK_ID_LEN = 6, /* min length of identities */ + MIN_PSK_BINDERS_LEN = 33, /* min length of binders */ + MAX_TICKET_AGE_DIFF = 10, /* maximum ticket age difference in seconds */ + TLS13_MAX_TICKET_AGE = 7*24*60*60, /* max ticket age in seconds, 7 days */ #ifndef MAX_WOLFSSL_FILE_SIZE MAX_WOLFSSL_FILE_SIZE = 1024ul * 1024ul * 4, /* 4 mb file size alloc limit */