From 7e70213fe3c79461ad3d776a8de1a5beff4bea78 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 9 Feb 2018 16:39:27 +0000 Subject: [PATCH] Don't overestimate the ticket age On the client we calculate the age of the ticket in seconds but the server may work in ms. Due to rounding errors we could overestimate the age by up to 1s. It is better to underestimate it. Otherwise, if the RTT is very short, when the server calculates the age reported by the client it could be bigger than the age calculated on the server - which should never happen. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/5306) --- ssl/statem/extensions_clnt.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 6286242ad5..477536c462 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -998,6 +998,16 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, */ now = (uint32_t)time(NULL); agesec = now - (uint32_t)s->session->time; + /* + * We calculate the age in seconds but the server may work in ms. Due to + * rounding errors we could overestimate the age by up to 1s. It is + * better to underestimate it. Otherwise, if the RTT is very short, when + * the server calculates the age reported by the client it could be + * bigger than the age calculated on the server - which should never + * happen. + */ + if (agesec > 0) + agesec--; if (s->session->ext.tick_lifetime_hint < agesec) { /* Ticket is too old. Ignore it. */ -- 2.25.1