mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-26 12:39:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add ticket age check

Browse Source 
Remove ticket if it is expired.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu 2022-10-08 10:21:15 +08:00
parent 4a698341c9
commit 379b91a393
1 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
library/ssl_client.c
View File

@ -843,6 +843,32 @@ static int ssl_prepare_client_hello( mbedtls_ssl_context *ssl )
}
}
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
defined(MBEDTLS_SSL_SESSION_TICKETS) && \
defined(MBEDTLS_HAVE_TIME)
/* Check if a tls13 ticket has been configured. */
if( ssl->session_negotiate->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 &&
ssl->session_negotiate != NULL &&
ssl->session_negotiate->ticket != NULL )
{
mbedtls_time_t now = mbedtls_time( NULL );
if( ssl->session_negotiate->ticket_received > now ||
(uint64_t)( now - ssl->session_negotiate->ticket_received )
> ssl->session_negotiate->ticket_lifetime )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket expired" ) );
mbedtls_platform_zeroize( ssl->session_negotiate->ticket,
ssl->session_negotiate->ticket_len );
mbedtls_free( ssl->session_negotiate->ticket );
ssl->session_negotiate->ticket = NULL;
ssl->session_negotiate->ticket_len = 0;
}
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 &&
MBEDTLS_SSL_SESSION_TICKETS &&
MBEDTLS_HAVE_TIME */
return( 0 );
}