crypto/tls: generate unique ticket_age_add for each ticket
#23 -- CLA ok -- re-author to me+google@tomthorogood.co.uk
This commit is contained in:
förälder
ba45c1a5ca
incheckning
f4a6690edc
16
13.go
16
13.go
@ -556,15 +556,9 @@ func (hs *serverHandshakeState) sendSessionTicket13() error {
|
||||
resumptionSecret := hkdfExpandLabel(hash, hs.masterSecret, handshakeCtx, "resumption master secret", hash.Size())
|
||||
|
||||
ageAddBuf := make([]byte, 4)
|
||||
if _, err := io.ReadFull(c.config.rand(), ageAddBuf); err != nil {
|
||||
c.sendAlert(alertInternalError)
|
||||
return err
|
||||
}
|
||||
sessionState := &sessionState13{
|
||||
vers: c.vers,
|
||||
suite: hs.suite.id,
|
||||
ageAdd: uint32(ageAddBuf[0])<<24 | uint32(ageAddBuf[1])<<16 |
|
||||
uint32(ageAddBuf[2])<<8 | uint32(ageAddBuf[3]),
|
||||
vers: c.vers,
|
||||
suite: hs.suite.id,
|
||||
createdAt: uint64(time.Now().Unix()),
|
||||
resumptionSecret: resumptionSecret,
|
||||
alpnProtocol: c.clientProtocol,
|
||||
@ -573,6 +567,12 @@ func (hs *serverHandshakeState) sendSessionTicket13() error {
|
||||
}
|
||||
|
||||
for i := 0; i < numSessionTickets; i++ {
|
||||
if _, err := io.ReadFull(c.config.rand(), ageAddBuf); err != nil {
|
||||
c.sendAlert(alertInternalError)
|
||||
return err
|
||||
}
|
||||
sessionState.ageAdd = uint32(ageAddBuf[0])<<24 | uint32(ageAddBuf[1])<<16 |
|
||||
uint32(ageAddBuf[2])<<8 | uint32(ageAddBuf[3])
|
||||
ticket := sessionState.marshal()
|
||||
var err error
|
||||
if c.config.SessionTicketSealer != nil {
|
||||
|
Laddar…
Referens i nytt ärende
Block a user