kris/th5
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

crypto/tls: generate unique ticket_age_add for each ticket

Browse Source 
#23 -- CLA ok -- re-author to me+google@tomthorogood.co.uk
This commit is contained in:
Tom Thorogood 2017-04-10 02:01:24 +09:30 committed by Peter Wu
parent ba45c1a5ca
commit f4a6690edc
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
13.go
View File

@ -556,15 +556,9 @@ func (hs *serverHandshakeState) sendSessionTicket13() error {
resumptionSecret := hkdfExpandLabel(hash, hs.masterSecret, handshakeCtx, "resumption master secret", hash.Size()) resumptionSecret := hkdfExpandLabel(hash, hs.masterSecret, handshakeCtx, "resumption master secret", hash.Size())
ageAddBuf := make([]byte, 4) ageAddBuf := make([]byte, 4)
if _, err := io.ReadFull(c.config.rand(), ageAddBuf); err != nil {
c.sendAlert(alertInternalError)
return err
}
sessionState := &sessionState13{ sessionState := &sessionState13{
vers: c.vers, vers: c.vers,
suite: hs.suite.id, suite: hs.suite.id,
ageAdd: uint32(ageAddBuf[0])<<24 | uint32(ageAddBuf[1])<<16 |
uint32(ageAddBuf[2])<<8 | uint32(ageAddBuf[3]),
createdAt: uint64(time.Now().Unix()), createdAt: uint64(time.Now().Unix()),
resumptionSecret: resumptionSecret, resumptionSecret: resumptionSecret,
alpnProtocol: c.clientProtocol, alpnProtocol: c.clientProtocol,
@ -573,6 +567,12 @@ func (hs *serverHandshakeState) sendSessionTicket13() error {
} }
for i := 0; i < numSessionTickets; i++ { for i := 0; i < numSessionTickets; i++ {
if _, err := io.ReadFull(c.config.rand(), ageAddBuf); err != nil {
c.sendAlert(alertInternalError)
return err
}
sessionState.ageAdd = uint32(ageAddBuf[0])<<24 | uint32(ageAddBuf[1])<<16 |
uint32(ageAddBuf[2])<<8 | uint32(ageAddBuf[3])
ticket := sessionState.marshal() ticket := sessionState.marshal()
var err error var err error
if c.config.SessionTicketSealer != nil { if c.config.SessionTicketSealer != nil {