mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Improve usage of 64-bit implementation of TimeNowInMilli

Browse Source 
Change to use 64-bits for types stored - use WOLFSSL_32BIT_MILLI_TIME if
a 64-bit type is not available.
TimeNowInMill() returns 0 on error instead of GETTIME_ERROR.
This commit is contained in:
Sean Parkinson 2022-09-05 09:11:46 +10:00
parent ef451d316c
commit b95df7529c
5 changed files with 63 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/internal.c
View File

@ -33462,9 +33462,15 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
}
else {
#ifdef WOLFSSL_TLS13
#ifndef WOLFSSL_32BIT_MILLI_TIME
#ifdef WOLFSSL_32BIT_MILLI_TIME
word32 now = TimeNowInMilliseconds();
#else
sword64 now = TimeNowInMilliseconds();
#endif
if (now == 0) {
ret = GETTIME_ERROR;
goto error;
}
/* Client adds to ticket age to obfuscate. */
ret = wc_RNG_GenerateBlock(ssl->rng, it->ageAdd,
@ -33476,10 +33482,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
ato32(it->ageAdd, &ssl->session->ticketAdd);
c16toa(ssl->session->namedGroup, it->namedGroup);
#ifdef WOLFSSL_32BIT_MILLI_TIME
c32toa(TimeNowInMilliseconds(), it->timestamp);
c32toa(now, it->timestamp);
#else
c32toa((word32)(now / 1000), it->timestamp);
c32toa((word32)(now % 1000), it->timestampmilli);
c32toa((word32)(now >> 32), it->timestamp);
c32toa((word32)now , it->timestamp + OPAQUE32_LEN);
#endif
/* Resumption master secret. */
XMEMCPY(it->msecret, ssl->session->masterSecret, SECRET_LEN);
@ -33743,9 +33749,14 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
else {
#ifdef WOLFSSL_TLS13
/* Restore information to renegotiate. */
#ifdef WOLFSSL_32BIT_MILLI_TIME
ato32(it->timestamp, &ssl->session->ticketSeen);
#ifndef WOLFSSL_32BIT_MILLI_TIME
ato32(it->timestampmilli, &ssl->session->ticketSeenMilli);
#else
word32 seenHi, seenLo;
ato32(it->timestamp , &seenHi);
ato32(it->timestamp + OPAQUE32_LEN, &seenLo);
ssl->session->ticketSeen = ((sword64)seenHi << 32) + seenLo;
#endif
ato32(it->ageAdd, &ssl->session->ticketAdd);
ssl->session->cipherSuite0 = it->suite[0];

39
src/ssl.c
View File

@ -25365,7 +25365,7 @@ int wolfSSL_i2d_SSL_SESSION(WOLFSSL_SESSION* sess, unsigned char** p)
/* ticketSeen | ticketAdd */
size += OPAQUE32_LEN + OPAQUE32_LEN;
#else
/* ticketSeen | ticketSeenMilli | ticketAdd */
/* ticketSeen Hi 32 bits | ticketSeen Lo 32 bits | ticketAdd */
size += OPAQUE32_LEN + OPAQUE32_LEN + OPAQUE32_LEN;
#endif
/* ticketNonce */
@ -25439,17 +25439,20 @@ int wolfSSL_i2d_SSL_SESSION(WOLFSSL_SESSION* sess, unsigned char** p)
#endif
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
#ifdef WOLFSSL_TLS13
c32toa(sess->ticketSeen, data + idx);
idx += OPAQUE32_LEN;
#ifndef WOLFSSL_32BIT_MILLI_TIME
c32toa(sess->ticketSeenMilli, data + idx);
idx += OPAQUE32_LEN;
#ifdef WOLFSSL_32BIT_MILLI_TIME
c32toa(sess->ticketSeen, data + idx);
idx += OPAQUE32_LEN;
#else
c32toa((word32)(sess->ticketSeen >> 32), data + idx);
idx += OPAQUE32_LEN;
c32toa((word32)sess->ticketSeen, data + idx);
idx += OPAQUE32_LEN;
#endif
c32toa(sess->ticketAdd, data + idx);
idx += OPAQUE32_LEN;
data[idx++] = sess->ticketNonce.len;
XMEMCPY(data + idx, sess->ticketNonce.data, sess->ticketNonce.len);
idx += sess->ticketNonce.len;
c32toa(sess->ticketAdd, data + idx);
idx += OPAQUE32_LEN;
data[idx++] = sess->ticketNonce.len;
XMEMCPY(data + idx, sess->ticketNonce.data, sess->ticketNonce.len);
idx += sess->ticketNonce.len;
#endif
#ifdef WOLFSSL_EARLY_DATA
c32toa(sess->maxEarlyDataSz, data + idx);
@ -25639,11 +25642,19 @@ WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION** sess,
ret = BUFFER_ERROR;
goto end;
}
#ifdef WOLFSSL_32BIT_MILLI_TIME
ato32(data + idx, &s->ticketSeen);
idx += OPAQUE32_LEN;
#ifndef WOLFSSL_32BIT_MILLI_TIME
ato32(data + idx, &s->ticketSeenMilli);
idx += OPAQUE32_LEN;
#else
{
word32 seenHi, seenLo;
ato32(data + idx, &seenHi);
idx += OPAQUE32_LEN;
ato32(data + idx, &seenLo);
idx += OPAQUE32_LEN;
s->ticketSeen = ((sword64)seenHi << 32) + seenLo;
}
#endif
ato32(data + idx, &s->ticketAdd);
idx += OPAQUE32_LEN;

14
src/tls.c
View File

@ -11510,7 +11510,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
#ifdef WOLFSSL_32BIT_MILLI_TIME
word32 now, milli;
#else
word64 now, milli, seen;
word64 now, milli;
#endif
if (sess->ticketLen > MAX_PSK_ID_LEN) {
@ -11524,8 +11524,10 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
ret = SetCipherSpecs(ssl);
if (ret != 0)
return ret;
#ifdef WOLFSSL_32BIT_MILLI_TIME
now = TimeNowInMilliseconds();
if (now == 0)
return GETTIME_ERROR;
#ifdef WOLFSSL_32BIT_MILLI_TIME
if (now < sess->ticketSeen)
milli = (0xFFFFFFFFU - sess->ticketSeen) + 1 + now;
else
@ -11537,13 +11539,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
milli, ssl->specs.mac_algorithm, ssl->options.cipherSuite0,
ssl->options.cipherSuite, 1, NULL);
#else
seen = (sword64)sess->ticketSeen * 1000 + sess->ticketSeenMilli;
now = TimeNowInMilliseconds();
if (now < seen)
milli = (0xFFFFFFFFFFFFFFFFU - seen) + 1 + now;
else
milli = now - seen;
milli += sess->ticketAdd;
milli = now - sess->ticketSeen + sess->ticketAdd;
/* Pre-shared key is mandatory extension for resumption. */
ret = TLSX_PreSharedKey_Use(ssl, sess->ticket, sess->ticketLen,

34
src/tls13.c
View File

@ -1621,7 +1621,7 @@ end:
{
struct timeval now;
if (FCL_GETTIMEOFDAY(&now, 0) < 0)
return (word32)GETTIME_ERROR; /* TODO: return 0 for failure */
return 0;
/* Convert to milliseconds number. */
return (word32)(now.tv_sec * 1000 + now.tv_usec / 1000);
@ -1647,7 +1647,7 @@ end:
struct timeval now;
if (gettimeofday(&now, 0) < 0)
return (word32)GETTIME_ERROR; /* TODO: return 0 for failure */
return 0;
/* Convert to milliseconds number. */
return (word32)(now.tv_sec * 1000 + now.tv_usec / 1000);
@ -1904,7 +1904,7 @@ end:
{
struct timeval now;
if (FCL_GETTIMEOFDAY(&now, 0) < 0)
return (sword64)GETTIME_ERROR; /* TODO: return 0 for failure */
return 0;
/* Convert to milliseconds number. */
return (sword64)now.tv_sec * 1000 + now.tv_usec / 1000;
@ -1930,7 +1930,7 @@ end:
struct timeval now;
if (gettimeofday(&now, 0) < 0)
return (sword64)GETTIME_ERROR; /* TODO: return 0 for failure */
return 0;
/* Convert to milliseconds number. */
return (sword64)now.tv_sec * 1000 + now.tv_usec / 1000;
@ -4926,8 +4926,8 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 inputSz,
sword64 diff;
now = TimeNowInMilliseconds();
if (now == (word32)GETTIME_ERROR)
return now;
if (now == 0)
return GETTIME_ERROR;
/* Difference between now and time ticket constructed
* (from decrypted ticket). */
diff = now;
@ -4941,12 +4941,11 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 inputSz,
sword64 diff;
diff = TimeNowInMilliseconds();
if (diff == (sword64)GETTIME_ERROR)
return (word32)diff;
if (diff == 0)
return GETTIME_ERROR;
/* Difference between now and time ticket constructed
* (from decrypted ticket). */
diff -= (word64)ssl->session->ticketSeen * 1000;
diff -= ssl->session->ticketSeenMilli;
diff -= ssl->session->ticketSeen;
if (diff > (sword64)ssl->timeout * 1000 ||
diff > (sword64)TLS13_MAX_TICKET_AGE * 1000) {
current = current->next;
@ -9242,26 +9241,15 @@ static int DoTls13NewSessionTicket(WOLFSSL* ssl, const byte* input,
return ret;
*inOutIdx += length;
#ifdef WOLFSSL_32BIT_MILLI_TIME
now = TimeNowInMilliseconds();
if (now == (word32)GETTIME_ERROR)
return now;
#else
now = TimeNowInMilliseconds();
if (now == (sword64)GETTIME_ERROR)
return (int)now;
#endif
if (now == 0)
return GETTIME_ERROR;
/* Copy in ticket data (server identity). */
ssl->timeout = lifetime;
ssl->session->timeout = lifetime;
ssl->session->cipherSuite0 = ssl->options.cipherSuite0;
ssl->session->cipherSuite = ssl->options.cipherSuite;
#ifdef WOLFSSL_32BIT_MILLI_TIME
ssl->session->ticketSeen = now;
#else
ssl->session->ticketSeen = (word32)(now / 1000);
ssl->session->ticketSeenMilli = now % 1000;
#endif
ssl->session->ticketAdd = ageAdd;
#ifdef WOLFSSL_EARLY_DATA
ssl->session->maxEarlyDataSz = ssl->options.maxEarlyDataSz;

10
wolfssl/internal.h
View File

@ -1294,7 +1294,11 @@ enum Misc {
HELLO_EXT_EXTMS = 0x0017, /* ID for the extended master secret ext */
SECRET_LEN = WOLFSSL_MAX_MASTER_KEY_LENGTH,
/* pre RSA and all master */
#if !defined(WOLFSSL_TLS13) || defined(WOLFSSL_32BIT_MILLI_TIME)
TIMESTAMP_LEN = 4, /* timestamp size in ticket */
#else
TIMESTAMP_LEN = 8, /* timestamp size in ticket */
#endif
#ifdef WOLFSSL_TLS13
AGEADD_LEN = 4, /* ageAdd size in ticket */
NAMEDGROUP_LEN = 2, /* namedGroup size in ticket */
@ -2753,9 +2757,6 @@ typedef struct InternalTicket {
byte suite[SUITE_LEN]; /* cipher suite when created */
byte msecret[SECRET_LEN]; /* master secret */
byte timestamp[TIMESTAMP_LEN]; /* born on */
#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_32BIT_MILLI_TIME)
byte timestampmilli[TIMESTAMP_LEN]; /* born on milli */
#endif
byte haveEMS; /* have extended master secret */
#ifdef WOLFSSL_TLS13
byte ageAdd[AGEADD_LEN]; /* Obfuscation of age */
@ -3722,8 +3723,7 @@ struct WOLFSSL_SESSION {
#ifdef WOLFSSL_32BIT_MILLI_TIME
word32 ticketSeen; /* Time ticket seen (ms) */
#else
word32 ticketSeen; /* Time ticket seen (s) */
word32 ticketSeenMilli; /* Time ticket seen ms */
sword64 ticketSeen; /* Time ticket seen (ms) */
#endif
word32 ticketAdd; /* Added by client */
TicketNonce ticketNonce; /* Nonce used to derive PSK */