Export server-side ticket_age skew.
We'll measure this value to guide what tolerance to use in the 0-RTT
anti-replay mechanism. This also fixes a bug where we were previously
minting ticket_age_add-less tickets on the server. Add a check to reject
all those tickets.
BUG=113
Change-Id: I68e690c0794234234e0d0500b4b9a7f79aea641e
Reviewed-on: https://boringssl-review.googlesource.com/14068
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index adc7344..4a7fbd3 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1957,18 +1957,15 @@
return 1;
}
-int ssl_ext_pre_shared_key_parse_clienthello(SSL_HANDSHAKE *hs,
- SSL_SESSION **out_session,
- CBS *out_binders,
- uint8_t *out_alert,
- CBS *contents) {
+int ssl_ext_pre_shared_key_parse_clienthello(
+ SSL_HANDSHAKE *hs, SSL_SESSION **out_session, CBS *out_binders,
+ uint32_t *out_obfuscated_ticket_age, uint8_t *out_alert, CBS *contents) {
SSL *const ssl = hs->ssl;
/* We only process the first PSK identity since we don't support pure PSK. */
- uint32_t obfuscated_ticket_age;
CBS identities, ticket, binders;
if (!CBS_get_u16_length_prefixed(contents, &identities) ||
!CBS_get_u16_length_prefixed(&identities, &ticket) ||
- !CBS_get_u32(&identities, &obfuscated_ticket_age) ||
+ !CBS_get_u32(&identities, out_obfuscated_ticket_age) ||
!CBS_get_u16_length_prefixed(contents, &binders) ||
CBS_len(&binders) == 0 ||
CBS_len(contents) != 0) {
