lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

ssl_ticket.c: Remove pedantic server endpoint check

Browse Source 
When calculating the ticket age, remove the check
that the endpoint is a server. The module is
supposed to be used only server side. Furthermore,
if such check was necessary, it should be at the
beginning of all ssl_ticket.c APIs. As there is no
such protection in any API, just remove the check.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron
2023-11-22 08:14:07 +01:00
parent 3c3e2e62f6
commit e34f124ff1
1 changed files with 2 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
library/ssl_ticket.c
View File

@ -498,10 +498,8 @@ int mbedtls_ssl_ticket_parse(void *p_ticket,
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if (session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { if (session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
/* Check for expiration */ /* Check for expiration */
mbedtls_ms_time_t ticket_age = -1; mbedtls_ms_time_t ticket_age = mbedtls_ms_time() -
if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { session->ticket_creation_time;
ticket_age = mbedtls_ms_time() - session->ticket_creation_time;
}
mbedtls_ms_time_t ticket_lifetime = mbedtls_ms_time_t ticket_lifetime =
(mbedtls_ms_time_t) ctx->ticket_lifetime * 1000; (mbedtls_ms_time_t) ctx->ticket_lifetime * 1000;