Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refactor: prevent sending zero lifetime new session ticket #5003

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

refactor: prevent sending zero lifetime new session ticket #5003

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 33 additions & 0 deletions tests/unit/s2n_server_new_session_ticket_test.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -980,6 +980,39 @@ int main(int argc, char **argv)
EXPECT_TICKETS_SENT(conn, 1);
};

/* Send a session ticket with zero lifetime */
{
struct s2n_config *config = NULL;
struct s2n_connection *conn = NULL;
EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_SERVER));
EXPECT_NOT_NULL(config = s2n_config_new());
EXPECT_OK(s2n_resumption_test_ticket_key_setup(config));
EXPECT_SUCCESS(s2n_connection_set_config(conn, config));

conn->actual_protocol_version = S2N_TLS13;
conn->secure->cipher_suite = &s2n_tls13_aes_128_gcm_sha256;
/* Set tickets_to_send to 1, so that s2n_tls13_server_nst_send() attempts to send the nst */
conn->tickets_to_send = 1;
conn->config->session_state_lifetime_in_nanos = 0;
EXPECT_NOT_EQUAL(s2n_stuffer_space_remaining(&conn->handshake.io), 0);

/* Setup io */
struct s2n_stuffer stuffer = { 0 };
EXPECT_SUCCESS(s2n_stuffer_growable_alloc(&stuffer, 0));
EXPECT_SUCCESS(s2n_connection_set_io_stuffers(&stuffer, &stuffer, conn));

s2n_blocked_status blocked = 0;
EXPECT_OK(s2n_tls13_server_nst_send(conn, &blocked));
EXPECT_TICKETS_SENT(conn, 0);

/* Check no record was written */
EXPECT_EQUAL(s2n_stuffer_data_available(&stuffer), 0);

EXPECT_SUCCESS(s2n_stuffer_free(&stuffer));
EXPECT_SUCCESS(s2n_connection_free(conn));
EXPECT_SUCCESS(s2n_config_free(config));
};

/* Sends one new session ticket */
{
struct s2n_config *config = NULL;
Expand Down
8 changes: 6 additions & 2 deletions tls/s2n_server_new_session_ticket.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -273,14 +273,18 @@ S2N_RESULT s2n_tls13_server_nst_write(struct s2n_connection *conn, struct s2n_st

struct s2n_ticket_fields *ticket_fields = &conn->tls13_ticket_fields;

uint32_t ticket_lifetime_in_secs = 0;
RESULT_GUARD(s2n_generate_ticket_lifetime(conn, &ticket_lifetime_in_secs));
if (ticket_lifetime_in_secs == 0) {
return S2N_RESULT_ERROR;
}

/* Write message type because session resumption in TLS13 is a post-handshake message */
RESULT_GUARD_POSIX(s2n_stuffer_write_uint8(output, TLS_SERVER_NEW_SESSION_TICKET));

struct s2n_stuffer_reservation message_size = { 0 };
RESULT_GUARD_POSIX(s2n_stuffer_reserve_uint24(output, &message_size));

uint32_t ticket_lifetime_in_secs = 0;
RESULT_GUARD(s2n_generate_ticket_lifetime(conn, &ticket_lifetime_in_secs));
RESULT_GUARD_POSIX(s2n_stuffer_write_uint32(output, ticket_lifetime_in_secs));

/* Get random data to use as ticket_age_add value */
Expand Down
Loading