From 0ebb2aa5b267dc276df0bbc5b64542abaa195000 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Tue, 23 Oct 2018 14:56:22 +0200 Subject: [PATCH] Bug 1499732 - add expiration time to tokenInfo, r=mt Differential Revision: https://phabricator.services.mozilla.com/D9510 --HG-- extra : rebase_source : 4244ea77e29197840ea4043a124d1a74a93c3d1e extra : amend_source : 19fd8871c714bb8f49ae7a73f0e7e6fa0f96a877 --- gtests/ssl_gtest/ssl_resumption_unittest.cc | 2 ++ lib/ssl/sslexp.h | 1 + lib/ssl/sslsock.c | 1 + 3 files changed, 4 insertions(+) diff --git a/gtests/ssl_gtest/ssl_resumption_unittest.cc b/gtests/ssl_gtest/ssl_resumption_unittest.cc index 30d74acf7c..250ce8653f 100644 --- a/gtests/ssl_gtest/ssl_resumption_unittest.cc +++ b/gtests/ssl_gtest/ssl_resumption_unittest.cc @@ -1124,6 +1124,8 @@ void CheckGetInfoResult(uint32_t alpnSize, uint32_t earlyDataSize, EXPECT_EQ(0, memcmp("a", token->alpnSelection, token->alpnSelectionLen)); ASSERT_EQ(earlyDataSize, token->maxEarlyDataSize); + + ASSERT_LT(ssl_TimeUsec(), token->expirationTime); } // The client should generate a new, randomized session_id diff --git a/lib/ssl/sslexp.h b/lib/ssl/sslexp.h index 15adba4d89..f450e528dc 100644 --- a/lib/ssl/sslexp.h +++ b/lib/ssl/sslexp.h @@ -367,6 +367,7 @@ typedef struct SSLResumptionTokenInfoStr { PRUint8 *alpnSelection; PRUint32 alpnSelectionLen; PRUint32 maxEarlyDataSize; + PRTime expirationTime; /* added in NSS 3.41 */ } SSLResumptionTokenInfo; /* diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c index e51da197f3..ae904e29b8 100644 --- a/lib/ssl/sslsock.c +++ b/lib/ssl/sslsock.c @@ -4222,6 +4222,7 @@ SSLExp_GetResumptionTokenInfo(const PRUint8 *tokenData, unsigned int tokenLen, } else { token.maxEarlyDataSize = 0; } + token.expirationTime = sid.expirationTime; token.length = PR_MIN(sizeof(SSLResumptionTokenInfo), len); PORT_Memcpy(tokenOut, &token, token.length);