Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: allow for clock skew in resumption #4650

Merged
merged 9 commits into from
Jul 25, 2024
Merged

fix: allow for clock skew in resumption #4650

merged 9 commits into from
Jul 25, 2024

Conversation

jmayclin
Copy link
Contributor

@jmayclin jmayclin commented Jul 16, 2024
edited
Loading

Description of changes:

s2n-tls is currently unable to resume session tickets if they were issued in the "future" from the perspective of the resuming host. This means that if there is any relatively significant clock skew between the resuming host and the issuing host, the resumption attempt will fail.

This PR changes that behavior to allow session tickets to be resumed if they were issued in the "future". We are making the assumption that the clock skew is less than one week, which seems reasonable.

Testing:

modified test to assert on new behavior

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@github-actions github-actions bot added the s2n-core team label Jul 16, 2024
@jmayclin jmayclin marked this pull request as ready for review July 16, 2024 16:51
lrstewart
lrstewart reviewed Jul 16, 2024
View reviewed changes
tls/s2n_resume.c Outdated Show resolved Hide resolved
@jmayclin
address pr feedback
05f0bd2 
- sanity check the amount of clock skew
@jmayclin jmayclin requested a review from lrstewart July 16, 2024 18:52
@jmayclin
fix future pr feedback
4d52914 
- typo, spelling is hard :'(
@jmayclin
address pr feedback
a2a0634 
- add hard cap for clock skew at 1 hour
@jmayclin
make tests relative to constant
172e079
@jmayclin
fix commit
7f39701
@jmayclin
address ci failure
29b01eb 
- okay, I actually went through a lot of work to undo this assuming that
  my local clang format was just being weird, but this is what it
insists on
@jmayclin jmayclin enabled auto-merge (squash) July 23, 2024 22:40
@jmayclin jmayclin merged commit 390d796 into aws:main Jul 25, 2024
34 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maddeleine maddeleine maddeleine approved these changes

@lrstewart lrstewart lrstewart approved these changes

Assignees
No one assigned
Labels
s2n-core team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jmayclin @lrstewart @maddeleine