commit 8e0174ac05e19a986508c65e70cc1bd6621f6ab2
author Jerry Yu <jerry.h.yu@arm.com> Fri Nov 10 13:58:16 2023 +0800
committer Jerry Yu <jerry.h.yu@arm.com> Tue Nov 21 09:59:24 2023 +0800
tree 116edde9a37808e0fedb5d481beadd19d7046b3e
parent 472a69260bf868c329607b0e2bcf9c09d10a31e4

Add maximum ticket lifetime check

Also add comments for age cast

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

library/ssl_tls13_server.c

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 465bf99..8076b14 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -213,7 +213,7 @@
      * the "ticket_lifetime" value which was provided with the ticket.
      *
      */
-    if (server_age > 604800 * 1000) {
+    if (server_age > MBEDTLS_SSL_TLS1_3_MAX_ALLOWED_TICKET_LIFETIME * 1000) {
         MBEDTLS_SSL_DEBUG_MSG(
             3, ("Ticket age exceeds limitation ticket_age=%" MBEDTLS_PRINTF_MS_TIME,
                 server_age));
@@ -3025,8 +3025,8 @@
      *      MAY treat a ticket as valid for a shorter period of time than what
      *      is stated in the ticket_lifetime.
      */
-    if (ticket_lifetime > 604800) {
-        ticket_lifetime = 604800;
+    if (ticket_lifetime > MBEDTLS_SSL_TLS1_3_MAX_ALLOWED_TICKET_LIFETIME) {
+        ticket_lifetime = MBEDTLS_SSL_TLS1_3_MAX_ALLOWED_TICKET_LIFETIME;
     }
     MBEDTLS_PUT_UINT32_BE(ticket_lifetime, p, 0);
     MBEDTLS_SSL_DEBUG_MSG(3, ("ticket_lifetime: %u",