]> Cypherpunks repositories - gostls13.git/commit
projects / gostls13.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 1c77137) | patch
crypto/tls: randomly generate ticket_age_add
authorTatiana Bradley <tatiana@golang.org>
Thu, 12 May 2022 18:58:29 +0000 (14:58 -0400)
committerTatiana Bradley <tatiana@golang.org>
Wed, 18 May 2022 18:30:03 +0000 (18:30 +0000)
commitfe4de36198794c447fbd9d7cc2d7199a506c76a5
tree0c1d06bc285a00ccf7dc9d49ffa9409e79c0776ftree
parent1c77137d4fdfbb3e7e8d9efaab3bab5ee736a19dcommit | diff
crypto/tls: randomly generate ticket_age_add

As required by RFC 8446, section 4.6.1, ticket_age_add now holds a
random 32-bit value. Before this change, this value was always set
to 0.

This change also documents the reasoning for always setting
ticket_nonce to 0. The value ticket_nonce must be unique per
connection, but we only ever send one ticket per connection.

Fixes #52814
Fixes CVE-2022-30629

Change-Id: I6c2fc6ca0376b7b968abd59d6d3d3854c1ab68bb
Reviewed-on: https://go-review.googlesource.com/c/go/+/405994
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Run-TryBot: Tatiana Bradley <tatiana@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
src/crypto/tls/handshake_server_tls13.go diff | blob | history
Go GOST TLS 1.3