The obfuscated ticket age is computed using the formula:
if (ch->psk.early_data_indication && can_accept_early_data) {
/* accept early-data if abs(diff) between the reported age and the actual age is within += 10 seconds */
int64_t delta = (now - issue_at) - (identity->obfuscated_ticket_age - age_add);
if (delta < 0)
delta = -delta;
if (tls->ctx->max_early_data_size != 0 && delta <= PTLS_EARLY_DATA_MAX_DELAY)
*accept_early_data = 1;
}
The computation of delta mixes 32 bit and 64 bit integers.
Subtracting issue_at (64 bit) from now (64 bit) works -- there is a code further up protecting these parameters.
Subtracting age_add (32 bit) from identity->obfuscated_ticket_age(32 bit) would work if the result was int32, but may produce unexpected results if the compiler decides to convert the data to int64_t.
Unexpected behavior can happen if age_add is large, e.g., one day, 86,400,000 millisecond, and the obfuscated ticket age is smaller than that, which can happen in 2% of cases.
The obfuscated ticket age is computed using the formula:
The computation of
delta
mixes 32 bit and 64 bit integers. Subtractingissue_at
(64 bit) fromnow
(64 bit) works -- there is a code further up protecting these parameters. Subtractingage_add
(32 bit) fromidentity->obfuscated_ticket_age
(32 bit) would work if the result wasint32
, but may produce unexpected results if the compiler decides to convert the data toint64_t
.Unexpected behavior can happen if
age_add
is large, e.g., one day,86,400,000
millisecond, and the obfuscated ticket age is smaller than that, which can happen in 2% of cases.