[openssl-commits] [openssl] master update

Matt Caswell matt at openssl.org
Tue Jul 3 08:49:21 UTC 2018 

The branch master has been updated
       via  4cb004573a28fe5f8f8d95dc9407e0fe9df6f14c (commit)
       via  1f1563216d6827e1dc8212795344c82e0f5d5933 (commit)
      from  c36b39b5cd685fc5eae84ece247e7873a27d8834 (commit)


- Log -----------------------------------------------------------------
commit 4cb004573a28fe5f8f8d95dc9407e0fe9df6f14c
Author: Matt Caswell <matt at openssl.org>
Date:   Tue Jun 26 18:07:56 2018 +0100

    Remove TLSv1.3 tickets from the client cache as we use them
    
    Tickets are supposed to be single use so we remove them from the cache on
    use.
    
    Fixes #6377
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/6601)

commit 1f1563216d6827e1dc8212795344c82e0f5d5933
Author: Matt Caswell <matt at openssl.org>
Date:   Tue Jun 26 18:06:45 2018 +0100

    Restore behaviour from commit 36ff232cf that was incorrectly removed
    
    In TLSv1.2 and below we should remove an old session from the client
    session cache in the event that we receive a new session ticket from the
    server.
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/6601)

-----------------------------------------------------------------------

Summary of changes:
 ssl/statem/statem_clnt.c | 12 ++++++++++++
 ssl/statem/statem_lib.c  | 19 ++++++++++++++-----
 test/sslapitest.c        |  5 +++--
 3 files changed, 29 insertions(+), 7 deletions(-)

diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index ff35384..88c3437 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2591,6 +2591,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
      */
     if (SSL_IS_TLS13(s) || s->session->session_id_length > 0) {
         SSL_SESSION *new_sess;
+
         /*
          * We reused an existing session, so we need to replace it with a new
          * one
@@ -2602,6 +2603,16 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
             goto err;
         }
 
+        if ((s->session_ctx->session_cache_mode & SSL_SESS_CACHE_CLIENT) != 0
+                && !SSL_IS_TLS13(s)) {
+            /*
+             * In TLSv1.2 and below the arrival of a new tickets signals that
+             * any old ticket we were using is now out of date, so we remove the
+             * old session from the cache. We carry on if this fails
+             */
+            SSL_CTX_remove_session(s->session_ctx, s->session);
+        }
+
         SSL_SESSION_free(s->session);
         s->session = new_sess;
     }
@@ -2671,6 +2682,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
         goto err;
     }
     s->session->session_id_length = sess_len;
+    s->session->not_resumable = 0;
 
     /* This is a standalone message in TLSv1.3, so there is no more to read */
     if (SSL_IS_TLS13(s)) {
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 91d304e..61fc3ca 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1068,12 +1068,21 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, int stop)
                 dtls1_start_timer(s);
             }
         } else {
-            /*
-             * In TLSv1.3 we update the cache as part of processing the
-             * NewSessionTicket
-             */
-            if (!SSL_IS_TLS13(s))
+            if (SSL_IS_TLS13(s)) {
+                /*
+                 * We encourage applications to only use TLSv1.3 tickets once,
+                 * so we remove this one from the cache.
+                 */
+                if ((s->session_ctx->session_cache_mode
+                     & SSL_SESS_CACHE_CLIENT) != 0)
+                    SSL_CTX_remove_session(s->session_ctx, s->session);
+            } else {
+                /*
+                 * In TLSv1.3 we update the cache as part of processing the
+                 * NewSessionTicket
+                 */
                 ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
+            }
             if (s->hit)
                 CRYPTO_atomic_add(&s->session_ctx->stats.sess_hit, 1, &discard,
                                   s->session_ctx->lock);
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 6e08795..598b02a 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -944,11 +944,12 @@ static int execute_test_session(int maxprot, int use_int_cache,
     if (maxprot == TLS1_3_VERSION) {
         /*
          * In TLSv1.3 we should have created a new session even though we have
-         * resumed.
+         * resumed. Since we attempted a resume we should also have removed the
+         * old ticket from the cache so that we try to only use tickets once.
          */
         if (use_ext_cache
                 && (!TEST_int_eq(new_called, 1)
-                    || !TEST_int_eq(remove_called, 0)))
+                    || !TEST_int_eq(remove_called, 1)))
             goto end;
     } else {
         /*

More information about the openssl-commits mailing list