Bug 1320695 - Allow use of session tickets when there is no ticket wrapping key, r=ttaubert
authorMartin Thomson <martin.thomson@gmail.com>
Mon, 30 Jan 2017 10:47:48 +1100
changeset 13075 81305956dc4a715c38b759b5eaeae52d4506a121
parent 13074 b1e8a6f492a41a5a90c9785d72eaeddfa8c8cc64
child 13076 123af8ef032a3af16333b1a6b37ff1ad38c09eec
push id1971
push usermartin.thomson@gmail.com
push dateSun, 29 Jan 2017 23:49:21 +0000
reviewersttaubert
bugs1320695
Bug 1320695 - Allow use of session tickets when there is no ticket wrapping key, r=ttaubert Differential Revision: https://nss-review.dev.mozaws.net/D176
lib/ssl/sslsnce.c
--- a/lib/ssl/sslsnce.c
+++ b/lib/ssl/sslsnce.c
@@ -2036,27 +2036,23 @@ ssl_GenerateSessionTicketKeys(void *pwAr
                               PK11SymKey **encKey, PK11SymKey **macKey)
 {
     SECKEYPrivateKey *svrPrivKey;
     SECKEYPublicKey *svrPubKey;
     PRUint32 now;
     SECStatus rv;
     cacheDesc *cache = &globalCache;
 
-    if (!cache->cacheMem) {
-        /* cache is uninitialized. Generate keys and return them
-         * without caching. */
+    rv = ssl_GetSessionTicketKeyPair(&svrPubKey, &svrPrivKey);
+    if (rv != SECSuccess || !cache->cacheMem) {
+        /* No key pair for wrapping, or the cache is uninitialized. Generate
+         * keys and return them without caching. */
         return GenerateTicketKeys(pwArg, keyName, encKey, macKey);
     }
 
-    rv = ssl_GetSessionTicketKeyPair(&svrPubKey, &svrPrivKey);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-
     now = LockSidCacheLock(cache->keyCacheLock, 0);
     if (!now)
         return SECFailure;
 
     if (*(cache->ticketKeysValid)) {
         rv = UnwrapCachedTicketKeys(svrPrivKey, keyName, encKey, macKey);
     } else {
         /* Keys do not exist, create them. */