Bug 1320695 - Allow use of session tickets when there is no ticket wrapping key, r=ttaubert
Differential Revision: https://nss-review.dev.mozaws.net/D176
--- a/lib/ssl/sslsnce.c
+++ b/lib/ssl/sslsnce.c
@@ -2036,27 +2036,23 @@ ssl_GenerateSessionTicketKeys(void *pwAr
PK11SymKey **encKey, PK11SymKey **macKey)
{
SECKEYPrivateKey *svrPrivKey;
SECKEYPublicKey *svrPubKey;
PRUint32 now;
SECStatus rv;
cacheDesc *cache = &globalCache;
- if (!cache->cacheMem) {
- /* cache is uninitialized. Generate keys and return them
- * without caching. */
+ rv = ssl_GetSessionTicketKeyPair(&svrPubKey, &svrPrivKey);
+ if (rv != SECSuccess || !cache->cacheMem) {
+ /* No key pair for wrapping, or the cache is uninitialized. Generate
+ * keys and return them without caching. */
return GenerateTicketKeys(pwArg, keyName, encKey, macKey);
}
- rv = ssl_GetSessionTicketKeyPair(&svrPubKey, &svrPrivKey);
- if (rv != SECSuccess) {
- return SECFailure;
- }
-
now = LockSidCacheLock(cache->keyCacheLock, 0);
if (!now)
return SECFailure;
if (*(cache->ticketKeysValid)) {
rv = UnwrapCachedTicketKeys(svrPrivKey, keyName, encKey, macKey);
} else {
/* Keys do not exist, create them. */