Remove TLSv1.3 tickets from the client cache as we use them

author Matt Caswell <matt@openssl.org>

Tue, 26 Jun 2018 17:07:56 +0000 (18:07 +0100)

committer Matt Caswell <matt@openssl.org>

Tue, 3 Jul 2018 08:44:46 +0000 (09:44 +0100)
author Matt Caswell <matt@openssl.org>
Tue, 26 Jun 2018 17:07:56 +0000 (18:07 +0100)
committer Matt Caswell <matt@openssl.org>
Tue, 3 Jul 2018 08:44:46 +0000 (09:44 +0100)
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c

index 26be9cb6b87995103151ce50a3c4d7eb75c35534..88c343761fa0c69be03bc73b8e6247135ea33991 100644 (file)
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2682,6 +2682,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
          goto err;
      }
      s->session->session_id_length = sess_len;
+    s->session->not_resumable = 0;
  
      /* This is a standalone message in TLSv1.3, so there is no more to read */
      if (SSL_IS_TLS13(s)) {
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c

index 91d304e2b4e5a89e835b2e4ba2e81a1d9df1cbe5..61fc3caa1ce3f23304741db1688bb647927367f8 100644 (file)
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1068,12 +1068,21 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, int stop)
                  dtls1_start_timer(s);
              }
          } else {
-            /*
-             * In TLSv1.3 we update the cache as part of processing the
-             * NewSessionTicket
-             */
-            if (!SSL_IS_TLS13(s))
+            if (SSL_IS_TLS13(s)) {
+                /*
+                 * We encourage applications to only use TLSv1.3 tickets once,
+                 * so we remove this one from the cache.
+                 */
+                if ((s->session_ctx->session_cache_mode
+                     & SSL_SESS_CACHE_CLIENT) != 0)
+                    SSL_CTX_remove_session(s->session_ctx, s->session);
+            } else {
+                /*
+                 * In TLSv1.3 we update the cache as part of processing the
+                 * NewSessionTicket
+                 */
                  ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
+            }
              if (s->hit)
                  CRYPTO_atomic_add(&s->session_ctx->stats.sess_hit, 1, &discard,
                                    s->session_ctx->lock);
diff --git a/test/sslapitest.c b/test/sslapitest.c

index 6e08795f2dbd682d3441cb37244176e309135601..598b02a0566c6b1deb65e56d5a32ccf65f073359 100644 (file)
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -944,11 +944,12 @@ static int execute_test_session(int maxprot, int use_int_cache,
      if (maxprot == TLS1_3_VERSION) {
          /*
           * In TLSv1.3 we should have created a new session even though we have
-         * resumed.
+         * resumed. Since we attempted a resume we should also have removed the
+         * old ticket from the cache so that we try to only use tickets once.
           */
          if (use_ext_cache
                  && (!TEST_int_eq(new_called, 1)
-                    || !TEST_int_eq(remove_called, 0)))
+                    || !TEST_int_eq(remove_called, 1)))
              goto end;
      } else {
          /*
author	Matt Caswell <matt@openssl.org>
	Tue, 26 Jun 2018 17:07:56 +0000 (18:07 +0100)
committer	Matt Caswell <matt@openssl.org>
	Tue, 3 Jul 2018 08:44:46 +0000 (09:44 +0100)
ssl/statem/statem_clnt.c		patch \| blob \| history
ssl/statem/statem_lib.c		patch \| blob \| history
test/sslapitest.c		patch \| blob \| history