Only update the server session cache when the session is ready

In TLSv1.3 the session is not ready until after the end of the handshake when we are constructing the NewSessionTicket. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5621)
author: Matt Caswell <matt@openssl.org> 2018-03-14 17:51:18 +0000
committer: Matt Caswell <matt@openssl.org> 2018-03-15 08:59:27 +0000
commit: 16ff13427f00753a76672317143753b83cea7982 (patch)
tree: ecaa9fdc5116e93bafa89598f1c0b30c1f4247a5 /ssl
parent: 5cd42251bae72ab73542019342362063e882e66f (diff)
2 files changed, 14 insertions, 7 deletions
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 82a711979d..a82079c2ee 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1043,7 +1043,12 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, int stop)
         ssl3_cleanup_key_block(s);
 
         if (s->server) {
-            ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
+            /*
+             * In TLSv1.3 we update the cache as part of constructing the
+             * NewSessionTicket
+             */
+            if (!SSL_IS_TLS13(s))
+                ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
 
             /* N.B. s->ctx may not equal s->session_ctx */
             CRYPTO_atomic_add(&s->ctx->stats.sess_accept_good, 1, &discard,
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 041089cf96..50be8253c5 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -3889,12 +3889,14 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
                  SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_INTERNAL_ERROR);
         goto err;
     }
-    if (SSL_IS_TLS13(s)
-            && !tls_construct_extensions(s, pkt,
-                                         SSL_EXT_TLS1_3_NEW_SESSION_TICKET,
-                                         NULL, 0)) {
-        /* SSLfatal() already called */
-        goto err;
+    if (SSL_IS_TLS13(s)) {
+        ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
+        if (!tls_construct_extensions(s, pkt,
+                                      SSL_EXT_TLS1_3_NEW_SESSION_TICKET,
+                                      NULL, 0)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
     }
     EVP_CIPHER_CTX_free(ctx);
     HMAC_CTX_free(hctx);
author	Matt Caswell <matt@openssl.org>	2018-03-14 17:51:18 +0000
committer	Matt Caswell <matt@openssl.org>	2018-03-15 08:59:27 +0000
commit	16ff13427f00753a76672317143753b83cea7982 (patch)
tree	ecaa9fdc5116e93bafa89598f1c0b30c1f4247a5 /ssl
parent	5cd42251bae72ab73542019342362063e882e66f (diff)