Overview

File nss-session_ticket_no_wrapping_key.patch of Package mozilla-nss.4602

# HG changeset patch
# Parent  e0e8dcd852999989cb4e57d0fb8c1da256723074
bmo#1320695 - Using SessionTicket extension along with any ECDHE-ECDSA
ciphersuite renders selfserv unusable

When session ticket is used and wrapping key pair (for caching
generated keys at server side) is not available, disable caching
instead of returning an error.

Also related to CVE-2016-9574 / bsc#1015499

diff --git a/lib/ssl/ssl3exthandle.c b/lib/ssl/ssl3exthandle.c
--- a/lib/ssl/ssl3exthandle.c
+++ b/lib/ssl/ssl3exthandle.c
@@ -94,31 +94,32 @@ ssl3_SessionTicketShutdown(void *appData
 
 static PRStatus
 ssl3_GenerateSessionTicketKeys(void *data)
 {
     SECStatus rv;
     sslSocket *ss = (sslSocket *)data;
     sslServerCertType certType = { ssl_auth_rsa_decrypt, NULL };
     const sslServerCert *sc;
-    SECKEYPrivateKey *svrPrivKey;
-    SECKEYPublicKey *svrPubKey;
+    SECKEYPrivateKey *svrPrivKey = NULL;
+    SECKEYPublicKey *svrPubKey = NULL;
 
     sc = ssl_FindServerCert(ss, &certType);
     if (!sc || !sc->serverKeyPair) {
         SSL_DBG(("%d: SSL[%d]: No ssl_auth_rsa_decrypt cert and key pair",
                  SSL_GETPID(), ss->fd));
-        goto loser;
-    }
-    svrPrivKey = sc->serverKeyPair->privKey;
-    svrPubKey = sc->serverKeyPair->pubKey;
-    if (svrPrivKey == NULL || svrPubKey == NULL) {
-        SSL_DBG(("%d: SSL[%d]: Pub or priv key(s) is NULL.",
-                 SSL_GETPID(), ss->fd));
-        goto loser;
+    } else {
+        svrPrivKey = sc->serverKeyPair->privKey;
+        svrPubKey = sc->serverKeyPair->pubKey;
+        if (svrPrivKey == NULL || svrPubKey == NULL) {
+            SSL_DBG(("%d: SSL[%d]: Pub or priv key(s) is NULL.",
+                     SSL_GETPID(), ss->fd));
+            svrPrivKey = NULL;
+            svrPubKey = NULL;
+        }
     }
 
     /* Get a copy of the session keys from shared memory. */
     PORT_Memcpy(key_name, SESS_TICKET_KEY_NAME_PREFIX,
                 sizeof(SESS_TICKET_KEY_NAME_PREFIX));
     if (!ssl_GetSessionTicketKeys(svrPrivKey, svrPubKey, ss->pkcs11PinArg,
                                   &key_name[SESS_TICKET_KEY_NAME_PREFIX_LEN],
                                   &session_ticket_enc_key, &session_ticket_mac_key))
diff --git a/lib/ssl/sslsnce.c b/lib/ssl/sslsnce.c
--- a/lib/ssl/sslsnce.c
+++ b/lib/ssl/sslsnce.c
@@ -1826,19 +1826,21 @@ ssl_GetSessionTicketKeys(SECKEYPrivateKe
                          unsigned char *keyName, PK11SymKey **aesKey,
                          PK11SymKey **macKey)
 {
     PRUint32 now = 0;
     PRBool rv = PR_FALSE;
     PRBool keysGenerated = PR_FALSE;
     cacheDesc *cache = &globalCache;
 
-    if (!cache->cacheMem) {
-        /* cache is uninitialized. Generate keys and return them
-         * without caching. */
+    if (!cache->cacheMem || !svrPrivKey || !svrPubKey) {
+        /* Generated keys cannot be cached, because:
+         * - the cache is not initialized, or
+         * - key pairs to wrap them are not available
+         * Generate keys and return them without caching. */
         return GenerateTicketKeys(pwArg, keyName, aesKey, macKey);
     }
 
     now = LockSidCacheLock(cache->keyCacheLock, now);
     if (!now)
         return rv;
 
     if (!*(cache->ticketKeysValid)) {
openSUSE Build Service is sponsored by
Places