]> Cypherpunks repositories - gostls13.git/commitdiff
projects / gostls13.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 89d085d)
crypto/tls: don't generate random ticket keys if already set.
authorAdam Langley <agl@golang.org>
Thu, 18 Aug 2016 00:38:06 +0000 (17:38 -0700)
committerAdam Langley <agl@golang.org>
Thu, 18 Aug 2016 22:48:53 +0000 (22:48 +0000)
If SetSessionTicketKeys was called on a fresh tls.Config, the configured
keys would be overridden with a random key by serverInit.

Fixes #15421.

Change-Id: I5d6cc81fc3e5de4dfa15eb614d102fb886150d1b
Reviewed-on: https://go-review.googlesource.com/27317
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
src/crypto/tls/common.go patch | blob | history
src/crypto/tls/handshake_client_test.go patch | blob | history

diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go
index 9fc742008205dcb663e23ce229ec816c3671e762..3e24c82cbea56502d84f73c1bcab4994066a522f 100644 (file)
--- a/src/crypto/tls/common.go
+++ b/src/crypto/tls/common.go
@@ -450,7 +450,7 @@ func (c *Config) clone() *Config {
 }
 
 func (c *Config) serverInit() {
-       if c.SessionTicketsDisabled {
+       if c.SessionTicketsDisabled || len(c.ticketKeys()) != 0 {
                return
        }
 
diff --git a/src/crypto/tls/handshake_client_test.go b/src/crypto/tls/handshake_client_test.go
index 62751b8b7cc40ac924ff77f1597d2682be2128ee..f7e0dce2c44d4d3b8cb84b38d7c5265b65a4659d 100644 (file)
--- a/src/crypto/tls/handshake_client_test.go
+++ b/src/crypto/tls/handshake_client_test.go
@@ -648,13 +648,14 @@ func TestClientResumption(t *testing.T) {
                t.Fatal("first ticket doesn't match ticket after resumption")
        }
 
-       key2 := randomKey()
-       serverConfig.SetSessionTicketKeys([][32]byte{key2})
+       key1 := randomKey()
+       serverConfig.SetSessionTicketKeys([][32]byte{key1})
 
        testResumeState("InvalidSessionTicketKey", false)
        testResumeState("ResumeAfterInvalidSessionTicketKey", true)
 
-       serverConfig.SetSessionTicketKeys([][32]byte{randomKey(), key2})
+       key2 := randomKey()
+       serverConfig.SetSessionTicketKeys([][32]byte{key2, key1})
        ticket = getTicket()
        testResumeState("KeyChange", true)
        if bytes.Equal(ticket, getTicket()) {
@@ -662,6 +663,16 @@ func TestClientResumption(t *testing.T) {
        }
        testResumeState("KeyChangeFinish", true)
 
+       // Reset serverConfig to ensure that calling SetSessionTicketKeys
+       // before the serverConfig is used works.
+       serverConfig = &Config{
+               CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA},
+               Certificates: testConfig.Certificates,
+       }
+       serverConfig.SetSessionTicketKeys([][32]byte{key2})
+
+       testResumeState("FreshConfig", true)
+
        clientConfig.CipherSuites = []uint16{TLS_ECDHE_RSA_WITH_RC4_128_SHA}
        testResumeState("DifferentCipherSuite", false)
        testResumeState("DifferentCipherSuiteRecovers", true)
Go GOST TLS 1.3