projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Make sure we use a fetched cipher when encrypting stateless tickets
[openssl.git]
/
ssl
/
statem
/
statem_srvr.c
diff --git
a/ssl/statem/statem_srvr.c
b/ssl/statem/statem_srvr.c
index 1cc106876c1da9d0f2c77a0412e7f4668c199157..7ca76fc0fecab4797d64300e8ba0c23a62456173 100644
(file)
--- a/
ssl/statem/statem_srvr.c
+++ b/
ssl/statem/statem_srvr.c
@@
-3906,7
+3906,14
@@
static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add,
}
iv_len = EVP_CIPHER_CTX_iv_length(ctx);
} else {
}
iv_len = EVP_CIPHER_CTX_iv_length(ctx);
} else {
- const EVP_CIPHER *cipher = EVP_aes_256_cbc();
+ EVP_CIPHER *cipher = EVP_CIPHER_fetch(s->ctx->libctx, "AES-256-CBC",
+ s->ctx->propq);
+
+ if (cipher == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
+ SSL_R_ALGORITHM_FETCH_FAILED);
+ goto err;
+ }
iv_len = EVP_CIPHER_iv_length(cipher);
if (RAND_bytes_ex(s->ctx->libctx, iv, iv_len) <= 0
iv_len = EVP_CIPHER_iv_length(cipher);
if (RAND_bytes_ex(s->ctx->libctx, iv, iv_len) <= 0
@@
-3915,10
+3922,12
@@
static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add,
|| !ssl_hmac_init(hctx, tctx->ext.secure->tick_hmac_key,
sizeof(tctx->ext.secure->tick_hmac_key),
"SHA256")) {
|| !ssl_hmac_init(hctx, tctx->ext.secure->tick_hmac_key,
sizeof(tctx->ext.secure->tick_hmac_key),
"SHA256")) {
+ EVP_CIPHER_free(cipher);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
ERR_R_INTERNAL_ERROR);
goto err;
}
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
ERR_R_INTERNAL_ERROR);
goto err;
}
+ EVP_CIPHER_free(cipher);
memcpy(key_name, tctx->ext.tick_key_name,
sizeof(tctx->ext.tick_key_name));
}
memcpy(key_name, tctx->ext.tick_key_name,
sizeof(tctx->ext.tick_key_name));
}