From 148bfd26a4c2d0250b77c57acf30cf5c190a1d29 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 19 Mar 2020 18:23:58 +0000 Subject: [PATCH 1/1] Use a fetched cipher when decrypting a ticket in libssl We need to make sure we are using the correct libctx and property query. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11402) --- ssl/t1_lib.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 76096401be..4ab046b7b3 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1521,21 +1521,29 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, if (rv == 2) renew_ticket = 1; } else { + EVP_CIPHER *aes256cbc = NULL; + /* Check key name matches */ if (memcmp(etick, tctx->ext.tick_key_name, TLSEXT_KEYNAME_LENGTH) != 0) { ret = SSL_TICKET_NO_DECRYPT; goto end; } - if (ssl_hmac_init(hctx, tctx->ext.secure->tick_hmac_key, - sizeof(tctx->ext.secure->tick_hmac_key), - "SHA256") <= 0 - || EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, + + aes256cbc = EVP_CIPHER_fetch(s->ctx->libctx, "AES-256-CBC", + s->ctx->propq); + if (aes256cbc == NULL + || ssl_hmac_init(hctx, tctx->ext.secure->tick_hmac_key, + sizeof(tctx->ext.secure->tick_hmac_key), + "SHA256") <= 0 + || EVP_DecryptInit_ex(ctx, aes256cbc, NULL, tctx->ext.secure->tick_aes_key, etick + TLSEXT_KEYNAME_LENGTH) <= 0) { + EVP_CIPHER_free(aes256cbc); ret = SSL_TICKET_FATAL_ERR_OTHER; goto end; } + EVP_CIPHER_free(aes256cbc); if (SSL_IS_TLS13(s)) renew_ticket = 1; } -- 2.34.1