Place ticket keys into secure memory

Place the session ticket AES and HMAC keys into secure memory. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2351)
author: Todd Short <tshort@akamai.com> 2018-03-19 10:50:51 -0400
committer: Rich Salz <rsalz@openssl.org> 2018-03-19 11:07:08 -0400
commit: 4bfb96f2ad01d71836cfccceb7b15102f0f59055 (patch)
tree: e1bed6835aebe2e68e8fa0ec9e7c23a7c6f27e27 /ssl/s3_lib.c
parent: c2b290c3d0ff878c33b3540df530f64af23163bf (diff)
1 files changed, 12 insertions, 12 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index bbf49a205d..619326949c 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3798,8 +3798,8 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
         {
             unsigned char *keys = parg;
             long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
-                                sizeof(ctx->ext.tick_hmac_key) +
-                                sizeof(ctx->ext.tick_aes_key));
+                                sizeof(ctx->ext.secure->tick_hmac_key) +
+                                sizeof(ctx->ext.secure->tick_aes_key));
             if (keys == NULL)
                 return tick_keylen;
             if (larg != tick_keylen) {
@@ -3809,23 +3809,23 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
             if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
                 memcpy(ctx->ext.tick_key_name, keys,
                        sizeof(ctx->ext.tick_key_name));
-                memcpy(ctx->ext.tick_hmac_key,
+                memcpy(ctx->ext.secure->tick_hmac_key,
                        keys + sizeof(ctx->ext.tick_key_name),
-                       sizeof(ctx->ext.tick_hmac_key));
-                memcpy(ctx->ext.tick_aes_key,
+                       sizeof(ctx->ext.secure->tick_hmac_key));
+                memcpy(ctx->ext.secure->tick_aes_key,
                        keys + sizeof(ctx->ext.tick_key_name) +
-                       sizeof(ctx->ext.tick_hmac_key),
-                       sizeof(ctx->ext.tick_aes_key));
+                       sizeof(ctx->ext.secure->tick_hmac_key),
+                       sizeof(ctx->ext.secure->tick_aes_key));
             } else {
                 memcpy(keys, ctx->ext.tick_key_name,
                        sizeof(ctx->ext.tick_key_name));
                 memcpy(keys + sizeof(ctx->ext.tick_key_name),
-                       ctx->ext.tick_hmac_key,
-                       sizeof(ctx->ext.tick_hmac_key));
+                       ctx->ext.secure->tick_hmac_key,
+                       sizeof(ctx->ext.secure->tick_hmac_key));
                 memcpy(keys + sizeof(ctx->ext.tick_key_name) +
-                       sizeof(ctx->ext.tick_hmac_key),
-                       ctx->ext.tick_aes_key,
-                       sizeof(ctx->ext.tick_aes_key));
+                       sizeof(ctx->ext.secure->tick_hmac_key),
+                       ctx->ext.secure->tick_aes_key,
+                       sizeof(ctx->ext.secure->tick_aes_key));
             }
             return 1;
         }
author	Todd Short <tshort@akamai.com>	2018-03-19 10:50:51 -0400
committer	Rich Salz <rsalz@openssl.org>	2018-03-19 11:07:08 -0400
commit	4bfb96f2ad01d71836cfccceb7b15102f0f59055 (patch)
tree	e1bed6835aebe2e68e8fa0ec9e7c23a7c6f27e27 /ssl/s3_lib.c
parent	c2b290c3d0ff878c33b3540df530f64af23163bf (diff)