Place ticket keys into secure memory

Place the session ticket AES and HMAC keys into secure memory. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2351)
author: Todd Short <tshort@akamai.com> 2018-03-19 10:50:51 -0400
committer: Rich Salz <rsalz@openssl.org> 2018-03-19 11:07:08 -0400
commit: 4bfb96f2ad01d71836cfccceb7b15102f0f59055 (patch)
tree: e1bed6835aebe2e68e8fa0ec9e7c23a7c6f27e27 /ssl/t1_lib.c
parent: c2b290c3d0ff878c33b3540df530f64af23163bf (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 796e9d4827..174d7de3ce 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1349,11 +1349,11 @@ SSL_TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick,
             ret = SSL_TICKET_NO_DECRYPT;
             goto err;
         }
-        if (HMAC_Init_ex(hctx, tctx->ext.tick_hmac_key,
-                         sizeof(tctx->ext.tick_hmac_key),
+        if (HMAC_Init_ex(hctx, tctx->ext.secure->tick_hmac_key,
+                         sizeof(tctx->ext.secure->tick_hmac_key),
                          EVP_sha256(), NULL) <= 0
             || EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,
-                                  tctx->ext.tick_aes_key,
+                                  tctx->ext.secure->tick_aes_key,
                                   etick + TLSEXT_KEYNAME_LENGTH) <= 0) {
             goto err;
         }
author	Todd Short <tshort@akamai.com>	2018-03-19 10:50:51 -0400
committer	Rich Salz <rsalz@openssl.org>	2018-03-19 11:07:08 -0400
commit	4bfb96f2ad01d71836cfccceb7b15102f0f59055 (patch)
tree	e1bed6835aebe2e68e8fa0ec9e7c23a7c6f27e27 /ssl/t1_lib.c
parent	c2b290c3d0ff878c33b3540df530f64af23163bf (diff)