diff options
author | Todd Short <tshort@akamai.com> | 2018-03-19 10:50:51 -0400 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2018-03-19 11:07:08 -0400 |
commit | 4bfb96f2ad01d71836cfccceb7b15102f0f59055 (patch) | |
tree | e1bed6835aebe2e68e8fa0ec9e7c23a7c6f27e27 /ssl/t1_lib.c | |
parent | c2b290c3d0ff878c33b3540df530f64af23163bf (diff) |
Place ticket keys into secure memory
Place the session ticket AES and HMAC keys into secure memory.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2351)
Diffstat (limited to 'ssl/t1_lib.c')
-rw-r--r-- | ssl/t1_lib.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 796e9d4827..174d7de3ce 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1349,11 +1349,11 @@ SSL_TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick, ret = SSL_TICKET_NO_DECRYPT; goto err; } - if (HMAC_Init_ex(hctx, tctx->ext.tick_hmac_key, - sizeof(tctx->ext.tick_hmac_key), + if (HMAC_Init_ex(hctx, tctx->ext.secure->tick_hmac_key, + sizeof(tctx->ext.secure->tick_hmac_key), EVP_sha256(), NULL) <= 0 || EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, - tctx->ext.tick_aes_key, + tctx->ext.secure->tick_aes_key, etick + TLSEXT_KEYNAME_LENGTH) <= 0) { goto err; } |