Place ticket keys into secure memory Place the session ticket AES and HMAC keys into secure memory. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2351)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 796e9d4..174d7de 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c
@@ -1349,11 +1349,11 @@ ret = SSL_TICKET_NO_DECRYPT; goto err; } - if (HMAC_Init_ex(hctx, tctx->ext.tick_hmac_key, - sizeof(tctx->ext.tick_hmac_key), + if (HMAC_Init_ex(hctx, tctx->ext.secure->tick_hmac_key, + sizeof(tctx->ext.secure->tick_hmac_key), EVP_sha256(), NULL) <= 0 || EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, - tctx->ext.tick_aes_key, + tctx->ext.secure->tick_aes_key, etick + TLSEXT_KEYNAME_LENGTH) <= 0) { goto err; }