summary refs log tree commit diff
path: root/tls_server.c
diff options
context:
space:
mode:
authorJune McEnroe <june@causal.agency>2022-02-27 10:28:40 -0500
committerJune McEnroe <june@causal.agency>2022-02-27 11:12:26 -0500
commit9c718c5df514e2a20c7d04e1db1716fdbab45a04 (patch)
tree0645cd11cf0382906afde12e54fff66725506b69 /tls_server.c
parenttls: Revert accidentally(?) reverted upstream (diff)
parentImport LibreSSL 3.5.0 (diff)
downloadlibretls-9c718c5df514e2a20c7d04e1db1716fdbab45a04.tar.gz
libretls-9c718c5df514e2a20c7d04e1db1716fdbab45a04.zip
Merge LibreSSL 3.5.0
Diffstat (limited to '')
-rw-r--r--tls_server.c30
1 files changed, 21 insertions, 9 deletions
diff --git a/tls_server.c b/tls_server.c
index 831255a..ebf76bc 100644
--- a/tls_server.c
+++ b/tls_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_server.c,v 1.47 2021/06/14 03:53:59 tb Exp $ */
+/* $OpenBSD: tls_server.c,v 1.48 2022/01/19 11:10:55 inoguchi Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -186,10 +186,16 @@ tls_server_ticket_cb(SSL *ssl, unsigned char *keyname, unsigned char *iv,
 
 		memcpy(keyname, key->key_name, sizeof(key->key_name));
 		arc4random_buf(iv, EVP_MAX_IV_LENGTH);
-		EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,
-		    key->aes_key, iv);
-		HMAC_Init_ex(hctx, key->hmac_key, sizeof(key->hmac_key),
-		    EVP_sha256(), NULL);
+		if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,
+		    key->aes_key, iv)) {
+			tls_set_errorx(tls_ctx, "failed to init encrypt");
+			return (-1);
+		}
+		if (!HMAC_Init_ex(hctx, key->hmac_key, sizeof(key->hmac_key),
+		    EVP_sha256(), NULL)) {
+			tls_set_errorx(tls_ctx, "failed to init hmac");
+			return (-1);
+		}
 		return (0);
 	} else {
 		/* get key by name */
@@ -197,10 +203,16 @@ tls_server_ticket_cb(SSL *ssl, unsigned char *keyname, unsigned char *iv,
 		if (key == NULL)
 			return (0);
 
-		EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,
-		    key->aes_key, iv);
-		HMAC_Init_ex(hctx, key->hmac_key, sizeof(key->hmac_key),
-		    EVP_sha256(), NULL);
+		if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,
+		    key->aes_key, iv)) {
+			tls_set_errorx(tls_ctx, "failed to init decrypt");
+			return (-1);
+		}
+		if (!HMAC_Init_ex(hctx, key->hmac_key, sizeof(key->hmac_key),
+		    EVP_sha256(), NULL)) {
+			tls_set_errorx(tls_ctx, "failed to init hmac");
+			return (-1);
+		}
 
 		/* time to renew the ticket? is it the primary key? */
 		if (key != &tls_ctx->config->ticket_keys[0])