diff options
author | June McEnroe <june@causal.agency> | 2022-02-27 10:28:40 -0500 |
---|---|---|
committer | June McEnroe <june@causal.agency> | 2022-02-27 11:12:26 -0500 |
commit | 9c718c5df514e2a20c7d04e1db1716fdbab45a04 (patch) | |
tree | 0645cd11cf0382906afde12e54fff66725506b69 /tls_server.c | |
parent | tls: Revert accidentally(?) reverted upstream (diff) | |
parent | Import LibreSSL 3.5.0 (diff) | |
download | libretls-9c718c5df514e2a20c7d04e1db1716fdbab45a04.tar.gz libretls-9c718c5df514e2a20c7d04e1db1716fdbab45a04.zip |
Merge LibreSSL 3.5.0
Diffstat (limited to '')
-rw-r--r-- | tls_server.c | 30 |
1 files changed, 21 insertions, 9 deletions
diff --git a/tls_server.c b/tls_server.c index 831255a..ebf76bc 100644 --- a/tls_server.c +++ b/tls_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_server.c,v 1.47 2021/06/14 03:53:59 tb Exp $ */ +/* $OpenBSD: tls_server.c,v 1.48 2022/01/19 11:10:55 inoguchi Exp $ */ /* * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> * @@ -186,10 +186,16 @@ tls_server_ticket_cb(SSL *ssl, unsigned char *keyname, unsigned char *iv, memcpy(keyname, key->key_name, sizeof(key->key_name)); arc4random_buf(iv, EVP_MAX_IV_LENGTH); - EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, - key->aes_key, iv); - HMAC_Init_ex(hctx, key->hmac_key, sizeof(key->hmac_key), - EVP_sha256(), NULL); + if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, + key->aes_key, iv)) { + tls_set_errorx(tls_ctx, "failed to init encrypt"); + return (-1); + } + if (!HMAC_Init_ex(hctx, key->hmac_key, sizeof(key->hmac_key), + EVP_sha256(), NULL)) { + tls_set_errorx(tls_ctx, "failed to init hmac"); + return (-1); + } return (0); } else { /* get key by name */ @@ -197,10 +203,16 @@ tls_server_ticket_cb(SSL *ssl, unsigned char *keyname, unsigned char *iv, if (key == NULL) return (0); - EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, - key->aes_key, iv); - HMAC_Init_ex(hctx, key->hmac_key, sizeof(key->hmac_key), - EVP_sha256(), NULL); + if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, + key->aes_key, iv)) { + tls_set_errorx(tls_ctx, "failed to init decrypt"); + return (-1); + } + if (!HMAC_Init_ex(hctx, key->hmac_key, sizeof(key->hmac_key), + EVP_sha256(), NULL)) { + tls_set_errorx(tls_ctx, "failed to init hmac"); + return (-1); + } /* time to renew the ticket? is it the primary key? */ if (key != &tls_ctx->config->ticket_keys[0]) |