From 6f829f58effd958c75cb7bc3cf2781fbdae22b9b Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 13 Mar 2020 23:51:28 +0000 Subject: Make sure we use a fetched cipher when encrypting stateless tickets We use AES-256-CBC to encrypt stateless session tickets. We should ensure that the implementation is fetched from the appropriate provider. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11356) --- ssl/statem/statem_srvr.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'ssl') diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 1cc106876c..7ca76fc0fe 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -3906,7 +3906,14 @@ static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add, } iv_len = EVP_CIPHER_CTX_iv_length(ctx); } else { - const EVP_CIPHER *cipher = EVP_aes_256_cbc(); + EVP_CIPHER *cipher = EVP_CIPHER_fetch(s->ctx->libctx, "AES-256-CBC", + s->ctx->propq); + + if (cipher == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET, + SSL_R_ALGORITHM_FETCH_FAILED); + goto err; + } iv_len = EVP_CIPHER_iv_length(cipher); if (RAND_bytes_ex(s->ctx->libctx, iv, iv_len) <= 0 @@ -3915,10 +3922,12 @@ static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add, || !ssl_hmac_init(hctx, tctx->ext.secure->tick_hmac_key, sizeof(tctx->ext.secure->tick_hmac_key), "SHA256")) { + EVP_CIPHER_free(cipher); SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET, ERR_R_INTERNAL_ERROR); goto err; } + EVP_CIPHER_free(cipher); memcpy(key_name, tctx->ext.tick_key_name, sizeof(tctx->ext.tick_key_name)); } -- cgit v1.2.3