Commit 05df5c20 authored Feb 27, 2016 by TJ Saunders Committed by Kurt Roeckx May 16, 2016

Use AES256 for the default encryption algoritm for TLS session tickets



This involves providing more session ticket key data, for both the cipher and
the digest

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>

GH: #515, MR: #2153

parent 4e2e1ec9

ssl/ssl_locl.h

+2 −2

Original line number	Diff line number	Diff line
		@@ -858,8 +858,8 @@ struct ssl_ctx_st {
		void *tlsext_servername_arg;
		/* RFC 4507 session ticket keys */
		unsigned char tlsext_tick_key_name[16];
		unsigned char tlsext_tick_hmac_key[16];
		unsigned char tlsext_tick_aes_key[16];
		unsigned char tlsext_tick_hmac_key[32];
		unsigned char tlsext_tick_aes_key[32];
		/* Callback to support customisation of ticket key setting */
		int (tlsext_ticket_key_cb) (SSL ssl,
		unsigned char name, unsigned char iv,

ssl/statem/statem_srvr.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -3048,7 +3048,7 @@ int tls_construct_new_session_ticket(SSL *s)
		} else {
		if (RAND_bytes(iv, 16) <= 0)
		goto err;
		if (!EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL,
		if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,
		tctx->tlsext_tick_aes_key, iv))
		goto err;
		if (!HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key,

ssl/t1_lib.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -3137,7 +3137,7 @@ static int tls_decrypt_ticket(SSL s, const unsigned char etick,
		if (HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key,
		sizeof(tctx->tlsext_tick_hmac_key),
		EVP_sha256(), NULL) <= 0
		\|\| EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL,
		\|\| EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,
		tctx->tlsext_tick_aes_key,
		etick + sizeof(tctx->tlsext_tick_key_name)) <= 0) {
		goto err;