Commit 177b4225 authored by Bernd Edlinger's avatar Bernd Edlinger Committed by Rich Salz
Browse files

Use TLSEXT_KEYNAME_LENGTH in tls_decrypt_ticket. 



Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2618)
(cherry picked from commit 57b0d651)
parent be31d576

ssl/t1_lib.c

+2 −2
Original line number Diff line number Diff line
@@ -3151,8 +3151,8 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, 
    }

    /* Attempt to decrypt session data */

    /* Move p after IV to start of encrypted ticket, update length */

    p = etick + 16 + EVP_CIPHER_CTX_iv_length(ctx);

    eticklen -= 16 + EVP_CIPHER_CTX_iv_length(ctx);

    p = etick + TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_iv_length(ctx);

    eticklen -= TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_iv_length(ctx);

    sdec = OPENSSL_malloc(eticklen);

    if (sdec == NULL || EVP_DecryptUpdate(ctx, sdec, &slen, p, eticklen) <= 0) {

        EVP_CIPHER_CTX_free(ctx);