-/* $OpenBSD: ssl_srvr.c,v 1.156 2023/07/08 16:40:13 beck Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.157 2023/11/18 10:51:09 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
unsigned int hlen;
EVP_CIPHER_CTX *ctx = NULL;
HMAC_CTX *hctx = NULL;
- int len;
+ int iv_len, len;
/*
* New Session Ticket - RFC 5077, section 3.3.
goto err;
if (!CBB_add_bytes(&ticket, key_name, sizeof(key_name)))
goto err;
- if (!CBB_add_bytes(&ticket, iv, EVP_CIPHER_CTX_iv_length(ctx)))
+ if ((iv_len = EVP_CIPHER_CTX_iv_length(ctx)) < 0)
+ goto err;
+ if (!CBB_add_bytes(&ticket, iv, iv_len))
goto err;
if (!CBB_add_bytes(&ticket, enc_session, enc_session_len))
goto err;
-/* $OpenBSD: t1_lib.c,v 1.197 2022/11/26 16:08:56 tb Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.198 2023/11/18 10:51:09 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
HMAC_CTX *hctx = NULL;
EVP_CIPHER_CTX *cctx = NULL;
SSL_CTX *tctx = s->initial_ctx;
- int slen, hlen;
+ int slen, hlen, iv_len;
int alert_desc = SSL_AD_INTERNAL_ERROR;
int ret = TLS1_TICKET_FATAL_ERROR;
s->tlsext_ticket_expected = 1;
}
+ if ((iv_len = EVP_CIPHER_CTX_iv_length(cctx)) < 0)
+ goto err;
/*
* Now that the cipher context is initialised, we can extract
* the IV since its length is known.
*/
- if (!CBS_get_bytes(ticket, &ticket_iv,
- EVP_CIPHER_CTX_iv_length(cctx)))
+ if (!CBS_get_bytes(ticket, &ticket_iv, iv_len))
goto derr;
} else {
/* Check that the key name matches. */
tctx->tlsext_tick_key_name,
sizeof(tctx->tlsext_tick_key_name)))
goto derr;
- if (!CBS_get_bytes(ticket, &ticket_iv,
- EVP_CIPHER_iv_length(EVP_aes_128_cbc())))
+ if ((iv_len = EVP_CIPHER_iv_length(EVP_aes_128_cbc())) < 0)
+ goto err;
+ if (!CBS_get_bytes(ticket, &ticket_iv, iv_len))
goto derr;
if (!EVP_DecryptInit_ex(cctx, EVP_aes_128_cbc(), NULL,
tctx->tlsext_tick_aes_key, CBS_data(&ticket_iv)))
projects / openbsd / commitdiff