From 05df5c2036f1244fe3df70de7d8079a5d86b999d Mon Sep 17 00:00:00 2001 From: TJ Saunders Date: Sat, 27 Feb 2016 19:37:34 +0100 Subject: [PATCH] Use AES256 for the default encryption algoritm for TLS session tickets This involves providing more session ticket key data, for both the cipher and the digest Signed-off-by: Kurt Roeckx Reviewed-by: Matt Caswell GH: #515, MR: #2153 --- ssl/ssl_locl.h | 4 ++-- ssl/statem/statem_srvr.c | 2 +- ssl/t1_lib.c | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 9bc9892e2c..b39f387483 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -858,8 +858,8 @@ struct ssl_ctx_st { void *tlsext_servername_arg; /* RFC 4507 session ticket keys */ unsigned char tlsext_tick_key_name[16]; - unsigned char tlsext_tick_hmac_key[16]; - unsigned char tlsext_tick_aes_key[16]; + unsigned char tlsext_tick_hmac_key[32]; + unsigned char tlsext_tick_aes_key[32]; /* Callback to support customisation of ticket key setting */ int (*tlsext_ticket_key_cb) (SSL *ssl, unsigned char *name, unsigned char *iv, diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index c8c68dc078..60f92e5fb9 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -3048,7 +3048,7 @@ int tls_construct_new_session_ticket(SSL *s) } else { if (RAND_bytes(iv, 16) <= 0) goto err; - if (!EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, + if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, tctx->tlsext_tick_aes_key, iv)) goto err; if (!HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key, diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 996a132077..ef8d0aeb76 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -3137,7 +3137,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, if (HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key, sizeof(tctx->tlsext_tick_hmac_key), EVP_sha256(), NULL) <= 0 - || EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, + || EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, tctx->tlsext_tick_aes_key, etick + sizeof(tctx->tlsext_tick_key_name)) <= 0) { goto err; -- 2.25.1