From 57b0d651f052ed86528da916397acbcce035fb21 Mon Sep 17 00:00:00 2001 From: Bernd Edlinger Date: Mon, 13 Feb 2017 18:36:13 +0100 Subject: [PATCH] Use TLSEXT_KEYNAME_LENGTH in tls_decrypt_ticket. Reviewed-by: Matt Caswell Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2618) --- ssl/t1_lib.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 7c8244d6a8..eba32037f2 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1252,8 +1252,8 @@ TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick, } /* Attempt to decrypt session data */ /* Move p after IV to start of encrypted ticket, update length */ - p = etick + 16 + EVP_CIPHER_CTX_iv_length(ctx); - eticklen -= 16 + EVP_CIPHER_CTX_iv_length(ctx); + p = etick + TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_iv_length(ctx); + eticklen -= TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_iv_length(ctx); sdec = OPENSSL_malloc(eticklen); if (sdec == NULL || EVP_DecryptUpdate(ctx, sdec, &slen, p, (int)eticklen) <= 0) { -- 2.25.1