Encrypt session tickets

2025-07-28 00:21:48 +03:00 · 2013-08-03 15:37:58 +02:00
parent 779e42982c
commit 990c51a557
3 changed files with 87 additions and 24 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -2979,6 +2979,7 @@ static int ssl_ticket_keys_init( ssl_context *ssl )
 {
    int ret;
    ssl_ticket_keys *tkeys;
+    unsigned char buf[32];

    if( ssl->ticket_keys != NULL )
        return( 0 );
@ -2989,6 +2990,13 @@ static int ssl_ticket_keys_init( ssl_context *ssl )
    if( ( ret = ssl->f_rng( ssl->p_rng, tkeys->key_name, 16 ) ) != 0 )
        return( ret );

+    if( ( ret = ssl->f_rng( ssl->p_rng, buf, 16 ) ) != 0 ||
+        ( ret = aes_setkey_enc( &tkeys->enc, buf, 128 ) ) != 0 ||
+        ( ret = aes_setkey_dec( &tkeys->dec, buf, 128 ) ) != 0 )
+    {
+            return( ret );
+    }
+
    ssl->ticket_keys = tkeys;

    return( 0 );