technocloud-public/nginx-unit
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Fixed invalid call sequence in nxt_tls_ticket_key_callback().

Browse Source 
The bug has been introduced in 0bca988e9541.
This commit is contained in:
Artem Konev
2021-10-08 13:44:14 +01:00
parent 8db8330f84
commit cdaa8e2523
1 changed files with 13 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/nxt_openssl.c
View File

@@ -776,6 +776,13 @@ nxt_tls_ticket_key_callback(SSL *s, unsigned char *name, unsigned char *iv,
nxt_memcpy(name, ticket[0].name, 16); nxt_memcpy(name, ticket[0].name, 16);
if (EVP_EncryptInit_ex(ectx, cipher, NULL, ticket[0].aes_key, iv) != 1)
{
nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT,
"EVP_EncryptInit_ex() failed");
return -1;
}
} else { } else {
/* decrypt session ticket */ /* decrypt session ticket */
@@ -798,12 +805,13 @@ nxt_tls_ticket_key_callback(SSL *s, unsigned char *name, unsigned char *iv,
enc = (i == 0) ? 1 : 2 /* renew */; enc = (i == 0) ? 1 : 2 /* renew */;
cipher = (ticket[i].size == 16) ? EVP_aes_128_cbc() : EVP_aes_256_cbc(); cipher = (ticket[i].size == 16) ? EVP_aes_128_cbc() : EVP_aes_256_cbc();
}
if (EVP_DecryptInit_ex(ectx, cipher, NULL, ticket[i].aes_key, iv) != 1) { if (EVP_DecryptInit_ex(ectx, cipher, NULL, ticket[i].aes_key, iv) != 1)
nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT, {
"EVP_DecryptInit_ex() failed"); nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT,
return -1; "EVP_DecryptInit_ex() failed");
return -1;
}
} }
#ifdef OPENSSL_NO_SHA256 #ifdef OPENSSL_NO_SHA256