https://bz.apache.org/bugzilla/show_bug.cgi?id=70102
Bug ID: 70102
Summary: OpenSSLSessionContext.setTicketKeys contains outdated
length check
Product: Tomcat Native
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: trivial
Priority: P2
Component: Library
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
`org.apache.tomcat.util.net.openssl.panama.OpenSSLSessionContext` contains the
function `public void setTicketKeys(byte[] keys)`. It expects the array to be
48 Bytes long (TICKET_KEYS_SIZE) [1], but OpenSSL (nowadays) expects 80 Bytes
[2]. This causes the call to silently fail.
As the call always fails (and as far as I can tell, openssl always had this
length check) I don't see this being a security issue, but just a broken
functionality.
More detailed trace:
If a 48B array is supplied, the following functions are called:
- `SSL_CTX_set_tlsext_ticket_keys(context.getSSLContext(), array,
TICKET_KEYS_SIZE);`
- `SSL_CTX_ctrl(sslCtx, SSL_CTRL_SET_TLSEXT_TICKET_KEYS(), keyLength, keys);`
- openssl: `long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)`
- openssl: `return ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg);` (default
case)
- openssl: `long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)`
In the `SSL_CTRL_SET_TLSEXT_TICKET_KEYS` case [2], openssl checks that the
supplied length is equal to the expected key length. Currently, openssl expects
16B key name + 2*32B keys, totaling 80B. Hence the call will be rejected.
[1]:
https://github.com/apache/tomcat/blob/11.0.21/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLSessionContext.java#L63
[2]:
https://github.com/openssl/openssl/blob/c7215806539ea0a312c42a5893b1f5f9eb9ae5ae/ssl/s3_lib.c#L4464
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
