| 1750 | |
| 1751 | #ifdef HAVE_TLS_SESSION_TICKETS |
| 1752 | static apr_status_t ssl_init_ticket_key(server_rec *s, |
| 1753 | apr_pool_t *p, |
| 1754 | apr_pool_t *ptemp, |
| 1755 | modssl_ctx_t *mctx) |
| 1756 | { |
| 1757 | apr_status_t rv; |
| 1758 | apr_file_t *fp; |
| 1759 | apr_size_t len; |
| 1760 | char buf[TLSEXT_TICKET_KEY_LEN]; |
| 1761 | char *path; |
| 1762 | modssl_ticket_key_t *ticket_key = mctx->ticket_key; |
| 1763 | int res; |
| 1764 | |
| 1765 | if (!ticket_key->file_path) { |
| 1766 | return APR_SUCCESS; |
| 1767 | } |
| 1768 | |
| 1769 | path = ap_server_root_relative(p, ticket_key->file_path); |
| 1770 | |
| 1771 | rv = apr_file_open(&fp, path, APR_READ|APR_BINARY, |
| 1772 | APR_OS_DEFAULT, ptemp); |
| 1773 | |
| 1774 | if (rv != APR_SUCCESS) { |
| 1775 | ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02286) |
| 1776 | "Failed to open ticket key file %s: (%d) %pm", |
| 1777 | path, rv, &rv); |
| 1778 | return ssl_die(s); |
| 1779 | } |
| 1780 | |
| 1781 | rv = apr_file_read_full(fp, &buf[0], TLSEXT_TICKET_KEY_LEN, &len); |
| 1782 | |
| 1783 | if (rv != APR_SUCCESS) { |
| 1784 | ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02287) |
| 1785 | "Failed to read %d bytes from %s: (%d) %pm", |
| 1786 | TLSEXT_TICKET_KEY_LEN, path, rv, &rv); |
| 1787 | return ssl_die(s); |
| 1788 | } |
| 1789 | |
| 1790 | memcpy(ticket_key->key_name, buf, 16); |
| 1791 | memcpy(ticket_key->aes_key, buf + 32, 16); |
| 1792 | #if OPENSSL_VERSION_NUMBER < 0x30000000L |
| 1793 | memcpy(ticket_key->hmac_secret, buf + 16, 16); |
| 1794 | res = SSL_CTX_set_tlsext_ticket_key_cb(mctx->ssl_ctx, |
| 1795 | ssl_callback_SessionTicket); |
| 1796 | #else |
| 1797 | ticket_key->mac_params[0] = |
| 1798 | OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, buf + 16, 16); |
| 1799 | ticket_key->mac_params[1] = |
| 1800 | OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, "sha256", 0); |
| 1801 | ticket_key->mac_params[2] = |
| 1802 | OSSL_PARAM_construct_end(); |
| 1803 | res = SSL_CTX_set_tlsext_ticket_key_evp_cb(mctx->ssl_ctx, |
| 1804 | ssl_callback_SessionTicket); |
| 1805 | #endif |
| 1806 | if (!res) { |
| 1807 | ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(01913) |
| 1808 | "Unable to initialize TLS session ticket key callback " |
| 1809 | "(incompatible OpenSSL version?)"); |
no test coverage detected