SSL export fixes (from Adam Langley).
This commit is contained in:
Ben Laurie
58
ssl/t1_enc.c
58
ssl/t1_enc.c
@@ -1119,16 +1119,17 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
|
||||
return(SSL3_MASTER_SECRET_SIZE);
|
||||
}
|
||||
|
||||
int tls1_export_keying_material(SSL *s, unsigned char *out, unsigned int olen,
|
||||
const char *label, unsigned int llen, const unsigned char *context,
|
||||
unsigned int contextlen, int use_context)
|
||||
int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
|
||||
const char *label, size_t llen, const unsigned char *context,
|
||||
size_t contextlen, int use_context)
|
||||
{
|
||||
unsigned char *buff;
|
||||
unsigned char *val = NULL;
|
||||
unsigned int vallen, currentvalpos, rv;
|
||||
size_t vallen, currentvalpos;
|
||||
int rv;
|
||||
|
||||
#ifdef KSSL_DEBUG
|
||||
printf ("tls1_export_keying_material(%p, %p,%d, %s,%d, %p,%d)\n", s, out,olen, label,llen, p,plen);
|
||||
printf ("tls1_export_keying_material(%p,%p,%d,%s,%d,%p,%d)\n", s, out, olen, label, llen, p, plen);
|
||||
#endif /* KSSL_DEBUG */
|
||||
|
||||
buff = OPENSSL_malloc(olen);
|
||||
@@ -1140,10 +1141,10 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, unsigned int olen,
|
||||
* does not create a prohibited label.
|
||||
*/
|
||||
vallen = llen + SSL3_RANDOM_SIZE * 2;
|
||||
if (use_context)
|
||||
{
|
||||
vallen += 2 + contextlen;
|
||||
}
|
||||
if (use_context)
|
||||
{
|
||||
vallen += 2 + contextlen;
|
||||
}
|
||||
|
||||
val = OPENSSL_malloc(vallen);
|
||||
if (val == NULL) goto err2;
|
||||
@@ -1155,17 +1156,17 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, unsigned int olen,
|
||||
memcpy(val + currentvalpos, s->s3->server_random, SSL3_RANDOM_SIZE);
|
||||
currentvalpos += SSL3_RANDOM_SIZE;
|
||||
|
||||
if (use_context)
|
||||
{
|
||||
val[currentvalpos] = (contextlen << 8) & 0xff;
|
||||
currentvalpos++;
|
||||
val[currentvalpos] = contextlen & 0xff;
|
||||
currentvalpos++;
|
||||
if ((contextlen > 0) || (context != NULL))
|
||||
{
|
||||
memcpy(val + currentvalpos, context, contextlen);
|
||||
}
|
||||
}
|
||||
if (use_context)
|
||||
{
|
||||
val[currentvalpos] = (contextlen >> 8) & 0xff;
|
||||
currentvalpos++;
|
||||
val[currentvalpos] = contextlen & 0xff;
|
||||
currentvalpos++;
|
||||
if ((contextlen > 0) || (context != NULL))
|
||||
{
|
||||
memcpy(val + currentvalpos, context, contextlen);
|
||||
}
|
||||
}
|
||||
|
||||
/* disallow prohibited labels
|
||||
* note that SSL3_RANDOM_SIZE > max(prohibited label len) =
|
||||
@@ -1181,19 +1182,18 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, unsigned int olen,
|
||||
if (memcmp(val, TLS_MD_KEY_EXPANSION_CONST,
|
||||
TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0) goto err1;
|
||||
|
||||
tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
|
||||
val, vallen,
|
||||
NULL, 0,
|
||||
NULL, 0,
|
||||
NULL, 0,
|
||||
NULL, 0,
|
||||
s->session->master_key,s->session->master_key_length,
|
||||
out,buff,olen);
|
||||
rv = tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
|
||||
val, vallen,
|
||||
NULL, 0,
|
||||
NULL, 0,
|
||||
NULL, 0,
|
||||
NULL, 0,
|
||||
s->session->master_key,s->session->master_key_length,
|
||||
out,buff,olen);
|
||||
|
||||
#ifdef KSSL_DEBUG
|
||||
printf ("tls1_export_keying_material() complete\n");
|
||||
#endif /* KSSL_DEBUG */
|
||||
rv = olen;
|
||||
goto ret;
|
||||
err1:
|
||||
SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
|
||||
|
||||
Reference in New Issue
Block a user