Limit the length of the encrypted premaster key.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2288)

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index c25f76f344f937ce382d71881a9f6ef1b507788c..8ca1a3c778b26d2126e2def02f86a1453a2775d3 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -4418,10 +4418,11 @@ int ssl_log_rsa_client_key_exchange(SSL *ssl,
         return 0;
     }
 
+    /* We only want the first 8 bytes of the encrypted premaster as a tag. */
     return nss_keylog_int("RSA",
                           ssl,
                           encrypted_premaster,
-                          encrypted_premaster_len,
+                          8,
                           premaster,
                           premaster_len);
 }

diff --git a/test/sslapitest.c b/test/sslapitest.c
index ac065b281cd3a15ae222a163c87a95b1b8b8e8f2..1bd78789606bc2c1e89d28f64c0eb15441c511f4 100644 (file)
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -198,6 +198,7 @@ static int test_keylog(void) {
     SSL_CTX *cctx = NULL, *sctx = NULL;
     SSL *clientssl = NULL, *serverssl = NULL;
     int testresult = 0;
+    int rc;
 
     /* Clean up logging space */
     memset(client_log_buffer, 0, LOG_BUFFER_SIZE + 1);
@@ -216,6 +217,13 @@ static int test_keylog(void) {
     SSL_CTX_set_options(cctx, SSL_OP_NO_TLSv1_3);
     SSL_CTX_set_options(sctx, SSL_OP_NO_TLSv1_3);
 
+    /* We also want to ensure that we use RSA-based key exchange. */
+    rc = SSL_CTX_set_cipher_list(cctx, "RSA");
+    if (rc == 0) {
+        printf("Unable to restrict to RSA key exchange.\n");
+        goto end;
+    }
+
     if (SSL_CTX_get_keylog_callback(cctx)) {
         printf("Unexpected initial value for client "
                "SSL_CTX_get_keylog_callback()\n");