From 1a3392c878e8421c2e5730fde5accd4ab77c2875 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 23 Jan 2017 16:59:35 +0000 Subject: [PATCH] Fix <= TLS1.2 break Changing the value of SSL_MAX_MASTER_KEY_LENGTH had some unexpected side effects in the <=TLS1.2 code which apparently relies on this being 48 for interoperability. Therefore create a new define for the TLSv1.3 resumption master secret which can be up to 64 bytes. Found through the boring test suite. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2259) --- include/openssl/ssl.h | 3 ++- ssl/ssl_asn1.c | 2 +- ssl/ssl_locl.h | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index e8f351dfc5..9d9e193a8c 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -76,7 +76,8 @@ extern "C" { # define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8) # define SSL_MAX_KEY_ARG_LENGTH 8 -# define SSL_MAX_MASTER_KEY_LENGTH 64 +# define SSL_MAX_MASTER_KEY_LENGTH 48 +# define TLS13_MAX_RESUMPTION_MASTER_LENGTH 64 /* The maximum number of encrypt/decrypt pipelines we can support */ # define SSL_MAX_PIPELINES 32 diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index 568f41ff5b..73ba78dbe5 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -294,7 +294,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, goto err; if (!ssl_session_memcpy(ret->master_key, &tmpl, - as->master_key, SSL_MAX_MASTER_KEY_LENGTH)) + as->master_key, TLS13_MAX_RESUMPTION_MASTER_LENGTH)) goto err; ret->master_key_length = tmpl; diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index e74c0f480a..f95b4660a7 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -515,7 +515,7 @@ struct ssl_session_st { * For <=TLS1.2 this is the master_key. For TLS1.3 this is the resumption * master secret */ - unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; + unsigned char master_key[TLS13_MAX_RESUMPTION_MASTER_LENGTH]; /* session_id - valid? */ size_t session_id_length; unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; -- 2.25.1