From 74b4b4949454eff5d704503898520e2e92d17ed6 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 22 Feb 2012 15:06:56 +0000 Subject: [PATCH] SSL export fixes (from Adam Langley) [original from 1.0.1] --- ssl/s3_lib.c | 4 ++-- ssl/ssl_lib.c | 11 +++++----- ssl/ssl_locl.h | 16 +++++++------- ssl/t1_enc.c | 58 +++++++++++++++++++++++++------------------------- ssl/tls1.h | 12 +++++++++-- 5 files changed, 55 insertions(+), 46 deletions(-) diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 9f1e1dfaa0..db79a99ccd 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2904,8 +2904,8 @@ SSL3_ENC_METHOD SSLv3_enc_data={ SSL3_MD_CLIENT_FINISHED_CONST,4, SSL3_MD_SERVER_FINISHED_CONST,4, ssl3_alert_code, - (int (*)(SSL *, unsigned char *, unsigned int, const char *, - unsigned int, const unsigned char *, unsigned int, + (int (*)(SSL *, unsigned char *, size_t, const char *, + size_t, const unsigned char *, size_t, int use_context))ssl_undefined_function, }; diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index c1c825b533..7a4943dec6 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -178,9 +178,9 @@ SSL3_ENC_METHOD ssl3_undef_enc_method={ NULL, /* server_finished_label */ 0, /* server_finished_label_len */ (int (*)(int))ssl_undefined_function, - (int (*)(SSL *, unsigned char *, unsigned int, const char *, - unsigned int, const unsigned char *, unsigned int, - int use_context))ssl_undefined_function, + (int (*)(SSL *, unsigned char *, size_t, const char *, + size_t, const unsigned char *, size_t, + int use_context)) ssl_undefined_function, }; int SSL_clear(SSL *s) @@ -1632,8 +1632,9 @@ void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned # endif #endif -int SSL_export_keying_material(SSL *s, unsigned char *out, int olen, - char *label, int llen, unsigned char *p, int plen, int use_context) +int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, + const char *label, size_t llen, const unsigned char *p, size_t plen, + int use_context) { if (s->version < TLS1_VERSION) return -1; diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 95b531e832..bdaca8bf40 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -571,11 +571,11 @@ typedef struct ssl3_enc_method const char *server_finished_label; int server_finished_label_len; int (*alert_value)(int); - int (*export_keying_material)(SSL *, unsigned char *, unsigned int, - const char *, unsigned int, - const unsigned char *, unsigned int, - int use_context); - } SSL3_ENC_METHOD; + int (*export_keying_material)(SSL *, unsigned char *, size_t, + const char *, size_t, + const unsigned char *, size_t, + int use_context); + } SSL3_ENC_METHOD; #ifndef OPENSSL_NO_COMP /* Used for holding the relevant compression methods loaded into SSL_CTX */ @@ -1068,9 +1068,9 @@ int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p); int tls1_mac(SSL *ssl, unsigned char *md, int snd); int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, int len); -int tls1_export_keying_material(SSL *s, unsigned char *out, unsigned int olen, - const char *label, unsigned int llen, const unsigned char *p, - unsigned int plen, int use_context); +int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, + const char *label, size_t llen, + const unsigned char *p, size_t plen, int use_context); int tls1_alert_code(int code); int ssl3_alert_code(int code); int ssl_ok(SSL *s); diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 5c1074e245..f32393c56b 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -1119,16 +1119,17 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, return(SSL3_MASTER_SECRET_SIZE); } -int tls1_export_keying_material(SSL *s, unsigned char *out, unsigned int olen, - const char *label, unsigned int llen, const unsigned char *context, - unsigned int contextlen, int use_context) +int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, + const char *label, size_t llen, const unsigned char *context, + size_t contextlen, int use_context) { unsigned char *buff; unsigned char *val = NULL; - unsigned int vallen, currentvalpos, rv; + size_t vallen, currentvalpos; + int rv; #ifdef KSSL_DEBUG - printf ("tls1_export_keying_material(%p, %p,%d, %s,%d, %p,%d)\n", s, out,olen, label,llen, p,plen); + printf ("tls1_export_keying_material(%p,%p,%d,%s,%d,%p,%d)\n", s, out, olen, label, llen, p, plen); #endif /* KSSL_DEBUG */ buff = OPENSSL_malloc(olen); @@ -1140,10 +1141,10 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, unsigned int olen, * does not create a prohibited label. */ vallen = llen + SSL3_RANDOM_SIZE * 2; - if (use_context) - { - vallen += 2 + contextlen; - } + if (use_context) + { + vallen += 2 + contextlen; + } val = OPENSSL_malloc(vallen); if (val == NULL) goto err2; @@ -1155,17 +1156,17 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, unsigned int olen, memcpy(val + currentvalpos, s->s3->server_random, SSL3_RANDOM_SIZE); currentvalpos += SSL3_RANDOM_SIZE; - if (use_context) - { - val[currentvalpos] = (contextlen << 8) & 0xff; - currentvalpos++; - val[currentvalpos] = contextlen & 0xff; - currentvalpos++; - if ((contextlen > 0) || (context != NULL)) - { - memcpy(val + currentvalpos, context, contextlen); - } - } + if (use_context) + { + val[currentvalpos] = (contextlen >> 8) & 0xff; + currentvalpos++; + val[currentvalpos] = contextlen & 0xff; + currentvalpos++; + if ((contextlen > 0) || (context != NULL)) + { + memcpy(val + currentvalpos, context, contextlen); + } + } /* disallow prohibited labels * note that SSL3_RANDOM_SIZE > max(prohibited label len) = @@ -1181,19 +1182,18 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, unsigned int olen, if (memcmp(val, TLS_MD_KEY_EXPANSION_CONST, TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0) goto err1; - tls1_PRF(s->s3->tmp.new_cipher->algorithm2, - val, vallen, - NULL, 0, - NULL, 0, - NULL, 0, - NULL, 0, - s->session->master_key,s->session->master_key_length, - out,buff,olen); + rv = tls1_PRF(s->s3->tmp.new_cipher->algorithm2, + val, vallen, + NULL, 0, + NULL, 0, + NULL, 0, + NULL, 0, + s->session->master_key,s->session->master_key_length, + out,buff,olen); #ifdef KSSL_DEBUG printf ("tls1_export_keying_material() complete\n"); #endif /* KSSL_DEBUG */ - rv = olen; goto ret; err1: SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL); diff --git a/ssl/tls1.h b/ssl/tls1.h index 49575e7989..c5e3a70022 100644 --- a/ssl/tls1.h +++ b/ssl/tls1.h @@ -265,8 +265,16 @@ extern "C" { const char *SSL_get_servername(const SSL *s, const int type); int SSL_get_servername_type(const SSL *s); -int SSL_export_keying_material(SSL *s, unsigned char *out, int olen, - char *label, int llen, unsigned char *p, int plen, int use_context); +/* SSL_export_keying_material exports a value derived from the master secret, + * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and + * optional context. (Since a zero length context is allowed, the |use_context| + * flag controls whether a context is included.) + * + * It returns 1 on success and zero otherwise. + */ +int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, + const char *label, size_t llen, const unsigned char *p, size_t plen, + int use_context); #define SSL_set_tlsext_host_name(s,name) \ SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name) -- 2.25.1