The branch master has been updated via 1f5878b8e25a785dde330bf485e6ed5a6ae09a1a (commit) via b1a51abb935163cbb0b0089ad9ee8ff174341bbd (commit) via 2221ec10ab2771d7effad839392c88f35cde04a3 (commit) from 50ea9d2b3521467a11559be41dcf05ee05feabd6 (commit)
- Log ----------------------------------------------------------------- commit 1f5878b8e25a785dde330bf485e6ed5a6ae09a1a Author: Tatsuhiro Tsujikawa <tatsuhir...@gmail.com> Date: Sun Jan 21 11:30:36 2018 +0900 Make sure that exporting keying material is allowed Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4944) commit b1a51abb935163cbb0b0089ad9ee8ff174341bbd Author: Tatsuhiro Tsujikawa <tatsuhir...@gmail.com> Date: Thu Jan 18 15:39:45 2018 +0900 Remove generation of exporter master secret on client application traffic Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4944) commit 2221ec10ab2771d7effad839392c88f35cde04a3 Author: Tatsuhiro Tsujikawa <tatsuhir...@gmail.com> Date: Sat Dec 16 16:46:18 2017 +0900 Generate exporter_master_secret after server Finished Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4944) ----------------------------------------------------------------------- Summary of changes: ssl/statem/statem.c | 10 ++++++++++ ssl/statem/statem.h | 1 + ssl/tls13_enc.c | 25 ++++++++++++------------- test/tls13secretstest.c | 5 +++++ 4 files changed, 28 insertions(+), 13 deletions(-) diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index 45cb9ab..95c369a 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c @@ -941,3 +941,13 @@ int ossl_statem_app_data_allowed(SSL *s) return 0; } + +/* + * This function returns 1 if TLS exporter is ready to export keying + * material, or 0 if otherwise. + */ +int ossl_statem_export_allowed(SSL *s) +{ + return s->s3->previous_server_finished_len != 0 + && s->statem.hand_state != TLS_ST_SW_FINISHED; +} diff --git a/ssl/statem/statem.h b/ssl/statem/statem.h index e8d9174..3242c78 100644 --- a/ssl/statem/statem.h +++ b/ssl/statem/statem.h @@ -132,6 +132,7 @@ __owur int ossl_statem_skip_early_data(SSL *s); void ossl_statem_check_finish_init(SSL *s, int send); void ossl_statem_set_hello_verify_done(SSL *s); __owur int ossl_statem_app_data_allowed(SSL *s); +__owur int ossl_statem_export_allowed(SSL *s); /* Flush the write BIO */ int statem_flush(SSL *s); diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index fe817f8..05355fb 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -562,16 +562,6 @@ int tls13_change_cipher_state(SSL *s, int which) goto err; } s->session->master_key_length = hashlen; - - /* Now we create the exporter master secret */ - if (!tls13_hkdf_expand(s, ssl_handshake_md(s), insecret, - exporter_master_secret, - sizeof(exporter_master_secret) - 1, - hash, hashlen, s->exporter_master_secret, - hashlen)) { - /* SSLfatal() already called */ - goto err; - } } if (!derive_secret_key_and_iv(s, which & SSL3_CC_WRITE, md, cipher, @@ -581,9 +571,18 @@ int tls13_change_cipher_state(SSL *s, int which) goto err; } - if (label == server_application_traffic) + if (label == server_application_traffic) { memcpy(s->server_app_traffic_secret, secret, hashlen); - else if (label == client_application_traffic) + /* Now we create the exporter master secret */ + if (!tls13_hkdf_expand(s, ssl_handshake_md(s), insecret, + exporter_master_secret, + sizeof(exporter_master_secret) - 1, + hash, hashlen, s->exporter_master_secret, + hashlen)) { + /* SSLfatal() already called */ + goto err; + } + } else if (label == client_application_traffic) memcpy(s->client_app_traffic_secret, secret, hashlen); if (!ssl_log_secret(s, log_label, secret, hashlen)) { @@ -667,7 +666,7 @@ int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen, unsigned int hashsize, datalen; int ret = 0; - if (ctx == NULL || !SSL_is_init_finished(s)) + if (ctx == NULL || !ossl_statem_export_allowed(s)) goto err; if (!use_context) diff --git a/test/tls13secretstest.c b/test/tls13secretstest.c index 16542c4..f08b5d3 100644 --- a/test/tls13secretstest.c +++ b/test/tls13secretstest.c @@ -212,6 +212,11 @@ void ossl_statem_fatal(SSL *s, int al, int func, int reason, const char *file, { } +int ossl_statem_export_allowed(SSL *s) +{ + return 1; +} + /* End of mocked out code */ static int test_secret(SSL *s, unsigned char *prk, _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits