Commit 1a3392c8 authored by Matt Caswell's avatar Matt Caswell
Browse files

Fix <= TLS1.2 break 



Changing the value of SSL_MAX_MASTER_KEY_LENGTH had some unexpected
side effects in the <=TLS1.2 code which apparently relies on this being
48 for interoperability. Therefore create a new define for the TLSv1.3
resumption master secret which can be up to 64 bytes.

Found through the boring test suite.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
parent 34254342

include/openssl/ssl.h

+2 −1
Original line number Diff line number Diff line
@@ -76,7 +76,8 @@ extern "C" { 


# define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES     (512/8)

# define SSL_MAX_KEY_ARG_LENGTH                  8

# define SSL_MAX_MASTER_KEY_LENGTH               64

# define SSL_MAX_MASTER_KEY_LENGTH               48

# define TLS13_MAX_RESUMPTION_MASTER_LENGTH      64



/* The maximum number of encrypt/decrypt pipelines we can support */

# define SSL_MAX_PIPELINES  32

ssl/ssl_asn1.c

+1 −1
Original line number Diff line number Diff line
@@ -294,7 +294,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, 
        goto err;



    if (!ssl_session_memcpy(ret->master_key, &tmpl,

                            as->master_key, SSL_MAX_MASTER_KEY_LENGTH))

                            as->master_key, TLS13_MAX_RESUMPTION_MASTER_LENGTH))

        goto err;



    ret->master_key_length = tmpl;

ssl/ssl_locl.h

+1 −1
Original line number Diff line number Diff line
@@ -515,7 +515,7 @@ struct ssl_session_st { 
     * For <=TLS1.2 this is the master_key. For TLS1.3 this is the resumption

     * master secret

     */

    unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];

    unsigned char master_key[TLS13_MAX_RESUMPTION_MASTER_LENGTH];

    /* session_id - valid? */

    size_t session_id_length;

    unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];