Commit 1f5878b8 authored Jan 21, 2018 by Tatsuhiro Tsujikawa Committed by Matt Caswell Feb 02, 2018

Make sure that exporting keying material is allowed



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4944)

parent b1a51abb

ssl/statem/statem.c

+10 −0

Original line number	Diff line number	Diff line
		@@ -941,3 +941,13 @@ int ossl_statem_app_data_allowed(SSL *s)

		return 0;
		}

		/*
		* This function returns 1 if TLS exporter is ready to export keying
		* material, or 0 if otherwise.
		*/
		int ossl_statem_export_allowed(SSL *s)
		{
		return s->s3->previous_server_finished_len != 0
		&& s->statem.hand_state != TLS_ST_SW_FINISHED;
		}

ssl/statem/statem.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -132,6 +132,7 @@ __owur int ossl_statem_skip_early_data(SSL *s);
		void ossl_statem_check_finish_init(SSL *s, int send);
		void ossl_statem_set_hello_verify_done(SSL *s);
		__owur int ossl_statem_app_data_allowed(SSL *s);
		__owur int ossl_statem_export_allowed(SSL *s);

		/* Flush the write BIO */
		int statem_flush(SSL *s);

ssl/tls13_enc.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -666,7 +666,7 @@ int tls13_export_keying_material(SSL s, unsigned char out, size_t olen,
		unsigned int hashsize, datalen;
		int ret = 0;

		if (ctx == NULL)
		if (ctx == NULL \|\| !ossl_statem_export_allowed(s))
		goto err;

		if (!use_context)

test/tls13secretstest.c

+5 −0

Original line number	Diff line number	Diff line
		@@ -212,6 +212,11 @@ void ossl_statem_fatal(SSL s, int al, int func, int reason, const char file,
		{
		}

		int ossl_statem_export_allowed(SSL *s)
		{
		return 1;
		}

		/* End of mocked out code */

		static int test_secret(SSL s, unsigned char prk,