Add missing bounds check in tls13_derive_resumption_secret.
This is fine because TLS PRFs only go up to SHA-384, but since SSL_SESSION::master_key is sized to 48, not EVP_MAX_MD_SIZE, this should explicitly check the bounds. Change-Id: I2b1bcaab5cdfc3ce4d7a8b8ed5cc4c6d15d10270 Reviewed-on: https://boringssl-review.googlesource.com/12460 CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com>
This commit is contained in:
parent
68f37b7a3f
commit
3d622e554e
@ -270,6 +270,11 @@ int tls13_rotate_traffic_key(SSL *ssl, enum evp_aead_direction_t direction) {
|
|||||||
static const char kTLS13LabelResumption[] = "resumption master secret";
|
static const char kTLS13LabelResumption[] = "resumption master secret";
|
||||||
|
|
||||||
int tls13_derive_resumption_secret(SSL *ssl) {
|
int tls13_derive_resumption_secret(SSL *ssl) {
|
||||||
|
if (ssl->s3->hs->hash_len > SSL_MAX_MASTER_KEY_LENGTH) {
|
||||||
|
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
ssl->s3->new_session->master_key_length = ssl->s3->hs->hash_len;
|
ssl->s3->new_session->master_key_length = ssl->s3->hs->hash_len;
|
||||||
return derive_secret(ssl, ssl->s3->new_session->master_key,
|
return derive_secret(ssl, ssl->s3->new_session->master_key,
|
||||||
ssl->s3->new_session->master_key_length,
|
ssl->s3->new_session->master_key_length,
|
||||||
|
Loading…
Reference in New Issue
Block a user