Add missing bounds check in tls13_derive_resumption_secret.

This is fine because TLS PRFs only go up to SHA-384, but since
SSL_SESSION::master_key is sized to 48, not EVP_MAX_MD_SIZE, this should
explicitly check the bounds.

Change-Id: I2b1bcaab5cdfc3ce4d7a8b8ed5cc4c6d15d10270
Reviewed-on: https://boringssl-review.googlesource.com/12460
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
This commit is contained in:
David Benjamin 2016-11-23 12:39:29 -05:00 committed by CQ bot account: commit-bot@chromium.org
parent 68f37b7a3f
commit 3d622e554e

View File

@ -270,6 +270,11 @@ int tls13_rotate_traffic_key(SSL *ssl, enum evp_aead_direction_t direction) {
static const char kTLS13LabelResumption[] = "resumption master secret"; static const char kTLS13LabelResumption[] = "resumption master secret";
int tls13_derive_resumption_secret(SSL *ssl) { int tls13_derive_resumption_secret(SSL *ssl) {
if (ssl->s3->hs->hash_len > SSL_MAX_MASTER_KEY_LENGTH) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
return 0;
}
ssl->s3->new_session->master_key_length = ssl->s3->hs->hash_len; ssl->s3->new_session->master_key_length = ssl->s3->hs->hash_len;
return derive_secret(ssl, ssl->s3->new_session->master_key, return derive_secret(ssl, ssl->s3->new_session->master_key,
ssl->s3->new_session->master_key_length, ssl->s3->new_session->master_key_length,