Clean up and harden TLSv1.2 master key derivation.

The master key and its length are only stored in one location, so it makes no sense to handle these outside of the derivation function (the current 'out' argument is unused). This simplifies the various call sites. If derivation fails for some reason, fail hard rather than continuing on and hoping that something deals with this correctly later. ok inoguchi@ tb@
author: jsing <> 2021-04-30 19:26:45 +0000
committer: jsing <> 2021-04-30 19:26:45 +0000
commit: 43140dd2d9a01de0fff0ae59aec0e1d7cda76474 (patch)
tree: 3facea5851b6c8afd6d09865048a1f9e6e0c0c8b /src/lib/libssl/t1_enc.c
parent: 83b76ed417b8b5f76bcd75ebddd3441a55c890ce (diff)
download: openbsd-43140dd2d9a01de0fff0ae59aec0e1d7cda76474.tar.gz
openbsd-43140dd2d9a01de0fff0ae59aec0e1d7cda76474.tar.bz2
openbsd-43140dd2d9a01de0fff0ae59aec0e1d7cda76474.zip
1 files changed, 1 insertions, 18 deletions
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 3f93bcecf5..642c210900 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_enc.c,v 1.139 2021/04/25 13:15:22 jsing Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.140 2021/04/30 19:26:45 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -466,23 +466,6 @@ tls1_setup_key_block(SSL *s)
 }
 int
-tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
-    int len)
-{
-        if (len < 0)
-                return 0;
-        if (!tls1_PRF(s, p, len,
-            TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE,
-            s->s3->client_random, SSL3_RANDOM_SIZE, NULL, 0,
-            s->s3->server_random, SSL3_RANDOM_SIZE, NULL, 0,
-            s->session->master_key, SSL_MAX_MASTER_KEY_LENGTH))
-                return 0;
-        return (SSL_MAX_MASTER_KEY_LENGTH);
-}
-int
 tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
    const char *label, size_t llen, const unsigned char *context,
    size_t contextlen, int use_context)
author	jsing <>	2021-04-30 19:26:45 +0000
committer	jsing <>	2021-04-30 19:26:45 +0000
commit	43140dd2d9a01de0fff0ae59aec0e1d7cda76474 (patch)
tree	3facea5851b6c8afd6d09865048a1f9e6e0c0c8b /src/lib/libssl/t1_enc.c
parent	83b76ed417b8b5f76bcd75ebddd3441a55c890ce (diff)
download	openbsd-43140dd2d9a01de0fff0ae59aec0e1d7cda76474.tar.gz openbsd-43140dd2d9a01de0fff0ae59aec0e1d7cda76474.tar.bz2 openbsd-43140dd2d9a01de0fff0ae59aec0e1d7cda76474.zip

diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index 3f93bcecf5..642c210900 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_enc.c,v 1.139 2021/04/25 13:15:22 jsing Exp $ */	1	/* $OpenBSD: t1_enc.c,v 1.140 2021/04/30 19:26:45 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -466,23 +466,6 @@ tls1_setup_key_block(SSL *s)
466	}	466	}
467		467
468	int	468	int
469	tls1_generate_master_secret(SSL s, unsigned char out, unsigned char *p,
470	int len)
471	{
472	if (len < 0)
473	return 0;
474
475	if (!tls1_PRF(s, p, len,
476	TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE,
477	s->s3->client_random, SSL3_RANDOM_SIZE, NULL, 0,
478	s->s3->server_random, SSL3_RANDOM_SIZE, NULL, 0,
479	s->session->master_key, SSL_MAX_MASTER_KEY_LENGTH))
480	return 0;
481
482	return (SSL_MAX_MASTER_KEY_LENGTH);
483	}
484
485	int
486	tls1_export_keying_material(SSL s, unsigned char out, size_t olen,	469	tls1_export_keying_material(SSL s, unsigned char out, size_t olen,
487	const char label, size_t llen, const unsigned char context,	470	const char label, size_t llen, const unsigned char context,
488	size_t contextlen, int use_context)	471	size_t contextlen, int use_context)