1 files changed, 1 insertions, 81 deletions
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 66a7aea2f5..dc627c5a8b 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_enc.c,v 1.155 2022/10/02 16:36:41 jsing Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.156 2022/11/07 11:58:45 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -413,83 +413,3 @@ tls1_setup_key_block(SSL *s)
        return (ret);
 }
-int
-tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
-    const char *label, size_t llen, const unsigned char *context,
-    size_t contextlen, int use_context)
-{
-        unsigned char *val = NULL;
-        size_t vallen, currentvalpos;
-        int rv;
-        if (!SSL_is_init_finished(s)) {
-                SSLerror(s, SSL_R_BAD_STATE);
-                return 0;
-        }
-        /* construct PRF arguments
-         * we construct the PRF argument ourself rather than passing separate
-         * values into the TLS PRF to ensure that the concatenation of values
-         * does not create a prohibited label.
-         */
-        vallen = llen + SSL3_RANDOM_SIZE * 2;
-        if (use_context) {
-                vallen += 2 + contextlen;
-        }
-        val = malloc(vallen);
-        if (val == NULL)
-                goto err2;
-        currentvalpos = 0;
-        memcpy(val + currentvalpos, (unsigned char *) label, llen);
-        currentvalpos += llen;
-        memcpy(val + currentvalpos, s->s3->client_random, SSL3_RANDOM_SIZE);
-        currentvalpos += SSL3_RANDOM_SIZE;
-        memcpy(val + currentvalpos, s->s3->server_random, SSL3_RANDOM_SIZE);
-        currentvalpos += SSL3_RANDOM_SIZE;
-        if (use_context) {
-                val[currentvalpos] = (contextlen >> 8) & 0xff;
-                currentvalpos++;
-                val[currentvalpos] = contextlen & 0xff;
-                currentvalpos++;
-                if ((contextlen > 0) || (context != NULL)) {
-                        memcpy(val + currentvalpos, context, contextlen);
-                }
-        }
-        /* disallow prohibited labels
-         * note that SSL3_RANDOM_SIZE > max(prohibited label len) =
-         * 15, so size of val > max(prohibited label len) = 15 and the
-         * comparisons won't have buffer overflow
-         */
-        if (memcmp(val, TLS_MD_CLIENT_FINISH_CONST,
-            TLS_MD_CLIENT_FINISH_CONST_SIZE) == 0)
-                goto err1;
-        if (memcmp(val, TLS_MD_SERVER_FINISH_CONST,
-            TLS_MD_SERVER_FINISH_CONST_SIZE) == 0)
-                goto err1;
-        if (memcmp(val, TLS_MD_MASTER_SECRET_CONST,
-            TLS_MD_MASTER_SECRET_CONST_SIZE) == 0)
-                goto err1;
-        if (memcmp(val, TLS_MD_KEY_EXPANSION_CONST,
-            TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0)
-                goto err1;
-        rv = tls1_PRF(s, s->session->master_key, s->session->master_key_length,
-            val, vallen, NULL, 0, NULL, 0, NULL, 0, NULL, 0, out, olen);
-        goto ret;
- err1:
-        SSLerror(s, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
-        rv = 0;
-        goto ret;
- err2:
-        SSLerror(s, ERR_R_MALLOC_FAILURE);
-        rv = 0;
- ret:
-        free(val);
-        return (rv);
-}

diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index 66a7aea2f5..dc627c5a8b 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_enc.c,v 1.155 2022/10/02 16:36:41 jsing Exp $ */	1	/* $OpenBSD: t1_enc.c,v 1.156 2022/11/07 11:58:45 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -413,83 +413,3 @@ tls1_setup_key_block(SSL *s)
413		413
414	return (ret);	414	return (ret);
415	}	415	}
416
417	int
418	tls1_export_keying_material(SSL s, unsigned char out, size_t olen,
419	const char label, size_t llen, const unsigned char context,
420	size_t contextlen, int use_context)
421	{
422	unsigned char *val = NULL;
423	size_t vallen, currentvalpos;
424	int rv;
425
426	if (!SSL_is_init_finished(s)) {
427	SSLerror(s, SSL_R_BAD_STATE);
428	return 0;
429	}
430
431	/* construct PRF arguments
432	* we construct the PRF argument ourself rather than passing separate
433	* values into the TLS PRF to ensure that the concatenation of values
434	* does not create a prohibited label.
435	*/
436	vallen = llen + SSL3_RANDOM_SIZE * 2;
437	if (use_context) {
438	vallen += 2 + contextlen;
439	}
440
441	val = malloc(vallen);
442	if (val == NULL)
443	goto err2;
444	currentvalpos = 0;
445	memcpy(val + currentvalpos, (unsigned char *) label, llen);
446	currentvalpos += llen;
447	memcpy(val + currentvalpos, s->s3->client_random, SSL3_RANDOM_SIZE);
448	currentvalpos += SSL3_RANDOM_SIZE;
449	memcpy(val + currentvalpos, s->s3->server_random, SSL3_RANDOM_SIZE);
450	currentvalpos += SSL3_RANDOM_SIZE;
451
452	if (use_context) {
453	val[currentvalpos] = (contextlen >> 8) & 0xff;
454	currentvalpos++;
455	val[currentvalpos] = contextlen & 0xff;
456	currentvalpos++;
457	if ((contextlen > 0) \|\| (context != NULL)) {
458	memcpy(val + currentvalpos, context, contextlen);
459	}
460	}
461
462	/* disallow prohibited labels
463	* note that SSL3_RANDOM_SIZE > max(prohibited label len) =
464	* 15, so size of val > max(prohibited label len) = 15 and the
465	* comparisons won't have buffer overflow
466	*/
467	if (memcmp(val, TLS_MD_CLIENT_FINISH_CONST,
468	TLS_MD_CLIENT_FINISH_CONST_SIZE) == 0)
469	goto err1;
470	if (memcmp(val, TLS_MD_SERVER_FINISH_CONST,
471	TLS_MD_SERVER_FINISH_CONST_SIZE) == 0)
472	goto err1;
473	if (memcmp(val, TLS_MD_MASTER_SECRET_CONST,
474	TLS_MD_MASTER_SECRET_CONST_SIZE) == 0)
475	goto err1;
476	if (memcmp(val, TLS_MD_KEY_EXPANSION_CONST,
477	TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0)
478	goto err1;
479
480	rv = tls1_PRF(s, s->session->master_key, s->session->master_key_length,
481	val, vallen, NULL, 0, NULL, 0, NULL, 0, NULL, 0, out, olen);
482
483	goto ret;
484	err1:
485	SSLerror(s, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
486	rv = 0;
487	goto ret;
488	err2:
489	SSLerror(s, ERR_R_MALLOC_FAILURE);
490	rv = 0;
491	ret:
492	free(val);
493
494	return (rv);
495	}