OLD | NEW |
| (Empty) |
1 diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c | |
2 index c3b77c8..a94290a 100644 | |
3 --- a/ssl/d1_lib.c | |
4 +++ b/ssl/d1_lib.c | |
5 @@ -82,6 +82,7 @@ SSL3_ENC_METHOD DTLSv1_enc_data={ | |
6 TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE, | |
7 TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE, | |
8 tls1_alert_code, | |
9 + tls1_export_keying_material, | |
10 }; | |
11 | |
12 long dtls1_default_timeout(void) | |
13 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c | |
14 index c19538a..1fecbbc 100644 | |
15 --- a/ssl/s3_lib.c | |
16 +++ b/ssl/s3_lib.c | |
17 @@ -2087,6 +2087,9 @@ SSL3_ENC_METHOD SSLv3_enc_data={ | |
18 SSL3_MD_CLIENT_FINISHED_CONST,4, | |
19 SSL3_MD_SERVER_FINISHED_CONST,4, | |
20 ssl3_alert_code, | |
21 + (int (*)(SSL *, unsigned char *, size_t, const char *, | |
22 + size_t, const unsigned char *, size_t, | |
23 + int use_context)) ssl_undefined_function, | |
24 }; | |
25 | |
26 long ssl3_default_timeout(void) | |
27 diff --git a/ssl/ssl.h b/ssl/ssl.h | |
28 index 9336af8..be4af2f 100644 | |
29 --- a/ssl/ssl.h | |
30 +++ b/ssl/ssl.h | |
31 @@ -2116,6 +2116,7 @@ void ERR_load_SSL_strings(void); | |
32 #define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 301 | |
33 #define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303 | |
34 #define SSL_F_SSL_PEEK 270 | |
35 +#define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 312 | |
36 #define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 281 | |
37 #define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 282 | |
38 #define SSL_F_SSL_READ 223 | |
39 @@ -2394,6 +2395,7 @@ void ERR_load_SSL_strings(void); | |
40 #define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 | |
41 #define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 | |
42 #define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 | |
43 +#define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367 | |
44 #define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 | |
45 #define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 | |
46 #define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 | |
47 diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c | |
48 index 17d2cde..d6ad3c1 100644 | |
49 --- a/ssl/ssl_lib.c | |
50 +++ b/ssl/ssl_lib.c | |
51 @@ -3127,6 +3127,18 @@ void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (
*cb) (SSL *s, unsigned | |
52 } | |
53 #endif | |
54 | |
55 +int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, | |
56 + const char *label, size_t llen, const unsigned char *p, size_t plen, | |
57 + int use_context) | |
58 + { | |
59 + if (s->version < TLS1_VERSION) | |
60 + return -1; | |
61 + | |
62 + return s->method->ssl3_enc->export_keying_material(s, out, olen, label, | |
63 + llen, p, plen, | |
64 + use_context); | |
65 + } | |
66 + | |
67 int SSL_cutthrough_complete(const SSL *s) | |
68 { | |
69 return (!s->server && /* cutthrough only applies to clie
nts */ | |
70 diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h | |
71 index 146c89c..e7c6b9a 100644 | |
72 --- a/ssl/ssl_locl.h | |
73 +++ b/ssl/ssl_locl.h | |
74 @@ -557,6 +557,10 @@ typedef struct ssl3_enc_method | |
75 const char *server_finished_label; | |
76 int server_finished_label_len; | |
77 int (*alert_value)(int); | |
78 + int (*export_keying_material)(SSL *, unsigned char *, size_t, | |
79 + const char *, size_t, | |
80 + const unsigned char *, size_t, | |
81 + int use_context); | |
82 } SSL3_ENC_METHOD; | |
83 | |
84 #ifndef OPENSSL_NO_COMP | |
85 @@ -1041,6 +1045,9 @@ int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char
*p); | |
86 int tls1_mac(SSL *ssl, unsigned char *md, int snd); | |
87 int tls1_generate_master_secret(SSL *s, unsigned char *out, | |
88 unsigned char *p, int len); | |
89 +int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, | |
90 + const char *label, size_t llen, const unsigned char *p, | |
91 + size_t plen, int use_context); | |
92 int tls1_alert_code(int code); | |
93 int ssl3_alert_code(int code); | |
94 int ssl_ok(SSL *s); | |
95 diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c | |
96 index 793ea43..b1d5b28 100644 | |
97 --- a/ssl/t1_enc.c | |
98 +++ b/ssl/t1_enc.c | |
99 @@ -1001,6 +1001,95 @@ int tls1_generate_master_secret(SSL *s, unsigned char *ou
t, unsigned char *p, | |
100 return(SSL3_MASTER_SECRET_SIZE); | |
101 } | |
102 | |
103 +int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, | |
104 + const char *label, size_t llen, const unsigned char *context, | |
105 + size_t contextlen, int use_context) | |
106 + { | |
107 + unsigned char *buff; | |
108 + unsigned char *val = NULL; | |
109 + size_t vallen, currentvalpos; | |
110 + int rv; | |
111 + | |
112 +#ifdef KSSL_DEBUG | |
113 + printf ("tls1_export_keying_material(%p,%p,%d,%s,%d,%p,%d)\n", s, out, o
len, label, llen, p, plen); | |
114 +#endif /* KSSL_DEBUG */ | |
115 + | |
116 + buff = OPENSSL_malloc(olen); | |
117 + if (buff == NULL) goto err2; | |
118 + | |
119 + /* construct PRF arguments | |
120 + * we construct the PRF argument ourself rather than passing separate | |
121 + * values into the TLS PRF to ensure that the concatenation of values | |
122 + * does not create a prohibited label. | |
123 + */ | |
124 + vallen = llen + SSL3_RANDOM_SIZE * 2; | |
125 + if (use_context) | |
126 + { | |
127 + vallen += 2 + contextlen; | |
128 + } | |
129 + | |
130 + val = OPENSSL_malloc(vallen); | |
131 + if (val == NULL) goto err2; | |
132 + currentvalpos = 0; | |
133 + memcpy(val + currentvalpos, (unsigned char *) label, llen); | |
134 + currentvalpos += llen; | |
135 + memcpy(val + currentvalpos, s->s3->client_random, SSL3_RANDOM_SIZE); | |
136 + currentvalpos += SSL3_RANDOM_SIZE; | |
137 + memcpy(val + currentvalpos, s->s3->server_random, SSL3_RANDOM_SIZE); | |
138 + currentvalpos += SSL3_RANDOM_SIZE; | |
139 + | |
140 + if (use_context) | |
141 + { | |
142 + val[currentvalpos] = (contextlen >> 8) & 0xff; | |
143 + currentvalpos++; | |
144 + val[currentvalpos] = contextlen & 0xff; | |
145 + currentvalpos++; | |
146 + if ((contextlen > 0) || (context != NULL)) | |
147 + { | |
148 + memcpy(val + currentvalpos, context, contextlen); | |
149 + } | |
150 + } | |
151 + | |
152 + /* disallow prohibited labels | |
153 + * note that SSL3_RANDOM_SIZE > max(prohibited label len) = | |
154 + * 15, so size of val > max(prohibited label len) = 15 and the | |
155 + * comparisons won't have buffer overflow | |
156 + */ | |
157 + if (memcmp(val, TLS_MD_CLIENT_FINISH_CONST, | |
158 + TLS_MD_CLIENT_FINISH_CONST_SIZE) == 0) goto err1; | |
159 + if (memcmp(val, TLS_MD_SERVER_FINISH_CONST, | |
160 + TLS_MD_SERVER_FINISH_CONST_SIZE) == 0) goto err1; | |
161 + if (memcmp(val, TLS_MD_MASTER_SECRET_CONST, | |
162 + TLS_MD_MASTER_SECRET_CONST_SIZE) == 0) goto err1; | |
163 + if (memcmp(val, TLS_MD_KEY_EXPANSION_CONST, | |
164 + TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0) goto err1; | |
165 + | |
166 + rv = tls1_PRF(s->s3->tmp.new_cipher->algorithm2, | |
167 + val, vallen, | |
168 + NULL, 0, | |
169 + NULL, 0, | |
170 + NULL, 0, | |
171 + NULL, 0, | |
172 + s->session->master_key,s->session->master_key_length, | |
173 + out,buff,olen); | |
174 + | |
175 +#ifdef KSSL_DEBUG | |
176 + printf ("tls1_export_keying_material() complete\n"); | |
177 +#endif /* KSSL_DEBUG */ | |
178 + goto ret; | |
179 +err1: | |
180 + SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, SSL_R_TLS_ILLEGAL_EXPORTER_LAB
EL); | |
181 + rv = 0; | |
182 + goto ret; | |
183 +err2: | |
184 + SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, ERR_R_MALLOC_FAILURE); | |
185 + rv = 0; | |
186 +ret: | |
187 + if (buff != NULL) OPENSSL_free(buff); | |
188 + if (val != NULL) OPENSSL_free(val); | |
189 + return(rv); | |
190 + } | |
191 + | |
192 int tls1_alert_code(int code) | |
193 { | |
194 switch (code) | |
195 diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c | |
196 index daa65c9..c094471 100644 | |
197 --- a/ssl/t1_lib.c | |
198 +++ b/ssl/t1_lib.c | |
199 @@ -209,6 +209,7 @@ SSL3_ENC_METHOD TLSv1_enc_data={ | |
200 TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE, | |
201 TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE, | |
202 tls1_alert_code, | |
203 + tls1_export_keying_material, | |
204 }; | |
205 | |
206 long tls1_default_timeout(void) | |
207 diff --git a/ssl/tls1.h b/ssl/tls1.h | |
208 index 1fa96e5..7bbb875 100644 | |
209 --- a/ssl/tls1.h | |
210 +++ b/ssl/tls1.h | |
211 @@ -231,6 +231,9 @@ extern "C" { | |
212 | |
213 const char *SSL_get_servername(const SSL *s, const int type) ; | |
214 int SSL_get_servername_type(const SSL *s) ; | |
215 +int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, | |
216 + const char *label, size_t llen, const unsigned char *p, size_t plen, | |
217 + int use_context); | |
218 | |
219 #define SSL_set_tlsext_host_name(s,name) \ | |
220 SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name) | |
OLD | NEW |