mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 05:21:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

Limit the length of the encrypted premaster key.

Browse Source 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2288)
This commit is contained in:
Cory Benfield 2017-01-25 19:42:16 +00:00 committed by Richard Levitte
parent 4bb0b4381e
commit f0deb4d352
2 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ssl/ssl_lib.c
View File

@ -4418,10 +4418,11 @@ int ssl_log_rsa_client_key_exchange(SSL *ssl,
return 0;
}
/* We only want the first 8 bytes of the encrypted premaster as a tag. */
return nss_keylog_int("RSA",
ssl,
encrypted_premaster,
encrypted_premaster_len,
8,
premaster,
premaster_len);
}

8
test/sslapitest.c
View File

@ -198,6 +198,7 @@ static int test_keylog(void) {
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
int rc;
/* Clean up logging space */
memset(client_log_buffer, 0, LOG_BUFFER_SIZE + 1);
@ -216,6 +217,13 @@ static int test_keylog(void) {
SSL_CTX_set_options(cctx, SSL_OP_NO_TLSv1_3);
SSL_CTX_set_options(sctx, SSL_OP_NO_TLSv1_3);
/* We also want to ensure that we use RSA-based key exchange. */
rc = SSL_CTX_set_cipher_list(cctx, "RSA");
if (rc == 0) {
printf("Unable to restrict to RSA key exchange.\n");
goto end;
}
if (SSL_CTX_get_keylog_callback(cctx)) {
printf("Unexpected initial value for client "
"SSL_CTX_get_keylog_callback()\n");