[openssl-commits] [openssl] master update
Richard Levitte
levitte at openssl.org
Wed Jan 25 21:02:02 UTC 2017
The branch master has been updated
via f0deb4d352774491919f1b1ba861014659651d66 (commit)
from 4bb0b4381edd96bc357e43d8f9a1c55fb405f121 (commit)
- Log -----------------------------------------------------------------
commit f0deb4d352774491919f1b1ba861014659651d66
Author: Cory Benfield <lukasaoz at gmail.com>
Date: Wed Jan 25 19:42:16 2017 +0000
Limit the length of the encrypted premaster key.
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2288)
-----------------------------------------------------------------------
Summary of changes:
ssl/ssl_lib.c | 3 ++-
test/sslapitest.c | 8 ++++++++
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index c25f76f..8ca1a3c 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -4418,10 +4418,11 @@ int ssl_log_rsa_client_key_exchange(SSL *ssl,
return 0;
}
+ /* We only want the first 8 bytes of the encrypted premaster as a tag. */
return nss_keylog_int("RSA",
ssl,
encrypted_premaster,
- encrypted_premaster_len,
+ 8,
premaster,
premaster_len);
}
diff --git a/test/sslapitest.c b/test/sslapitest.c
index ac065b2..1bd7878 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -198,6 +198,7 @@ static int test_keylog(void) {
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
+ int rc;
/* Clean up logging space */
memset(client_log_buffer, 0, LOG_BUFFER_SIZE + 1);
@@ -216,6 +217,13 @@ static int test_keylog(void) {
SSL_CTX_set_options(cctx, SSL_OP_NO_TLSv1_3);
SSL_CTX_set_options(sctx, SSL_OP_NO_TLSv1_3);
+ /* We also want to ensure that we use RSA-based key exchange. */
+ rc = SSL_CTX_set_cipher_list(cctx, "RSA");
+ if (rc == 0) {
+ printf("Unable to restrict to RSA key exchange.\n");
+ goto end;
+ }
+
if (SSL_CTX_get_keylog_callback(cctx)) {
printf("Unexpected initial value for client "
"SSL_CTX_get_keylog_callback()\n");
More information about the openssl-commits
mailing list