[openssl-commits] [openssl] master update

Matt Caswell matt at openssl.org
Sat Feb 3 00:01:38 UTC 2018 

The branch master has been updated
       via  1f5878b8e25a785dde330bf485e6ed5a6ae09a1a (commit)
       via  b1a51abb935163cbb0b0089ad9ee8ff174341bbd (commit)
       via  2221ec10ab2771d7effad839392c88f35cde04a3 (commit)
      from  50ea9d2b3521467a11559be41dcf05ee05feabd6 (commit)


- Log -----------------------------------------------------------------
commit 1f5878b8e25a785dde330bf485e6ed5a6ae09a1a
Author: Tatsuhiro Tsujikawa <tatsuhiro.t at gmail.com>
Date:   Sun Jan 21 11:30:36 2018 +0900

    Make sure that exporting keying material is allowed
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/4944)

commit b1a51abb935163cbb0b0089ad9ee8ff174341bbd
Author: Tatsuhiro Tsujikawa <tatsuhiro.t at gmail.com>
Date:   Thu Jan 18 15:39:45 2018 +0900

    Remove generation of exporter master secret on client application traffic
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/4944)

commit 2221ec10ab2771d7effad839392c88f35cde04a3
Author: Tatsuhiro Tsujikawa <tatsuhiro.t at gmail.com>
Date:   Sat Dec 16 16:46:18 2017 +0900

    Generate exporter_master_secret after server Finished
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/4944)

-----------------------------------------------------------------------

Summary of changes:
 ssl/statem/statem.c     | 10 ++++++++++
 ssl/statem/statem.h     |  1 +
 ssl/tls13_enc.c         | 25 ++++++++++++-------------
 test/tls13secretstest.c |  5 +++++
 4 files changed, 28 insertions(+), 13 deletions(-)

diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c
index 45cb9ab..95c369a 100644
--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c
@@ -941,3 +941,13 @@ int ossl_statem_app_data_allowed(SSL *s)
 
     return 0;
 }
+
+/*
+ * This function returns 1 if TLS exporter is ready to export keying
+ * material, or 0 if otherwise.
+ */
+int ossl_statem_export_allowed(SSL *s)
+{
+    return s->s3->previous_server_finished_len != 0
+           && s->statem.hand_state != TLS_ST_SW_FINISHED;
+}
diff --git a/ssl/statem/statem.h b/ssl/statem/statem.h
index e8d9174..3242c78 100644
--- a/ssl/statem/statem.h
+++ b/ssl/statem/statem.h
@@ -132,6 +132,7 @@ __owur int ossl_statem_skip_early_data(SSL *s);
 void ossl_statem_check_finish_init(SSL *s, int send);
 void ossl_statem_set_hello_verify_done(SSL *s);
 __owur int ossl_statem_app_data_allowed(SSL *s);
+__owur int ossl_statem_export_allowed(SSL *s);
 
 /* Flush the write BIO */
 int statem_flush(SSL *s);
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index fe817f8..05355fb 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -562,16 +562,6 @@ int tls13_change_cipher_state(SSL *s, int which)
             goto err;
         }
         s->session->master_key_length = hashlen;
-
-        /* Now we create the exporter master secret */
-        if (!tls13_hkdf_expand(s, ssl_handshake_md(s), insecret,
-                               exporter_master_secret,
-                               sizeof(exporter_master_secret) - 1,
-                               hash, hashlen, s->exporter_master_secret,
-                               hashlen)) {
-            /* SSLfatal() already called */
-            goto err;
-        }
     }
 
     if (!derive_secret_key_and_iv(s, which & SSL3_CC_WRITE, md, cipher,
@@ -581,9 +571,18 @@ int tls13_change_cipher_state(SSL *s, int which)
         goto err;
     }
 
-    if (label == server_application_traffic)
+    if (label == server_application_traffic) {
         memcpy(s->server_app_traffic_secret, secret, hashlen);
-    else if (label == client_application_traffic)
+        /* Now we create the exporter master secret */
+        if (!tls13_hkdf_expand(s, ssl_handshake_md(s), insecret,
+                               exporter_master_secret,
+                               sizeof(exporter_master_secret) - 1,
+                               hash, hashlen, s->exporter_master_secret,
+                               hashlen)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else if (label == client_application_traffic)
         memcpy(s->client_app_traffic_secret, secret, hashlen);
 
     if (!ssl_log_secret(s, log_label, secret, hashlen)) {
@@ -667,7 +666,7 @@ int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen,
     unsigned int hashsize, datalen;
     int ret = 0;
 
-    if (ctx == NULL || !SSL_is_init_finished(s))
+    if (ctx == NULL || !ossl_statem_export_allowed(s))
         goto err;
 
     if (!use_context)
diff --git a/test/tls13secretstest.c b/test/tls13secretstest.c
index 16542c4..f08b5d3 100644
--- a/test/tls13secretstest.c
+++ b/test/tls13secretstest.c
@@ -212,6 +212,11 @@ void ossl_statem_fatal(SSL *s, int al, int func, int reason, const char *file,
 {
 }
 
+int ossl_statem_export_allowed(SSL *s)
+{
+    return 1;
+}
+
 /* End of mocked out code */
 
 static int test_secret(SSL *s, unsigned char *prk,

More information about the openssl-commits mailing list