[openssl/openssl] ef9d8f: Accept longer context for TLS 1.2 exporters

Damian Hobson-Garcia noreply at github.com
Thu Oct 26 14:50:15 UTC 2023


  Branch: refs/heads/master
  Home:   https://github.com/openssl/openssl
  Commit: ef9d8f2f1fd6d0f66184457bd97ab51ce6092745
      https://github.com/openssl/openssl/commit/ef9d8f2f1fd6d0f66184457bd97ab51ce6092745
  Author: Daiki Ueno <dueno at redhat.com>
  Date:   2023-10-26 (Thu, 26 Oct 2023)

  Changed paths:
    M providers/implementations/kdfs/tls1_prf.c
    M ssl/t1_enc.c
    M test/sslapitest.c

  Log Message:
  -----------
  Accept longer context for TLS 1.2 exporters

While RFC 5705 implies that the maximum length of context for
exporters to be 65535 bytes as the length is embedded in uint16, the
current implementation enforces much smaller limit, which is less than
1024 bytes.  This removes the restriction by dynamically allocating
memory.

Signed-off-by: Daiki Ueno <dueno at redhat.com>

Reviewed-by: Todd Short <todd.short at me.com>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22465)


  Commit: da2dd3b51ddd69aae0fd840c0d23afa954c24ded
      https://github.com/openssl/openssl/commit/da2dd3b51ddd69aae0fd840c0d23afa954c24ded
  Author: Damian Hobson-Garcia <dhobsong at igel.co.jp>
  Date:   2023-10-26 (Thu, 26 Oct 2023)

  Changed paths:
    M crypto/x509/t_req.c
    M crypto/x509/t_x509.c

  Log Message:
  -----------
  x509_print_ex:Use correct constant for nmflag comparison

The X509_FLAG_COMPAT constant is defined as a value of the
X509_print_ex() cflags argument, and so it should not be used
to compare against values for use with X509_NAME_print flags.
Use XN_FLAG_COMPAT, which has the same value, instead.

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Todd Short <todd.short at me.com>
(Merged from https://github.com/openssl/openssl/pull/19963)


  Commit: 2b5e028a2f70de216458a5140bcf4ec3d9236eeb
      https://github.com/openssl/openssl/commit/2b5e028a2f70de216458a5140bcf4ec3d9236eeb
  Author: Damian Hobson-Garcia <dhobsong at igel.co.jp>
  Date:   2023-10-26 (Thu, 26 Oct 2023)

  Changed paths:
    M crypto/x509/t_req.c

  Log Message:
  -----------
  Fix X509_REQ_print_ex bug

Similar to the bug fixed in 02db7354fe7 (Fix bug in X509_print_ex).
The error return value from X509_NAME_print_ex() is different
depending on whether the flags are XN_FLAG_COMPAT or not.
Apply a similar fix to what was done for X509_print_ex here as well.

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Todd Short <todd.short at me.com>
(Merged from https://github.com/openssl/openssl/pull/19963)


  Commit: 2126ca3dba3907f49b232442c06db1cae8bee0c3
      https://github.com/openssl/openssl/commit/2126ca3dba3907f49b232442c06db1cae8bee0c3
  Author: Damian Hobson-Garcia <dhobsong at igel.co.jp>
  Date:   2023-10-26 (Thu, 26 Oct 2023)

  Changed paths:
    M crypto/x509/t_req.c
    M crypto/x509/t_x509.c

  Log Message:
  -----------
  x509_print_ex: Remove unused setting when XN_FLAG_COMPAT is set

Calling X509_NAME_print_ex with XN_FLAG_COMPAT falls back to calling
X509_NAME_print().  The obase parameter to X509_NAME_print() is not
used, so setting it to a different value has no effect.

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Todd Short <todd.short at me.com>
(Merged from https://github.com/openssl/openssl/pull/19963)


Compare: https://github.com/openssl/openssl/compare/c61fda2ff88a...2126ca3dba39


More information about the openssl-commits mailing list