Home Esplora Aiuto
Accedi
PUBLIC_REPOS
/
buildroot
mirror da git://git.buildroot.net/buildroot
2
1
Forka 0
File
Albero (Tree): 02300786c2
Rami (Branch) Tag
buildroot
/
package
/
libopenssl
/
0005-Revert-Reduce-stack-usage-in-tls13_hkdf_expand.patch

0005-Revert-Reduce-stack-usage-in-tls13_hkdf_expand.patch 2.2 KB
Cronologia Originale

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162 
  1. From 56e0f123dc17cb99f50efbae4bbbab77f360818f Mon Sep 17 00:00:00 2001
    2. 

  2. From: Matt Caswell <matt@openssl.org>
    3. 

  3. Date: Mon, 3 Dec 2018 18:14:57 +0000
    4. 

  4. Subject: [PATCH] Revert "Reduce stack usage in tls13_hkdf_expand"
    5. 

  5. 

  6. This reverts commit ec0c5f5693e39c5a013f81e6dd9dfd09ec65162d.
    7. 

  7. 

  8. SSL_export_keying_material() may use longer label lengths.
    9. 

  9. 

  10. Fixes #7712
    11. 

  11. 

  12. Reviewed-by: Tim Hudson <tjh@openssl.org>
    13. 

  13. (Merged from https://github.com/openssl/openssl/pull/7755)
    14. 

  14. 

  15. (cherry picked from commit ed371b8cbac0d0349667558c061c1ae380cf75eb)
    16. 

  16. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
    17. 

  17. ---
    18. 

  18.  ssl/tls13_enc.c | 16 ++++------------
    19. 

  19.  1 file changed, 4 insertions(+), 12 deletions(-)
    20. 

  20. 

  21. diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
    22. 

  22. index b6825d20c2..f7ab0fa470 100644
    23. 

  23. --- a/ssl/tls13_enc.c
    24. 

  24. +++ b/ssl/tls13_enc.c
    25. 

  25. @@ -13,14 +13,7 @@
    26. 

  26.  #include <openssl/evp.h>
    27. 

  27.  #include <openssl/kdf.h>
    28. 

  28.  
    29. 

  29. -/*
    30. 

  30. - * RFC 8446, 7.1 Key Schedule, says:
    31. 

  31. - * Note: With common hash functions, any label longer than 12 characters
    32. 

  32. - * requires an additional iteration of the hash function to compute.
    33. 

  33. - * The labels in this specification have all been chosen to fit within
    34. 

  34. - * this limit.
    35. 

  35. - */
    36. 

  36. -#define TLS13_MAX_LABEL_LEN     12
    37. 

  37. +#define TLS13_MAX_LABEL_LEN     246
    38. 

  38.  
    39. 

  39.  /* Always filled with zeros */
    40. 

  40.  static const unsigned char default_zeros[EVP_MAX_MD_SIZE];
    41. 

  41. @@ -36,15 +29,14 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
    42. 

  42.                               const unsigned char *data, size_t datalen,
    43. 

  43.                               unsigned char *out, size_t outlen)
    44. 

  44.  {
    45. 

  45. -    static const unsigned char label_prefix[] = "tls13 ";
    46. 

  46. +    const unsigned char label_prefix[] = "tls13 ";
    47. 

  47.      EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
    48. 

  48.      int ret;
    49. 

  49.      size_t hkdflabellen;
    50. 

  50.      size_t hashlen;
    51. 

  51.      /*
    52. 

  52. -     * 2 bytes for length of derived secret + 1 byte for length of combined
    53. 

  53. -     * prefix and label + bytes for the label itself + 1 byte length of hash
    54. 

  54. -     * + bytes for the hash itself
    55. 

  55. +     * 2 bytes for length of whole HkdfLabel + 1 byte for length of combined
    56. 

  56. +     * prefix and label + bytes for the label itself + bytes for the hash
    57. 

  57.       */
    58. 

  58.      unsigned char hkdflabel[sizeof(uint16_t) + sizeof(uint8_t) +
    59. 

  59.                              + sizeof(label_prefix) + TLS13_MAX_LABEL_LEN
    60. 

  60. -- 
    61. 

  61. 2.20.1
    62. 

  62.