The branch master has been updated via f0deb4d352774491919f1b1ba861014659651d66 (commit) from 4bb0b4381edd96bc357e43d8f9a1c55fb405f121 (commit)
- Log ----------------------------------------------------------------- commit f0deb4d352774491919f1b1ba861014659651d66 Author: Cory Benfield <lukas...@gmail.com> Date: Wed Jan 25 19:42:16 2017 +0000 Limit the length of the encrypted premaster key. Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Richard Levitte <levi...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2288) ----------------------------------------------------------------------- Summary of changes: ssl/ssl_lib.c | 3 ++- test/sslapitest.c | 8 ++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index c25f76f..8ca1a3c 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -4418,10 +4418,11 @@ int ssl_log_rsa_client_key_exchange(SSL *ssl, return 0; } + /* We only want the first 8 bytes of the encrypted premaster as a tag. */ return nss_keylog_int("RSA", ssl, encrypted_premaster, - encrypted_premaster_len, + 8, premaster, premaster_len); } diff --git a/test/sslapitest.c b/test/sslapitest.c index ac065b2..1bd7878 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -198,6 +198,7 @@ static int test_keylog(void) { SSL_CTX *cctx = NULL, *sctx = NULL; SSL *clientssl = NULL, *serverssl = NULL; int testresult = 0; + int rc; /* Clean up logging space */ memset(client_log_buffer, 0, LOG_BUFFER_SIZE + 1); @@ -216,6 +217,13 @@ static int test_keylog(void) { SSL_CTX_set_options(cctx, SSL_OP_NO_TLSv1_3); SSL_CTX_set_options(sctx, SSL_OP_NO_TLSv1_3); + /* We also want to ensure that we use RSA-based key exchange. */ + rc = SSL_CTX_set_cipher_list(cctx, "RSA"); + if (rc == 0) { + printf("Unable to restrict to RSA key exchange.\n"); + goto end; + } + if (SSL_CTX_get_keylog_callback(cctx)) { printf("Unexpected initial value for client " "SSL_CTX_get_keylog_callback()\n"); _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits