Google Git
Sign in
boringssl/boringssl.git/3d622e554e12da7b29c6216eaeb927b79e481093^!/.
commit
3d622e554e12da7b29c6216eaeb927b79e481093
[log]
author
David Benjamin <davidben@google.com>
Wed Nov 23 12:39:29 2016 -0500
committer
CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Mon Nov 28 20:36:32 2016 +0000
tree
5993cc066afc50ba448355df42ddf8915dd440b8
parent
68f37b7a3f451aa1ca8c93669c024d01f6270ae8 [diff]
Add missing bounds check in tls13_derive_resumption_secret.

This is fine because TLS PRFs only go up to SHA-384, but since
SSL_SESSION::master_key is sized to 48, not EVP_MAX_MD_SIZE, this should
explicitly check the bounds.

Change-Id: I2b1bcaab5cdfc3ce4d7a8b8ed5cc4c6d15d10270
Reviewed-on: https://boringssl-review.googlesource.com/12460
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>

diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index d87d8a6..d53313c 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c

@@ -270,6 +270,11 @@
 static const char kTLS13LabelResumption[] = "resumption master secret";
 
 int tls13_derive_resumption_secret(SSL *ssl) {
+  if (ssl->s3->hs->hash_len > SSL_MAX_MASTER_KEY_LENGTH) {
+    OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
+    return 0;
+  }
+
   ssl->s3->new_session->master_key_length = ssl->s3->hs->hash_len;
   return derive_secret(ssl, ssl->s3->new_session->master_key,
                        ssl->s3->new_session->master_key_length,