Accept longer context for TLS 1.2 exporters

While RFC 5705 implies that the maximum length of context for exporters to be 65535 bytes as the length is embedded in uint16, the current implementation enforces much smaller limit, which is less than 1024 bytes. This removes the restriction by dynamically allocating memory. Signed-off-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22465)
author: Daiki Ueno <dueno@redhat.com> 2023-10-23 13:56:53 +0900
committer: Hugo Landau <hlandau@openssl.org> 2023-10-26 15:47:15 +0100
commit: ef9d8f2f1fd6d0f66184457bd97ab51ce6092745 (patch)
tree: e16214ef3e9e89ecf9fa1950ca1e440b31d746ac /ssl
parent: c61fda2ff88a5dc8d71a6b848008d6f01bfd7fa2 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 673a53ad36..15197ffd46 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -464,6 +464,15 @@ int tls1_export_keying_material(SSL_CONNECTION *s, unsigned char *out,
     int rv = 0;
 
     /*
+     * RFC 5705 embeds context length as uint16; reject longer context
+     * before proceeding.
+     */
+    if (contextlen > 0xffff) {
+        ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT);
+        return 0;
+    }
+
+    /*
      * construct PRF arguments we construct the PRF argument ourself rather
      * than passing separate values into the TLS PRF to ensure that the
      * concatenation of values does not create a prohibited label.
author	Daiki Ueno <dueno@redhat.com>	2023-10-23 13:56:53 +0900
committer	Hugo Landau <hlandau@openssl.org>	2023-10-26 15:47:15 +0100
commit	ef9d8f2f1fd6d0f66184457bd97ab51ce6092745 (patch)
tree	e16214ef3e9e89ecf9fa1950ca1e440b31d746ac /ssl
parent	c61fda2ff88a5dc8d71a6b848008d6f01bfd7fa2 (diff)