From 1a3392c878e8421c2e5730fde5accd4ab77c2875 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Mon, 23 Jan 2017 16:59:35 +0000
Subject: [PATCH] Fix <= TLS1.2 break

Changing the value of SSL_MAX_MASTER_KEY_LENGTH had some unexpected
side effects in the <=TLS1.2 code which apparently relies on this being
48 for interoperability. Therefore create a new define for the TLSv1.3
resumption master secret which can be up to 64 bytes.

Found through the boring test suite.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
---
 include/openssl/ssl.h | 3 ++-
 ssl/ssl_asn1.c        | 2 +-
 ssl/ssl_locl.h        | 2 +-
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index e8f351dfc5..9d9e193a8c 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -76,7 +76,8 @@ extern "C" {
 
 # define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES     (512/8)
 # define SSL_MAX_KEY_ARG_LENGTH                  8
-# define SSL_MAX_MASTER_KEY_LENGTH               64
+# define SSL_MAX_MASTER_KEY_LENGTH               48
+# define TLS13_MAX_RESUMPTION_MASTER_LENGTH      64
 
 /* The maximum number of encrypt/decrypt pipelines we can support */
 # define SSL_MAX_PIPELINES  32
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index 568f41ff5b..73ba78dbe5 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -294,7 +294,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
         goto err;
 
     if (!ssl_session_memcpy(ret->master_key, &tmpl,
-                            as->master_key, SSL_MAX_MASTER_KEY_LENGTH))
+                            as->master_key, TLS13_MAX_RESUMPTION_MASTER_LENGTH))
         goto err;
 
     ret->master_key_length = tmpl;
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index e74c0f480a..f95b4660a7 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -515,7 +515,7 @@ struct ssl_session_st {
      * For <=TLS1.2 this is the master_key. For TLS1.3 this is the resumption
      * master secret
      */
-    unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
+    unsigned char master_key[TLS13_MAX_RESUMPTION_MASTER_LENGTH];
     /* session_id - valid? */
     size_t session_id_length;
     unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
-- 
GitLab