From ef9d8f2f1fd6d0f66184457bd97ab51ce6092745 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Mon, 23 Oct 2023 13:56:53 +0900
Subject: Accept longer context for TLS 1.2 exporters

While RFC 5705 implies that the maximum length of context for
exporters to be 65535 bytes as the length is embedded in uint16, the
current implementation enforces much smaller limit, which is less than
1024 bytes.  This removes the restriction by dynamically allocating
memory.

Signed-off-by: Daiki Ueno <dueno@redhat.com>

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22465)
---
 ssl/t1_enc.c | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'ssl')

diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 673a53ad36..15197ffd46 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -463,6 +463,15 @@ int tls1_export_keying_material(SSL_CONNECTION *s, unsigned char *out,
     size_t vallen = 0, currentvalpos;
     int rv = 0;
 
+    /*
+     * RFC 5705 embeds context length as uint16; reject longer context
+     * before proceeding.
+     */
+    if (contextlen > 0xffff) {
+        ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT);
+        return 0;
+    }
+
     /*
      * construct PRF arguments we construct the PRF argument ourself rather
      * than passing separate values into the TLS PRF to ensure that the
-- 
cgit v1.2.3