kumquat-buildroot/package/libopenssl/0005-Revert-Reduce-stack-usage-in-tls13_hkdf_expand.patch

From 56e0f123dc17cb99f50efbae4bbbab77f360818f Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Mon, 3 Dec 2018 18:14:57 +0000
Subject: [PATCH] Revert "Reduce stack usage in tls13_hkdf_expand"

This reverts commit ec0c5f5693e39c5a013f81e6dd9dfd09ec65162d.

SSL_export_keying_material() may use longer label lengths.

Fixes #7712

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7755)

(cherry picked from commit ed371b8cbac0d0349667558c061c1ae380cf75eb)
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
 ssl/tls13_enc.c | 16 ++++------------
 1 file changed, 4 insertions(+), 12 deletions(-)

diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index b6825d20c2..f7ab0fa470 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -13,14 +13,7 @@
 #include <openssl/evp.h>
 #include <openssl/kdf.h>
 
-/*
- * RFC 8446, 7.1 Key Schedule, says:
- * Note: With common hash functions, any label longer than 12 characters
- * requires an additional iteration of the hash function to compute.
- * The labels in this specification have all been chosen to fit within
- * this limit.
- */
-#define TLS13_MAX_LABEL_LEN     12
+#define TLS13_MAX_LABEL_LEN     246
 
 /* Always filled with zeros */
 static const unsigned char default_zeros[EVP_MAX_MD_SIZE];
@@ -36,15 +29,14 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
                              const unsigned char *data, size_t datalen,
                              unsigned char *out, size_t outlen)
 {
-    static const unsigned char label_prefix[] = "tls13 ";
+    const unsigned char label_prefix[] = "tls13 ";
     EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
     int ret;
     size_t hkdflabellen;
     size_t hashlen;
     /*
-     * 2 bytes for length of derived secret + 1 byte for length of combined
-     * prefix and label + bytes for the label itself + 1 byte length of hash
-     * + bytes for the hash itself
+     * 2 bytes for length of whole HkdfLabel + 1 byte for length of combined
+     * prefix and label + bytes for the label itself + bytes for the hash
      */
     unsigned char hkdflabel[sizeof(uint16_t) + sizeof(uint8_t) +
                             + sizeof(label_prefix) + TLS13_MAX_LABEL_LEN
-- 
2.20.1
package/libopenssl: add runtime fixes for tor For details see https://bugs.archlinux.org/task/61623 Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2019-02-09 17:19:53 +01:00			`From 56e0f123dc17cb99f50efbae4bbbab77f360818f Mon Sep 17 00:00:00 2001`
			`From: Matt Caswell <matt@openssl.org>`
			`Date: Mon, 3 Dec 2018 18:14:57 +0000`
			`Subject: [PATCH] Revert "Reduce stack usage in tls13_hkdf_expand"`

			`This reverts commit ec0c5f5693e39c5a013f81e6dd9dfd09ec65162d.`

			`SSL_export_keying_material() may use longer label lengths.`

			`Fixes #7712`

			`Reviewed-by: Tim Hudson <tjh@openssl.org>`
			`(Merged from https://github.com/openssl/openssl/pull/7755)`

			`(cherry picked from commit ed371b8cbac0d0349667558c061c1ae380cf75eb)`
			`Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>`
			`---`
			`ssl/tls13_enc.c \| 16 ++++------------`
			`1 file changed, 4 insertions(+), 12 deletions(-)`

			`diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c`
			`index b6825d20c2..f7ab0fa470 100644`
			`--- a/ssl/tls13_enc.c`
			`+++ b/ssl/tls13_enc.c`
			`@@ -13,14 +13,7 @@`
			`#include <openssl/evp.h>`
			`#include <openssl/kdf.h>`

			`-/*`
			`- * RFC 8446, 7.1 Key Schedule, says:`
			`- * Note: With common hash functions, any label longer than 12 characters`
			`- * requires an additional iteration of the hash function to compute.`
			`- * The labels in this specification have all been chosen to fit within`
			`- * this limit.`
			`- */`
			`-#define TLS13_MAX_LABEL_LEN 12`
			`+#define TLS13_MAX_LABEL_LEN 246`

			`/* Always filled with zeros */`
			`static const unsigned char default_zeros[EVP_MAX_MD_SIZE];`
			`@@ -36,15 +29,14 @@ int tls13_hkdf_expand(SSL s, const EVP_MD md, const unsigned char *secret,`
			`const unsigned char *data, size_t datalen,`
			`unsigned char *out, size_t outlen)`
			`{`
			`- static const unsigned char label_prefix[] = "tls13 ";`
			`+ const unsigned char label_prefix[] = "tls13 ";`
			`EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);`
			`int ret;`
			`size_t hkdflabellen;`
			`size_t hashlen;`
			`/*`
			`- * 2 bytes for length of derived secret + 1 byte for length of combined`
			`- * prefix and label + bytes for the label itself + 1 byte length of hash`
			`- * + bytes for the hash itself`
			`+ * 2 bytes for length of whole HkdfLabel + 1 byte for length of combined`
			`+ * prefix and label + bytes for the label itself + bytes for the hash`
			`*/`
			`unsigned char hkdflabel[sizeof(uint16_t) + sizeof(uint8_t) +`
			`+ sizeof(label_prefix) + TLS13_MAX_LABEL_LEN`
			`--`
			`2.20.1`