summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbeck <>2018-11-10 00:18:25 +0000
committerbeck <>2018-11-10 00:18:25 +0000
commitc2dfd9af8a8124c8a2287db5eb2053c1cfe8ae7c (patch)
treef837d2d044e64c663dac049c2299d0c7caaa7ac0
parent6c52b117b40754f6cc961ad9d056ab527d1abe75 (diff)
downloadopenbsd-c2dfd9af8a8124c8a2287db5eb2053c1cfe8ae7c.tar.gz
openbsd-c2dfd9af8a8124c8a2287db5eb2053c1cfe8ae7c.tar.bz2
openbsd-c2dfd9af8a8124c8a2287db5eb2053c1cfe8ae7c.zip
Fix last of the empty hash nonsense
ok jsing@
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/tls13_key_schedule.c29
-rw-r--r--src/regress/lib/libssl/key_schedule/key_schedule.c9
2 files changed, 6 insertions, 32 deletions
diff --git a/src/lib/libssl/tls13_key_schedule.c b/src/lib/libssl/tls13_key_schedule.c
index f20e9b741b..25c183fbb0 100644
--- a/src/lib/libssl/tls13_key_schedule.c
+++ b/src/lib/libssl/tls13_key_schedule.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_key_schedule.c,v 1.4 2018/11/09 23:56:20 jsing Exp $ */ 1/* $OpenBSD: tls13_key_schedule.c,v 1.5 2018/11/10 00:18:25 beck Exp $ */
2/* Copyright (c) 2018, Bob Beck <beck@openbsd.org> 2/* Copyright (c) 2018, Bob Beck <beck@openbsd.org>
3 * 3 *
4 * Permission to use, copy, modify, and/or distribute this software for any 4 * Permission to use, copy, modify, and/or distribute this software for any
@@ -220,32 +220,9 @@ int
220tls13_derive_early_secrets(struct tls13_secrets *secrets, 220tls13_derive_early_secrets(struct tls13_secrets *secrets,
221 uint8_t *psk, size_t psk_len, const struct tls13_secret *context) 221 uint8_t *psk, size_t psk_len, const struct tls13_secret *context)
222{ 222{
223 struct tls13_secret binder_context;
224 uint8_t binder_context_data[EVP_MAX_MD_SIZE] = { 0 };
225 unsigned binder_context_len;
226 EVP_MD_CTX *mdctx;
227
228 if (!secrets->init_done || secrets->early_done) 223 if (!secrets->init_done || secrets->early_done)
229 return 0; 224 return 0;
230 225
231 if ((mdctx = EVP_MD_CTX_new()) == NULL)
232 return 0;
233
234 if (!EVP_DigestInit_ex(mdctx, secrets->digest, NULL) ||
235 !EVP_DigestUpdate(mdctx, secrets->zeros.data, secrets->zeros.len) ||
236 !EVP_DigestFinal_ex(mdctx, binder_context_data,
237 &binder_context_len)) {
238 EVP_MD_CTX_free(mdctx);
239 return 0;
240 }
241 binder_context.data = binder_context_data;
242 binder_context.len = binder_context_len;
243 EVP_MD_CTX_free(mdctx);
244
245 /* If these don't match, we were initialized with the wrong length */
246 if (binder_context_len != secrets->zeros.len)
247 return 0;
248
249 if (!HKDF_extract(secrets->extracted_early.data, 226 if (!HKDF_extract(secrets->extracted_early.data,
250 &secrets->extracted_early.len, secrets->digest, psk, psk_len, 227 &secrets->extracted_early.len, secrets->digest, psk, psk_len,
251 secrets->zeros.data, secrets->zeros.len)) 228 secrets->zeros.data, secrets->zeros.len))
@@ -257,7 +234,7 @@ tls13_derive_early_secrets(struct tls13_secrets *secrets,
257 if (!tls13_derive_secret(&secrets->binder_key, secrets->digest, 234 if (!tls13_derive_secret(&secrets->binder_key, secrets->digest,
258 &secrets->extracted_early, 235 &secrets->extracted_early,
259 secrets->resumption ? "res binder" : "ext binder", 236 secrets->resumption ? "res binder" : "ext binder",
260 &binder_context)) 237 &secrets->empty_hash))
261 return 0; 238 return 0;
262 if (!tls13_derive_secret(&secrets->client_early_traffic, 239 if (!tls13_derive_secret(&secrets->client_early_traffic,
263 secrets->digest, &secrets->extracted_early, "c e traffic", 240 secrets->digest, &secrets->extracted_early, "c e traffic",
@@ -313,7 +290,7 @@ tls13_derive_handshake_secrets(struct tls13_secrets *secrets,
313 return 0; 290 return 0;
314 if (!tls13_derive_secret(&secrets->derived_handshake, 291 if (!tls13_derive_secret(&secrets->derived_handshake,
315 secrets->digest, &secrets->extracted_handshake, "derived", 292 secrets->digest, &secrets->extracted_handshake, "derived",
316 context)) 293 &secrets->empty_hash))
317 return 0; 294 return 0;
318 295
319 /* RFC 8446 recommends */ 296 /* RFC 8446 recommends */
diff --git a/src/regress/lib/libssl/key_schedule/key_schedule.c b/src/regress/lib/libssl/key_schedule/key_schedule.c
index 36211644fc..1db9214939 100644
--- a/src/regress/lib/libssl/key_schedule/key_schedule.c
+++ b/src/regress/lib/libssl/key_schedule/key_schedule.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: key_schedule.c,v 1.2 2018/11/09 23:57:19 jsing Exp $ */ 1/* $OpenBSD: key_schedule.c,v 1.3 2018/11/10 00:18:25 beck Exp $ */
2/* 2/*
3 * Copyright (c) 2018 Bob Beck <beck@openbsd.org> 3 * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
4 * 4 *
@@ -160,13 +160,10 @@ int main () {
160 if (tls13_derive_handshake_secrets(secrets, ecdhe, 32, &cshello_hash)) 160 if (tls13_derive_handshake_secrets(secrets, ecdhe, 32, &cshello_hash))
161 FAIL("derive_handshake_secrets worked when it shouldn't(2)\n"); 161 FAIL("derive_handshake_secrets worked when it shouldn't(2)\n");
162 162
163 /* XXX XXX this should get fixed when test vectors clarified */
164 memcpy(secrets->derived_handshake.data, expected_derived_handshake,
165 32);
166 /* XXX fix hash here once test vector sorted */ 163 /* XXX fix hash here once test vector sorted */
167 if (!tls13_derive_application_secrets(secrets, &chello_hash)) 164 if (!tls13_derive_application_secrets(secrets, &cshello_hash))
168 FAIL("derive_application_secrets failed\n"); 165 FAIL("derive_application_secrets failed\n");
169 if (tls13_derive_application_secrets(secrets, &chello_hash)) 166 if (tls13_derive_application_secrets(secrets, &cshello_hash))
170 FAIL("derive_application_secrets worked when it " 167 FAIL("derive_application_secrets worked when it "
171 "shouldn't(2)\n"); 168 "shouldn't(2)\n");
172 169
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-04 21:33:03 +0000