Fix the TLSv1.3 key schedule implementation. - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	jsing <>	2018-11-09 23:56:20 +0000
committer	jsing <>	2018-11-09 23:56:20 +0000
commit	3262ad497d2c29e5159b225d7e8ff30b7d137582 (patch)
tree	28b24c2a886dd42cafa13a84759715759283543f /src/lib/libssl/ssl_sigalgs.c
parent	c74b72138c69c5ed97e26f34caaf48a998b6d507 (diff)
download	openbsd-3262ad497d2c29e5159b225d7e8ff30b7d137582.tar.gz openbsd-3262ad497d2c29e5159b225d7e8ff30b7d137582.tar.bz2 openbsd-3262ad497d2c29e5159b225d7e8ff30b7d137582.zip

Fix the TLSv1.3 key schedule implementation.

When the RFC refers to ("") for key derivation, it is referring to the transcript hash of an empty string, not an empty string. Rename tls13_secrets_new() to tls13_secrets_create(), make it take an EVP_MD * and calculate the hash of an empty string so that we have it available for the "derived" and other steps. Merge tls13_secrets_init() into the same function, remove the EVP_MD * from other functions and use the empty string hash at the appropriate places. ok beck@ tb@

Diffstat (limited to '')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: