summaryrefslogtreecommitdiff
path: root/src/lib/libssl/tls12_lib.c
diff options
context:
space:
mode:
authorjsing <>2021-04-30 19:26:45 +0000
committerjsing <>2021-04-30 19:26:45 +0000
commit43140dd2d9a01de0fff0ae59aec0e1d7cda76474 (patch)
tree3facea5851b6c8afd6d09865048a1f9e6e0c0c8b /src/lib/libssl/tls12_lib.c
parent83b76ed417b8b5f76bcd75ebddd3441a55c890ce (diff)
downloadopenbsd-43140dd2d9a01de0fff0ae59aec0e1d7cda76474.tar.gz
openbsd-43140dd2d9a01de0fff0ae59aec0e1d7cda76474.tar.bz2
openbsd-43140dd2d9a01de0fff0ae59aec0e1d7cda76474.zip
Clean up and harden TLSv1.2 master key derivation.
The master key and its length are only stored in one location, so it makes no sense to handle these outside of the derivation function (the current 'out' argument is unused). This simplifies the various call sites. If derivation fails for some reason, fail hard rather than continuing on and hoping that something deals with this correctly later. ok inoguchi@ tb@
Diffstat (limited to 'src/lib/libssl/tls12_lib.c')
-rw-r--r--src/lib/libssl/tls12_lib.c25
1 files changed, 24 insertions, 1 deletions
diff --git a/src/lib/libssl/tls12_lib.c b/src/lib/libssl/tls12_lib.c
index 520f41678d..e7171ba833 100644
--- a/src/lib/libssl/tls12_lib.c
+++ b/src/lib/libssl/tls12_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls12_lib.c,v 1.1 2021/04/25 13:15:23 jsing Exp $ */ 1/* $OpenBSD: tls12_lib.c,v 1.2 2021/04/30 19:26:45 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2021 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -90,3 +90,26 @@ tls12_derive_peer_finished(SSL *s)
90 &S3I(s)->hs.peer_finished_len); 90 &S3I(s)->hs.peer_finished_len);
91 } 91 }
92} 92}
93
94int
95tls12_derive_master_secret(SSL *s, uint8_t *premaster_secret,
96 size_t premaster_secret_len)
97{
98 s->session->master_key_length = 0;
99
100 if (premaster_secret_len == 0)
101 return 0;
102
103 CTASSERT(sizeof(s->session->master_key) == SSL_MAX_MASTER_KEY_LENGTH);
104
105 if (!tls1_PRF(s, premaster_secret, premaster_secret_len,
106 TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE,
107 s->s3->client_random, SSL3_RANDOM_SIZE, NULL, 0,
108 s->s3->server_random, SSL3_RANDOM_SIZE, NULL, 0,
109 s->session->master_key, sizeof(s->session->master_key)))
110 return 0;
111
112 s->session->master_key_length = SSL_MAX_MASTER_KEY_LENGTH;
113
114 return 1;
115}