diff options
author | jsing <> | 2018-11-09 23:56:20 +0000 |
---|---|---|
committer | jsing <> | 2018-11-09 23:56:20 +0000 |
commit | 3262ad497d2c29e5159b225d7e8ff30b7d137582 (patch) | |
tree | 28b24c2a886dd42cafa13a84759715759283543f /src/lib/libssl/tls13_internal.h | |
parent | c74b72138c69c5ed97e26f34caaf48a998b6d507 (diff) | |
download | openbsd-3262ad497d2c29e5159b225d7e8ff30b7d137582.tar.gz openbsd-3262ad497d2c29e5159b225d7e8ff30b7d137582.tar.bz2 openbsd-3262ad497d2c29e5159b225d7e8ff30b7d137582.zip |
Fix the TLSv1.3 key schedule implementation.
When the RFC refers to ("") for key derivation, it is referring to the
transcript hash of an empty string, not an empty string. Rename
tls13_secrets_new() to tls13_secrets_create(), make it take an EVP_MD *
and calculate the hash of an empty string so that we have it available
for the "derived" and other steps. Merge tls13_secrets_init() into
the same function, remove the EVP_MD * from other functions and use the
empty string hash at the appropriate places.
ok beck@ tb@
Diffstat (limited to 'src/lib/libssl/tls13_internal.h')
-rw-r--r-- | src/lib/libssl/tls13_internal.h | 24 |
1 files changed, 14 insertions, 10 deletions
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h index cad769a1bf..83f9988140 100644 --- a/src/lib/libssl/tls13_internal.h +++ b/src/lib/libssl/tls13_internal.h | |||
@@ -1,7 +1,7 @@ | |||
1 | /* $OpenBSD: tls13_internal.h,v 1.4 2018/11/09 03:07:26 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_internal.h,v 1.5 2018/11/09 23:56:20 jsing Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2018, Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2018 Bob Beck <beck@openbsd.org> |
4 | * Copyright (c) 2018, Theo Buehler <tb@openbsd.org> | 4 | * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> |
5 | * | 5 | * |
6 | * Permission to use, copy, modify, and/or distribute this software for any | 6 | * Permission to use, copy, modify, and/or distribute this software for any |
7 | * purpose with or without fee is hereby granted, provided that the above | 7 | * purpose with or without fee is hereby granted, provided that the above |
@@ -30,6 +30,7 @@ struct tls13_secret { | |||
30 | 30 | ||
31 | /* RFC 8446 Section 7.1 Page 92 */ | 31 | /* RFC 8446 Section 7.1 Page 92 */ |
32 | struct tls13_secrets { | 32 | struct tls13_secrets { |
33 | const EVP_MD *digest; | ||
33 | int resumption; | 34 | int resumption; |
34 | int init_done; | 35 | int init_done; |
35 | int early_done; | 36 | int early_done; |
@@ -37,6 +38,7 @@ struct tls13_secrets { | |||
37 | int schedule_done; | 38 | int schedule_done; |
38 | int insecure; /* Set by tests */ | 39 | int insecure; /* Set by tests */ |
39 | struct tls13_secret zeros; | 40 | struct tls13_secret zeros; |
41 | struct tls13_secret empty_hash; | ||
40 | struct tls13_secret extracted_early; | 42 | struct tls13_secret extracted_early; |
41 | struct tls13_secret binder_key; | 43 | struct tls13_secret binder_key; |
42 | struct tls13_secret client_early_traffic; | 44 | struct tls13_secret client_early_traffic; |
@@ -53,18 +55,20 @@ struct tls13_secrets { | |||
53 | struct tls13_secret resumption_master; | 55 | struct tls13_secret resumption_master; |
54 | }; | 56 | }; |
55 | 57 | ||
56 | struct tls13_secrets *tls13_secrets_new(size_t hash_length); | 58 | struct tls13_secrets *tls13_secrets_create(const EVP_MD *digest, |
57 | void tls13_secrets_init(struct tls13_secrets *secrets, int resumption); | 59 | int resumption); |
58 | void tls13_secrets_destroy(struct tls13_secrets *secrets); | 60 | void tls13_secrets_destroy(struct tls13_secrets *secrets); |
59 | 61 | ||
60 | int tls13_derive_early_secrets(struct tls13_secrets *secrets, | 62 | int tls13_hkdf_expand_label(struct tls13_secret *out, const EVP_MD *digest, |
61 | const EVP_MD *digest,uint8_t *psk, size_t psk_len, | 63 | const struct tls13_secret *secret, const char *label, |
62 | const struct tls13_secret *context); | 64 | const struct tls13_secret *context); |
65 | |||
66 | int tls13_derive_early_secrets(struct tls13_secrets *secrets, uint8_t *psk, | ||
67 | size_t psk_len, const struct tls13_secret *context); | ||
63 | int tls13_derive_handshake_secrets(struct tls13_secrets *secrets, | 68 | int tls13_derive_handshake_secrets(struct tls13_secrets *secrets, |
64 | const EVP_MD *digest, const uint8_t *ecdhe, size_t ecdhe_len, | 69 | const uint8_t *ecdhe, size_t ecdhe_len, const struct tls13_secret *context); |
65 | const struct tls13_secret *context); | ||
66 | int tls13_derive_application_secrets(struct tls13_secrets *secrets, | 70 | int tls13_derive_application_secrets(struct tls13_secrets *secrets, |
67 | const EVP_MD *digest, const struct tls13_secret *context); | 71 | const struct tls13_secret *context); |
68 | 72 | ||
69 | struct tls13_ctx; | 73 | struct tls13_ctx; |
70 | 74 | ||