Move tls13_exporter() code.

It makes more sense to have tls13_exporter() in tls13_key_schedule.c, rather than tls13_lib.c ok tb@
author: jsing <> 2022-11-07 11:53:39 +0000
committer: jsing <> 2022-11-07 11:53:39 +0000
commit: 7aa564fe60027590616687055794c45960ec44dd (patch)
tree: d8d9624d4617b435a2211c44dab7a6c5ff98e41a /src/lib/libssl/tls13_key_schedule.c
parent: 8eb977233c50d27fe9ab4466a73db176445f36ad (diff)
download: openbsd-7aa564fe60027590616687055794c45960ec44dd.tar.gz
openbsd-7aa564fe60027590616687055794c45960ec44dd.tar.bz2
openbsd-7aa564fe60027590616687055794c45960ec44dd.zip
1 files changed, 72 insertions, 1 deletions
diff --git a/src/lib/libssl/tls13_key_schedule.c b/src/lib/libssl/tls13_key_schedule.c
index 2c23be8d3e..abc35c4e83 100644
--- a/src/lib/libssl/tls13_key_schedule.c
+++ b/src/lib/libssl/tls13_key_schedule.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_key_schedule.c,v 1.16 2022/10/14 06:56:33 tb Exp $ */
+/* $OpenBSD: tls13_key_schedule.c,v 1.17 2022/11/07 11:53:39 jsing Exp $ */
 /*
 * Copyright (c) 2018, Bob Beck <beck@openbsd.org>
 *
@@ -21,6 +21,7 @@
 #include <openssl/hkdf.h>
 #include "bytestring.h"
+#include "ssl_locl.h"
 #include "tls13_internal.h"
 int
@@ -385,3 +386,73 @@ tls13_update_server_traffic_secret(struct tls13_secrets *secrets)
            secrets->digest, &secrets->server_application_traffic,
            "traffic upd", &context);
 }
+int
+tls13_exporter(struct tls13_ctx *ctx, const uint8_t *label, size_t label_len,
+    const uint8_t *context_value, size_t context_value_len, uint8_t *out,
+    size_t out_len)
+{
+        struct tls13_secret context, export_out, export_secret;
+        struct tls13_secrets *secrets = ctx->hs->tls13.secrets;
+        EVP_MD_CTX *md_ctx = NULL;
+        unsigned int md_out_len;
+        int md_len;
+        int ret = 0;
+        /*
+         * RFC 8446 Section 7.5.
+         */
+        memset(&context, 0, sizeof(context));
+        memset(&export_secret, 0, sizeof(export_secret));
+        export_out.data = out;
+        export_out.len = out_len;
+        if (!ctx->handshake_completed)
+                return 0;
+        md_len = EVP_MD_size(secrets->digest);
+        if (md_len <= 0 || md_len > EVP_MAX_MD_SIZE)
+                goto err;
+        if (!tls13_secret_init(&export_secret, md_len))
+                goto err;
+        if (!tls13_secret_init(&context, md_len))
+                goto err;
+        /* In TLSv1.3 no context is equivalent to an empty context. */
+        if (context_value == NULL) {
+                context_value = "";
+                context_value_len = 0;
+        }
+        if ((md_ctx = EVP_MD_CTX_new()) == NULL)
+                goto err;
+        if (!EVP_DigestInit_ex(md_ctx, secrets->digest, NULL))
+                goto err;
+        if (!EVP_DigestUpdate(md_ctx, context_value, context_value_len))
+                goto err;
+        if (!EVP_DigestFinal_ex(md_ctx, context.data, &md_out_len))
+                goto err;
+        if (md_len != md_out_len)
+                goto err;
+        if (!tls13_derive_secret_with_label_length(&export_secret,
+            secrets->digest, &secrets->exporter_master, label, label_len,
+            &secrets->empty_hash))
+                goto err;
+        if (!tls13_hkdf_expand_label(&export_out, secrets->digest,
+            &export_secret, "exporter", &context))
+                goto err;
+        ret = 1;
+ err:
+        EVP_MD_CTX_free(md_ctx);
+        tls13_secret_cleanup(&context);
+        tls13_secret_cleanup(&export_secret);
+        return ret;
+}
author	jsing <>	2022-11-07 11:53:39 +0000
committer	jsing <>	2022-11-07 11:53:39 +0000
commit	7aa564fe60027590616687055794c45960ec44dd (patch)
tree	d8d9624d4617b435a2211c44dab7a6c5ff98e41a /src/lib/libssl/tls13_key_schedule.c
parent	8eb977233c50d27fe9ab4466a73db176445f36ad (diff)
download	openbsd-7aa564fe60027590616687055794c45960ec44dd.tar.gz openbsd-7aa564fe60027590616687055794c45960ec44dd.tar.bz2 openbsd-7aa564fe60027590616687055794c45960ec44dd.zip

diff --git a/src/lib/libssl/tls13_key_schedule.c b/src/lib/libssl/tls13_key_schedule.c index 2c23be8d3e..abc35c4e83 100644 --- a/src/lib/libssl/tls13_key_schedule.c +++ b/src/lib/libssl/tls13_key_schedule.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_key_schedule.c,v 1.16 2022/10/14 06:56:33 tb Exp $ */	1	/* $OpenBSD: tls13_key_schedule.c,v 1.17 2022/11/07 11:53:39 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018, Bob Beck <beck@openbsd.org>	3	* Copyright (c) 2018, Bob Beck <beck@openbsd.org>
4	*	4	*
@@ -21,6 +21,7 @@
21	#include <openssl/hkdf.h>	21	#include <openssl/hkdf.h>
22		22
23	#include "bytestring.h"	23	#include "bytestring.h"
		24	#include "ssl_locl.h"
24	#include "tls13_internal.h"	25	#include "tls13_internal.h"
25		26
26	int	27	int
@@ -385,3 +386,73 @@ tls13_update_server_traffic_secret(struct tls13_secrets *secrets)
385	secrets->digest, &secrets->server_application_traffic,	386	secrets->digest, &secrets->server_application_traffic,
386	"traffic upd", &context);	387	"traffic upd", &context);
387	}	388	}
		389
		390	int
		391	tls13_exporter(struct tls13_ctx ctx, const uint8_t label, size_t label_len,
		392	const uint8_t context_value, size_t context_value_len, uint8_t out,
		393	size_t out_len)
		394	{
		395	struct tls13_secret context, export_out, export_secret;
		396	struct tls13_secrets *secrets = ctx->hs->tls13.secrets;
		397	EVP_MD_CTX *md_ctx = NULL;
		398	unsigned int md_out_len;
		399	int md_len;
		400	int ret = 0;
		401
		402	/*
		403	* RFC 8446 Section 7.5.
		404	*/
		405
		406	memset(&context, 0, sizeof(context));
		407	memset(&export_secret, 0, sizeof(export_secret));
		408
		409	export_out.data = out;
		410	export_out.len = out_len;
		411
		412	if (!ctx->handshake_completed)
		413	return 0;
		414
		415	md_len = EVP_MD_size(secrets->digest);
		416	if (md_len <= 0 \|\| md_len > EVP_MAX_MD_SIZE)
		417	goto err;
		418
		419	if (!tls13_secret_init(&export_secret, md_len))
		420	goto err;
		421	if (!tls13_secret_init(&context, md_len))
		422	goto err;
		423
		424	/* In TLSv1.3 no context is equivalent to an empty context. */
		425	if (context_value == NULL) {
		426	context_value = "";
		427	context_value_len = 0;
		428	}
		429
		430	if ((md_ctx = EVP_MD_CTX_new()) == NULL)
		431	goto err;
		432	if (!EVP_DigestInit_ex(md_ctx, secrets->digest, NULL))
		433	goto err;
		434	if (!EVP_DigestUpdate(md_ctx, context_value, context_value_len))
		435	goto err;
		436	if (!EVP_DigestFinal_ex(md_ctx, context.data, &md_out_len))
		437	goto err;
		438	if (md_len != md_out_len)
		439	goto err;
		440
		441	if (!tls13_derive_secret_with_label_length(&export_secret,
		442	secrets->digest, &secrets->exporter_master, label, label_len,
		443	&secrets->empty_hash))
		444	goto err;
		445
		446	if (!tls13_hkdf_expand_label(&export_out, secrets->digest,
		447	&export_secret, "exporter", &context))
		448	goto err;
		449
		450	ret = 1;
		451
		452	err:
		453	EVP_MD_CTX_free(md_ctx);
		454	tls13_secret_cleanup(&context);
		455	tls13_secret_cleanup(&export_secret);
		456
		457	return ret;
		458	}