diff options
| author | tb <> | 2021-01-06 20:15:35 +0000 |
|---|---|---|
| committer | tb <> | 2021-01-06 20:15:35 +0000 |
| commit | 35e7c2f41633d153898933e5ba6cf0580ce70f26 (patch) | |
| tree | 914e014524588444561f86d321167ed1a7faea6c /src | |
| parent | 7a47c3988c596c6361a22f7e54c95fa3b8629f52 (diff) | |
| download | openbsd-35e7c2f41633d153898933e5ba6cf0580ce70f26.tar.gz openbsd-35e7c2f41633d153898933e5ba6cf0580ce70f26.tar.bz2 openbsd-35e7c2f41633d153898933e5ba6cf0580ce70f26.zip | |
Use tls13_secret_{init,cleanup}() for the finished_key
This trades an array on the stack for a dynamically allocated secret in
tls13_{client,server}_finished_send() but has the benefit of wiping out
an intermediate secret on function exit.
ok jsing
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/tls13_client.c | 10 | ||||
| -rw-r--r-- | src/lib/libssl/tls13_server.c | 10 |
2 files changed, 10 insertions, 10 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index 25d78d1332..1f51748147 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_client.c,v 1.69 2021/01/05 17:32:39 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_client.c,v 1.70 2021/01/06 20:15:35 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -1034,10 +1034,9 @@ tls13_client_finished_send(struct tls13_ctx *ctx, CBB *cbb) | |||
| 1034 | { | 1034 | { |
| 1035 | struct tls13_secrets *secrets = ctx->hs->secrets; | 1035 | struct tls13_secrets *secrets = ctx->hs->secrets; |
| 1036 | struct tls13_secret context = { .data = "", .len = 0 }; | 1036 | struct tls13_secret context = { .data = "", .len = 0 }; |
| 1037 | struct tls13_secret finished_key; | 1037 | struct tls13_secret finished_key = { .data = NULL, .len = 0 }; |
| 1038 | uint8_t transcript_hash[EVP_MAX_MD_SIZE]; | 1038 | uint8_t transcript_hash[EVP_MAX_MD_SIZE]; |
| 1039 | size_t transcript_hash_len; | 1039 | size_t transcript_hash_len; |
| 1040 | uint8_t key[EVP_MAX_MD_SIZE]; | ||
| 1041 | uint8_t *verify_data; | 1040 | uint8_t *verify_data; |
| 1042 | size_t verify_data_len; | 1041 | size_t verify_data_len; |
| 1043 | unsigned int hlen; | 1042 | unsigned int hlen; |
| @@ -1046,8 +1045,8 @@ tls13_client_finished_send(struct tls13_ctx *ctx, CBB *cbb) | |||
| 1046 | SSL *s = ctx->ssl; | 1045 | SSL *s = ctx->ssl; |
| 1047 | int ret = 0; | 1046 | int ret = 0; |
| 1048 | 1047 | ||
| 1049 | finished_key.data = key; | 1048 | if (!tls13_secret_init(&finished_key, EVP_MD_size(ctx->hash))) |
| 1050 | finished_key.len = EVP_MD_size(ctx->hash); | 1049 | goto err; |
| 1051 | 1050 | ||
| 1052 | if (!tls13_hkdf_expand_label(&finished_key, ctx->hash, | 1051 | if (!tls13_hkdf_expand_label(&finished_key, ctx->hash, |
| 1053 | &secrets->client_handshake_traffic, "finished", | 1052 | &secrets->client_handshake_traffic, "finished", |
| @@ -1082,6 +1081,7 @@ tls13_client_finished_send(struct tls13_ctx *ctx, CBB *cbb) | |||
| 1082 | ret = 1; | 1081 | ret = 1; |
| 1083 | 1082 | ||
| 1084 | err: | 1083 | err: |
| 1084 | tls13_secret_cleanup(&finished_key); | ||
| 1085 | HMAC_CTX_free(hmac_ctx); | 1085 | HMAC_CTX_free(hmac_ctx); |
| 1086 | 1086 | ||
| 1087 | return ret; | 1087 | return ret; |
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c index 9e5664b79a..f929e132a8 100644 --- a/src/lib/libssl/tls13_server.c +++ b/src/lib/libssl/tls13_server.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_server.c,v 1.66 2021/01/05 17:32:39 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_server.c,v 1.67 2021/01/06 20:15:35 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2020 Bob Beck <beck@openbsd.org> | 4 | * Copyright (c) 2020 Bob Beck <beck@openbsd.org> |
| @@ -770,10 +770,9 @@ tls13_server_finished_send(struct tls13_ctx *ctx, CBB *cbb) | |||
| 770 | { | 770 | { |
| 771 | struct tls13_secrets *secrets = ctx->hs->secrets; | 771 | struct tls13_secrets *secrets = ctx->hs->secrets; |
| 772 | struct tls13_secret context = { .data = "", .len = 0 }; | 772 | struct tls13_secret context = { .data = "", .len = 0 }; |
| 773 | struct tls13_secret finished_key; | 773 | struct tls13_secret finished_key = { .data = NULL, .len = 0 } ; |
| 774 | uint8_t transcript_hash[EVP_MAX_MD_SIZE]; | 774 | uint8_t transcript_hash[EVP_MAX_MD_SIZE]; |
| 775 | size_t transcript_hash_len; | 775 | size_t transcript_hash_len; |
| 776 | uint8_t key[EVP_MAX_MD_SIZE]; | ||
| 777 | uint8_t *verify_data; | 776 | uint8_t *verify_data; |
| 778 | size_t verify_data_len; | 777 | size_t verify_data_len; |
| 779 | unsigned int hlen; | 778 | unsigned int hlen; |
| @@ -782,8 +781,8 @@ tls13_server_finished_send(struct tls13_ctx *ctx, CBB *cbb) | |||
| 782 | SSL *s = ctx->ssl; | 781 | SSL *s = ctx->ssl; |
| 783 | int ret = 0; | 782 | int ret = 0; |
| 784 | 783 | ||
| 785 | finished_key.data = key; | 784 | if (!tls13_secret_init(&finished_key, EVP_MD_size(ctx->hash))) |
| 786 | finished_key.len = EVP_MD_size(ctx->hash); | 785 | goto err; |
| 787 | 786 | ||
| 788 | if (!tls13_hkdf_expand_label(&finished_key, ctx->hash, | 787 | if (!tls13_hkdf_expand_label(&finished_key, ctx->hash, |
| 789 | &secrets->server_handshake_traffic, "finished", | 788 | &secrets->server_handshake_traffic, "finished", |
| @@ -818,6 +817,7 @@ tls13_server_finished_send(struct tls13_ctx *ctx, CBB *cbb) | |||
| 818 | ret = 1; | 817 | ret = 1; |
| 819 | 818 | ||
| 820 | err: | 819 | err: |
| 820 | tls13_secret_cleanup(&finished_key); | ||
| 821 | HMAC_CTX_free(hmac_ctx); | 821 | HMAC_CTX_free(hmac_ctx); |
| 822 | 822 | ||
| 823 | return ret; | 823 | return ret; |