summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/tls13_key_schedule.c73
-rw-r--r--src/lib/libssl/tls13_lib.c72
2 files changed, 73 insertions, 72 deletions
diff --git a/src/lib/libssl/tls13_key_schedule.c b/src/lib/libssl/tls13_key_schedule.c
index 2c23be8d3e..abc35c4e83 100644
--- a/src/lib/libssl/tls13_key_schedule.c
+++ b/src/lib/libssl/tls13_key_schedule.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_key_schedule.c,v 1.16 2022/10/14 06:56:33 tb Exp $ */ 1/* $OpenBSD: tls13_key_schedule.c,v 1.17 2022/11/07 11:53:39 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018, Bob Beck <beck@openbsd.org> 3 * Copyright (c) 2018, Bob Beck <beck@openbsd.org>
4 * 4 *
@@ -21,6 +21,7 @@
21#include <openssl/hkdf.h> 21#include <openssl/hkdf.h>
22 22
23#include "bytestring.h" 23#include "bytestring.h"
24#include "ssl_locl.h"
24#include "tls13_internal.h" 25#include "tls13_internal.h"
25 26
26int 27int
@@ -385,3 +386,73 @@ tls13_update_server_traffic_secret(struct tls13_secrets *secrets)
385 secrets->digest, &secrets->server_application_traffic, 386 secrets->digest, &secrets->server_application_traffic,
386 "traffic upd", &context); 387 "traffic upd", &context);
387} 388}
389
390int
391tls13_exporter(struct tls13_ctx *ctx, const uint8_t *label, size_t label_len,
392 const uint8_t *context_value, size_t context_value_len, uint8_t *out,
393 size_t out_len)
394{
395 struct tls13_secret context, export_out, export_secret;
396 struct tls13_secrets *secrets = ctx->hs->tls13.secrets;
397 EVP_MD_CTX *md_ctx = NULL;
398 unsigned int md_out_len;
399 int md_len;
400 int ret = 0;
401
402 /*
403 * RFC 8446 Section 7.5.
404 */
405
406 memset(&context, 0, sizeof(context));
407 memset(&export_secret, 0, sizeof(export_secret));
408
409 export_out.data = out;
410 export_out.len = out_len;
411
412 if (!ctx->handshake_completed)
413 return 0;
414
415 md_len = EVP_MD_size(secrets->digest);
416 if (md_len <= 0 || md_len > EVP_MAX_MD_SIZE)
417 goto err;
418
419 if (!tls13_secret_init(&export_secret, md_len))
420 goto err;
421 if (!tls13_secret_init(&context, md_len))
422 goto err;
423
424 /* In TLSv1.3 no context is equivalent to an empty context. */
425 if (context_value == NULL) {
426 context_value = "";
427 context_value_len = 0;
428 }
429
430 if ((md_ctx = EVP_MD_CTX_new()) == NULL)
431 goto err;
432 if (!EVP_DigestInit_ex(md_ctx, secrets->digest, NULL))
433 goto err;
434 if (!EVP_DigestUpdate(md_ctx, context_value, context_value_len))
435 goto err;
436 if (!EVP_DigestFinal_ex(md_ctx, context.data, &md_out_len))
437 goto err;
438 if (md_len != md_out_len)
439 goto err;
440
441 if (!tls13_derive_secret_with_label_length(&export_secret,
442 secrets->digest, &secrets->exporter_master, label, label_len,
443 &secrets->empty_hash))
444 goto err;
445
446 if (!tls13_hkdf_expand_label(&export_out, secrets->digest,
447 &export_secret, "exporter", &context))
448 goto err;
449
450 ret = 1;
451
452 err:
453 EVP_MD_CTX_free(md_ctx);
454 tls13_secret_cleanup(&context);
455 tls13_secret_cleanup(&export_secret);
456
457 return ret;
458}
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index 54c98af15c..3bb6d3d3db 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_lib.c,v 1.74 2022/10/20 15:26:25 tb Exp $ */ 1/* $OpenBSD: tls13_lib.c,v 1.75 2022/11/07 11:53:39 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2019 Bob Beck <beck@openbsd.org> 4 * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -699,73 +699,3 @@ tls13_clienthello_hash_validate(struct tls13_ctx *ctx)
699 699
700 return 1; 700 return 1;
701} 701}
702
703int
704tls13_exporter(struct tls13_ctx *ctx, const uint8_t *label, size_t label_len,
705 const uint8_t *context_value, size_t context_value_len, uint8_t *out,
706 size_t out_len)
707{
708 struct tls13_secret context, export_out, export_secret;
709 struct tls13_secrets *secrets = ctx->hs->tls13.secrets;
710 EVP_MD_CTX *md_ctx = NULL;
711 unsigned int md_out_len;
712 int md_len;
713 int ret = 0;
714
715 /*
716 * RFC 8446 Section 7.5.
717 */
718
719 memset(&context, 0, sizeof(context));
720 memset(&export_secret, 0, sizeof(export_secret));
721
722 export_out.data = out;
723 export_out.len = out_len;
724
725 if (!ctx->handshake_completed)
726 return 0;
727
728 md_len = EVP_MD_size(secrets->digest);
729 if (md_len <= 0 || md_len > EVP_MAX_MD_SIZE)
730 goto err;
731
732 if (!tls13_secret_init(&export_secret, md_len))
733 goto err;
734 if (!tls13_secret_init(&context, md_len))
735 goto err;
736
737 /* In TLSv1.3 no context is equivalent to an empty context. */
738 if (context_value == NULL) {
739 context_value = "";
740 context_value_len = 0;
741 }
742
743 if ((md_ctx = EVP_MD_CTX_new()) == NULL)
744 goto err;
745 if (!EVP_DigestInit_ex(md_ctx, secrets->digest, NULL))
746 goto err;
747 if (!EVP_DigestUpdate(md_ctx, context_value, context_value_len))
748 goto err;
749 if (!EVP_DigestFinal_ex(md_ctx, context.data, &md_out_len))
750 goto err;
751 if (md_len != md_out_len)
752 goto err;
753
754 if (!tls13_derive_secret_with_label_length(&export_secret,
755 secrets->digest, &secrets->exporter_master, label, label_len,
756 &secrets->empty_hash))
757 goto err;
758
759 if (!tls13_hkdf_expand_label(&export_out, secrets->digest,
760 &export_secret, "exporter", &context))
761 goto err;
762
763 ret = 1;
764
765 err:
766 EVP_MD_CTX_free(md_ctx);
767 tls13_secret_cleanup(&context);
768 tls13_secret_cleanup(&export_secret);
769
770 return ret;
771}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-24 13:10:26 +0000