diff options
Diffstat (limited to 'src/lib/libssl/tls13_key_schedule.c')
| -rw-r--r-- | src/lib/libssl/tls13_key_schedule.c | 29 |
1 files changed, 3 insertions, 26 deletions
diff --git a/src/lib/libssl/tls13_key_schedule.c b/src/lib/libssl/tls13_key_schedule.c index f20e9b741b..25c183fbb0 100644 --- a/src/lib/libssl/tls13_key_schedule.c +++ b/src/lib/libssl/tls13_key_schedule.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_key_schedule.c,v 1.4 2018/11/09 23:56:20 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_key_schedule.c,v 1.5 2018/11/10 00:18:25 beck Exp $ */ |
| 2 | /* Copyright (c) 2018, Bob Beck <beck@openbsd.org> | 2 | /* Copyright (c) 2018, Bob Beck <beck@openbsd.org> |
| 3 | * | 3 | * |
| 4 | * Permission to use, copy, modify, and/or distribute this software for any | 4 | * Permission to use, copy, modify, and/or distribute this software for any |
| @@ -220,32 +220,9 @@ int | |||
| 220 | tls13_derive_early_secrets(struct tls13_secrets *secrets, | 220 | tls13_derive_early_secrets(struct tls13_secrets *secrets, |
| 221 | uint8_t *psk, size_t psk_len, const struct tls13_secret *context) | 221 | uint8_t *psk, size_t psk_len, const struct tls13_secret *context) |
| 222 | { | 222 | { |
| 223 | struct tls13_secret binder_context; | ||
| 224 | uint8_t binder_context_data[EVP_MAX_MD_SIZE] = { 0 }; | ||
| 225 | unsigned binder_context_len; | ||
| 226 | EVP_MD_CTX *mdctx; | ||
| 227 | |||
| 228 | if (!secrets->init_done || secrets->early_done) | 223 | if (!secrets->init_done || secrets->early_done) |
| 229 | return 0; | 224 | return 0; |
| 230 | 225 | ||
| 231 | if ((mdctx = EVP_MD_CTX_new()) == NULL) | ||
| 232 | return 0; | ||
| 233 | |||
| 234 | if (!EVP_DigestInit_ex(mdctx, secrets->digest, NULL) || | ||
| 235 | !EVP_DigestUpdate(mdctx, secrets->zeros.data, secrets->zeros.len) || | ||
| 236 | !EVP_DigestFinal_ex(mdctx, binder_context_data, | ||
| 237 | &binder_context_len)) { | ||
| 238 | EVP_MD_CTX_free(mdctx); | ||
| 239 | return 0; | ||
| 240 | } | ||
| 241 | binder_context.data = binder_context_data; | ||
| 242 | binder_context.len = binder_context_len; | ||
| 243 | EVP_MD_CTX_free(mdctx); | ||
| 244 | |||
| 245 | /* If these don't match, we were initialized with the wrong length */ | ||
| 246 | if (binder_context_len != secrets->zeros.len) | ||
| 247 | return 0; | ||
| 248 | |||
| 249 | if (!HKDF_extract(secrets->extracted_early.data, | 226 | if (!HKDF_extract(secrets->extracted_early.data, |
| 250 | &secrets->extracted_early.len, secrets->digest, psk, psk_len, | 227 | &secrets->extracted_early.len, secrets->digest, psk, psk_len, |
| 251 | secrets->zeros.data, secrets->zeros.len)) | 228 | secrets->zeros.data, secrets->zeros.len)) |
| @@ -257,7 +234,7 @@ tls13_derive_early_secrets(struct tls13_secrets *secrets, | |||
| 257 | if (!tls13_derive_secret(&secrets->binder_key, secrets->digest, | 234 | if (!tls13_derive_secret(&secrets->binder_key, secrets->digest, |
| 258 | &secrets->extracted_early, | 235 | &secrets->extracted_early, |
| 259 | secrets->resumption ? "res binder" : "ext binder", | 236 | secrets->resumption ? "res binder" : "ext binder", |
| 260 | &binder_context)) | 237 | &secrets->empty_hash)) |
| 261 | return 0; | 238 | return 0; |
| 262 | if (!tls13_derive_secret(&secrets->client_early_traffic, | 239 | if (!tls13_derive_secret(&secrets->client_early_traffic, |
| 263 | secrets->digest, &secrets->extracted_early, "c e traffic", | 240 | secrets->digest, &secrets->extracted_early, "c e traffic", |
| @@ -313,7 +290,7 @@ tls13_derive_handshake_secrets(struct tls13_secrets *secrets, | |||
| 313 | return 0; | 290 | return 0; |
| 314 | if (!tls13_derive_secret(&secrets->derived_handshake, | 291 | if (!tls13_derive_secret(&secrets->derived_handshake, |
| 315 | secrets->digest, &secrets->extracted_handshake, "derived", | 292 | secrets->digest, &secrets->extracted_handshake, "derived", |
| 316 | context)) | 293 | &secrets->empty_hash)) |
| 317 | return 0; | 294 | return 0; |
| 318 | 295 | ||
| 319 | /* RFC 8446 recommends */ | 296 | /* RFC 8446 recommends */ |