diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 15 | ||||
| -rw-r--r-- | src/lib/libssl/tls13_internal.h | 16 | ||||
| -rw-r--r-- | src/lib/libssl/tls13_key_schedule.c | 24 | ||||
| -rw-r--r-- | src/lib/libssl/tls13_lib.c | 74 |
4 files changed, 121 insertions, 8 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index d92ccd8029..58b9dae910 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_lib.c,v 1.237 2020/10/14 16:57:33 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_lib.c,v 1.238 2020/11/16 18:55:15 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1716,8 +1716,17 @@ SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, | |||
| 1716 | const char *label, size_t llen, const unsigned char *p, size_t plen, | 1716 | const char *label, size_t llen, const unsigned char *p, size_t plen, |
| 1717 | int use_context) | 1717 | int use_context) |
| 1718 | { | 1718 | { |
| 1719 | return (tls1_export_keying_material(s, out, olen, | 1719 | if (s->internal->tls13 != NULL && s->version == TLS1_3_VERSION) { |
| 1720 | label, llen, p, plen, use_context)); | 1720 | if (!use_context) { |
| 1721 | p = NULL; | ||
| 1722 | plen = 0; | ||
| 1723 | } | ||
| 1724 | return tls13_exporter(s->internal->tls13, label, llen, p, plen, | ||
| 1725 | out, olen); | ||
| 1726 | } | ||
| 1727 | |||
| 1728 | return (tls1_export_keying_material(s, out, olen, label, llen, p, plen, | ||
| 1729 | use_context)); | ||
| 1721 | } | 1730 | } |
| 1722 | 1731 | ||
| 1723 | static unsigned long | 1732 | static unsigned long |
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h index 03a1a6b4b1..ea5f9a1473 100644 --- a/src/lib/libssl/tls13_internal.h +++ b/src/lib/libssl/tls13_internal.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_internal.h,v 1.86 2020/07/30 16:23:17 tb Exp $ */ | 1 | /* $OpenBSD: tls13_internal.h,v 1.87 2020/11/16 18:55:15 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018 Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2018 Bob Beck <beck@openbsd.org> |
| 4 | * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> | 4 | * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> |
| @@ -148,6 +148,16 @@ void tls13_secrets_destroy(struct tls13_secrets *secrets); | |||
| 148 | int tls13_hkdf_expand_label(struct tls13_secret *out, const EVP_MD *digest, | 148 | int tls13_hkdf_expand_label(struct tls13_secret *out, const EVP_MD *digest, |
| 149 | const struct tls13_secret *secret, const char *label, | 149 | const struct tls13_secret *secret, const char *label, |
| 150 | const struct tls13_secret *context); | 150 | const struct tls13_secret *context); |
| 151 | int tls13_hkdf_expand_label_with_length(struct tls13_secret *out, | ||
| 152 | const EVP_MD *digest, const struct tls13_secret *secret, | ||
| 153 | const uint8_t *label, size_t label_len, const struct tls13_secret *context); | ||
| 154 | |||
| 155 | int tls13_derive_secret(struct tls13_secret *out, const EVP_MD *digest, | ||
| 156 | const struct tls13_secret *secret, const char *label, | ||
| 157 | const struct tls13_secret *context); | ||
| 158 | int tls13_derive_secret_with_label_length(struct tls13_secret *out, | ||
| 159 | const EVP_MD *digest, const struct tls13_secret *secret, | ||
| 160 | const uint8_t *label, size_t label_len, const struct tls13_secret *context); | ||
| 151 | 161 | ||
| 152 | int tls13_derive_early_secrets(struct tls13_secrets *secrets, uint8_t *psk, | 162 | int tls13_derive_early_secrets(struct tls13_secrets *secrets, uint8_t *psk, |
| 153 | size_t psk_len, const struct tls13_secret *context); | 163 | size_t psk_len, const struct tls13_secret *context); |
| @@ -412,6 +422,10 @@ int tls13_error_setx(struct tls13_error *error, int code, int subcode, | |||
| 412 | tls13_error_setx(&(ctx)->error, (code), (subcode), __FILE__, __LINE__, \ | 422 | tls13_error_setx(&(ctx)->error, (code), (subcode), __FILE__, __LINE__, \ |
| 413 | (fmt), __VA_ARGS__) | 423 | (fmt), __VA_ARGS__) |
| 414 | 424 | ||
| 425 | int tls13_exporter(struct tls13_ctx *ctx, const uint8_t *label, size_t label_len, | ||
| 426 | const uint8_t *context_value, size_t context_value_len, uint8_t *out, | ||
| 427 | size_t out_len); | ||
| 428 | |||
| 415 | extern const uint8_t tls13_downgrade_12[8]; | 429 | extern const uint8_t tls13_downgrade_12[8]; |
| 416 | extern const uint8_t tls13_downgrade_11[8]; | 430 | extern const uint8_t tls13_downgrade_11[8]; |
| 417 | extern const uint8_t tls13_hello_retry_request_hash[32]; | 431 | extern const uint8_t tls13_hello_retry_request_hash[32]; |
diff --git a/src/lib/libssl/tls13_key_schedule.c b/src/lib/libssl/tls13_key_schedule.c index 91f59e46f9..35180cfe5c 100644 --- a/src/lib/libssl/tls13_key_schedule.c +++ b/src/lib/libssl/tls13_key_schedule.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_key_schedule.c,v 1.8 2019/11/17 21:01:08 beck Exp $ */ | 1 | /* $OpenBSD: tls13_key_schedule.c,v 1.9 2020/11/16 18:55:15 jsing Exp $ */ |
| 2 | /* Copyright (c) 2018, Bob Beck <beck@openbsd.org> | 2 | /* Copyright (c) 2018, Bob Beck <beck@openbsd.org> |
| 3 | * | 3 | * |
| 4 | * Permission to use, copy, modify, and/or distribute this software for any | 4 | * Permission to use, copy, modify, and/or distribute this software for any |
| @@ -174,6 +174,15 @@ tls13_hkdf_expand_label(struct tls13_secret *out, const EVP_MD *digest, | |||
| 174 | const struct tls13_secret *secret, const char *label, | 174 | const struct tls13_secret *secret, const char *label, |
| 175 | const struct tls13_secret *context) | 175 | const struct tls13_secret *context) |
| 176 | { | 176 | { |
| 177 | return tls13_hkdf_expand_label_with_length(out, digest, secret, label, | ||
| 178 | strlen(label), context); | ||
| 179 | } | ||
| 180 | |||
| 181 | int | ||
| 182 | tls13_hkdf_expand_label_with_length(struct tls13_secret *out, | ||
| 183 | const EVP_MD *digest, const struct tls13_secret *secret, | ||
| 184 | const uint8_t *label, size_t label_len, const struct tls13_secret *context) | ||
| 185 | { | ||
| 177 | const char tls13_plabel[] = "tls13 "; | 186 | const char tls13_plabel[] = "tls13 "; |
| 178 | uint8_t *hkdf_label; | 187 | uint8_t *hkdf_label; |
| 179 | size_t hkdf_label_len; | 188 | size_t hkdf_label_len; |
| @@ -188,7 +197,7 @@ tls13_hkdf_expand_label(struct tls13_secret *out, const EVP_MD *digest, | |||
| 188 | goto err; | 197 | goto err; |
| 189 | if (!CBB_add_bytes(&child, tls13_plabel, strlen(tls13_plabel))) | 198 | if (!CBB_add_bytes(&child, tls13_plabel, strlen(tls13_plabel))) |
| 190 | goto err; | 199 | goto err; |
| 191 | if (!CBB_add_bytes(&child, label, strlen(label))) | 200 | if (!CBB_add_bytes(&child, label, label_len)) |
| 192 | goto err; | 201 | goto err; |
| 193 | if (!CBB_add_u8_length_prefixed(&cbb, &child)) | 202 | if (!CBB_add_u8_length_prefixed(&cbb, &child)) |
| 194 | goto err; | 203 | goto err; |
| @@ -207,7 +216,7 @@ tls13_hkdf_expand_label(struct tls13_secret *out, const EVP_MD *digest, | |||
| 207 | return(0); | 216 | return(0); |
| 208 | } | 217 | } |
| 209 | 218 | ||
| 210 | static int | 219 | int |
| 211 | tls13_derive_secret(struct tls13_secret *out, const EVP_MD *digest, | 220 | tls13_derive_secret(struct tls13_secret *out, const EVP_MD *digest, |
| 212 | const struct tls13_secret *secret, const char *label, | 221 | const struct tls13_secret *secret, const char *label, |
| 213 | const struct tls13_secret *context) | 222 | const struct tls13_secret *context) |
| @@ -216,6 +225,15 @@ tls13_derive_secret(struct tls13_secret *out, const EVP_MD *digest, | |||
| 216 | } | 225 | } |
| 217 | 226 | ||
| 218 | int | 227 | int |
| 228 | tls13_derive_secret_with_label_length(struct tls13_secret *out, | ||
| 229 | const EVP_MD *digest, const struct tls13_secret *secret, const uint8_t *label, | ||
| 230 | size_t label_len, const struct tls13_secret *context) | ||
| 231 | { | ||
| 232 | return tls13_hkdf_expand_label_with_length(out, digest, secret, label, | ||
| 233 | label_len, context); | ||
| 234 | } | ||
| 235 | |||
| 236 | int | ||
| 219 | tls13_derive_early_secrets(struct tls13_secrets *secrets, | 237 | tls13_derive_early_secrets(struct tls13_secrets *secrets, |
| 220 | uint8_t *psk, size_t psk_len, const struct tls13_secret *context) | 238 | uint8_t *psk, size_t psk_len, const struct tls13_secret *context) |
| 221 | { | 239 | { |
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c index 590426ad8a..6b6ddce4d6 100644 --- a/src/lib/libssl/tls13_lib.c +++ b/src/lib/libssl/tls13_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_lib.c,v 1.54 2020/09/11 15:03:36 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_lib.c,v 1.55 2020/11/16 18:55:15 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2019 Bob Beck <beck@openbsd.org> | 4 | * Copyright (c) 2019 Bob Beck <beck@openbsd.org> |
| @@ -579,3 +579,75 @@ tls13_clienthello_hash_validate(struct tls13_ctx *ctx) | |||
| 579 | return 1; | 579 | return 1; |
| 580 | } | 580 | } |
| 581 | 581 | ||
| 582 | int | ||
| 583 | tls13_exporter(struct tls13_ctx *ctx, const uint8_t *label, size_t label_len, | ||
| 584 | const uint8_t *context_value, size_t context_value_len, uint8_t *out, | ||
| 585 | size_t out_len) | ||
| 586 | { | ||
| 587 | struct tls13_secret context, export_out, export_secret; | ||
| 588 | struct tls13_secrets *secrets = ctx->hs->secrets; | ||
| 589 | EVP_MD_CTX *md_ctx = NULL; | ||
| 590 | unsigned int md_out_len; | ||
| 591 | int md_len; | ||
| 592 | int ret = 0; | ||
| 593 | |||
| 594 | /* | ||
| 595 | * RFC 8446 Section 7.5. | ||
| 596 | */ | ||
| 597 | |||
| 598 | memset(&context, 0, sizeof(context)); | ||
| 599 | memset(&export_secret, 0, sizeof(export_secret)); | ||
| 600 | |||
| 601 | export_out.data = out; | ||
| 602 | export_out.len = out_len; | ||
| 603 | |||
| 604 | if (!ctx->handshake_completed) | ||
| 605 | return 0; | ||
| 606 | |||
| 607 | md_len = EVP_MD_size(secrets->digest); | ||
| 608 | if (md_len <= 0 || md_len > EVP_MAX_MD_SIZE) | ||
| 609 | goto err; | ||
| 610 | |||
| 611 | if ((export_secret.data = calloc(1, md_len)) == NULL) | ||
| 612 | goto err; | ||
| 613 | export_secret.len = md_len; | ||
| 614 | |||
| 615 | if ((context.data = calloc(1, md_len)) == NULL) | ||
| 616 | goto err; | ||
| 617 | context.len = md_len; | ||
| 618 | |||
| 619 | /* In TLSv1.3 no context is equivalent to an empty context. */ | ||
| 620 | if (context_value == NULL) { | ||
| 621 | context_value = ""; | ||
| 622 | context_value_len = 0; | ||
| 623 | } | ||
| 624 | |||
| 625 | if ((md_ctx = EVP_MD_CTX_new()) == NULL) | ||
| 626 | goto err; | ||
| 627 | if (!EVP_DigestInit_ex(md_ctx, secrets->digest, NULL)) | ||
| 628 | goto err; | ||
| 629 | if (!EVP_DigestUpdate(md_ctx, context_value, context_value_len)) | ||
| 630 | goto err; | ||
| 631 | if (!EVP_DigestFinal_ex(md_ctx, context.data, &md_out_len)) | ||
| 632 | goto err; | ||
| 633 | if (md_len != md_out_len) | ||
| 634 | goto err; | ||
| 635 | |||
| 636 | if (!tls13_derive_secret_with_label_length(&export_secret, | ||
| 637 | secrets->digest, &secrets->exporter_master, label, label_len, | ||
| 638 | &secrets->empty_hash)) | ||
| 639 | goto err; | ||
| 640 | |||
| 641 | if (!tls13_hkdf_expand_label(&export_out, secrets->digest, | ||
| 642 | &export_secret, "exporter", &context)) | ||
| 643 | goto err; | ||
| 644 | |||
| 645 | ret = 1; | ||
| 646 | |||
| 647 | err: | ||
| 648 | EVP_MD_CTX_free(md_ctx); | ||
| 649 | freezero(context.data, context.len); | ||
| 650 | freezero(export_secret.data, export_secret.len); | ||
| 651 | |||
| 652 | return ret; | ||
| 653 | } | ||