diff options
author | Bob Beck <beck@cvs.openbsd.org> | 2019-11-17 21:01:09 +0000 |
---|---|---|
committer | Bob Beck <beck@cvs.openbsd.org> | 2019-11-17 21:01:09 +0000 |
commit | ed00e9c69971068c9da9c9d9c3a73f6d21ab42ee (patch) | |
tree | d892965abaea9a001c2cc5f68ee9649f6fb051bb | |
parent | 7fd7ae7ab5435b0fc0eebf42d5ab63a96765b009 (diff) |
Correct update of application traffic secrets to use an empty context
rather than the hash of an empty context
ok jsing@
-rw-r--r-- | lib/libssl/tls13_key_schedule.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/lib/libssl/tls13_key_schedule.c b/lib/libssl/tls13_key_schedule.c index 8a0b3e8af45..91f59e46f92 100644 --- a/lib/libssl/tls13_key_schedule.c +++ b/lib/libssl/tls13_key_schedule.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_key_schedule.c,v 1.7 2018/11/13 01:25:13 beck Exp $ */ +/* $OpenBSD: tls13_key_schedule.c,v 1.8 2019/11/17 21:01:08 beck Exp $ */ /* Copyright (c) 2018, Bob Beck <beck@openbsd.org> * * Permission to use, copy, modify, and/or distribute this software for any @@ -354,23 +354,27 @@ tls13_derive_application_secrets(struct tls13_secrets *secrets, int tls13_update_client_traffic_secret(struct tls13_secrets *secrets) { + struct tls13_secret context = { .data = "", .len = 0 }; + if (!secrets->init_done || !secrets->early_done || !secrets->handshake_done || !secrets->schedule_done) return 0; return tls13_hkdf_expand_label(&secrets->client_application_traffic, secrets->digest, &secrets->client_application_traffic, - "traffic upd", &secrets->empty_hash); + "traffic upd", &context); } int tls13_update_server_traffic_secret(struct tls13_secrets *secrets) { + struct tls13_secret context = { .data = "", .len = 0 }; + if (!secrets->init_done || !secrets->early_done || !secrets->handshake_done || !secrets->schedule_done) return 0; return tls13_hkdf_expand_label(&secrets->server_application_traffic, secrets->digest, &secrets->server_application_traffic, - "traffic upd", &secrets->empty_hash); + "traffic upd", &context); } |