summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBob Beck <beck@cvs.openbsd.org>2019-11-17 21:01:09 +0000
committerBob Beck <beck@cvs.openbsd.org>2019-11-17 21:01:09 +0000
commited00e9c69971068c9da9c9d9c3a73f6d21ab42ee (patch)
treed892965abaea9a001c2cc5f68ee9649f6fb051bb
parent7fd7ae7ab5435b0fc0eebf42d5ab63a96765b009 (diff)
Correct update of application traffic secrets to use an empty context
rather than the hash of an empty context ok jsing@
-rw-r--r--lib/libssl/tls13_key_schedule.c10
1 files changed, 7 insertions, 3 deletions
diff --git a/lib/libssl/tls13_key_schedule.c b/lib/libssl/tls13_key_schedule.c
index 8a0b3e8af45..91f59e46f92 100644
--- a/lib/libssl/tls13_key_schedule.c
+++ b/lib/libssl/tls13_key_schedule.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_key_schedule.c,v 1.7 2018/11/13 01:25:13 beck Exp $ */
+/* $OpenBSD: tls13_key_schedule.c,v 1.8 2019/11/17 21:01:08 beck Exp $ */
/* Copyright (c) 2018, Bob Beck <beck@openbsd.org>
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -354,23 +354,27 @@ tls13_derive_application_secrets(struct tls13_secrets *secrets,
int
tls13_update_client_traffic_secret(struct tls13_secrets *secrets)
{
+ struct tls13_secret context = { .data = "", .len = 0 };
+
if (!secrets->init_done || !secrets->early_done ||
!secrets->handshake_done || !secrets->schedule_done)
return 0;
return tls13_hkdf_expand_label(&secrets->client_application_traffic,
secrets->digest, &secrets->client_application_traffic,
- "traffic upd", &secrets->empty_hash);
+ "traffic upd", &context);
}
int
tls13_update_server_traffic_secret(struct tls13_secrets *secrets)
{
+ struct tls13_secret context = { .data = "", .len = 0 };
+
if (!secrets->init_done || !secrets->early_done ||
!secrets->handshake_done || !secrets->schedule_done)
return 0;
return tls13_hkdf_expand_label(&secrets->server_application_traffic,
secrets->digest, &secrets->server_application_traffic,
- "traffic upd", &secrets->empty_hash);
+ "traffic upd", &context);
}