Commit 17aa119e authored by Matt Caswell's avatar Matt Caswell
Browse files

Update the HKDF labels for draft-20 



Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3371)
parent 96c9aee2

ssl/statem/extensions.c

+1 −1
Original line number Diff line number Diff line
@@ -1187,7 +1187,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, 
    EVP_MD_CTX *mctx = NULL;

    unsigned char hash[EVP_MAX_MD_SIZE], binderkey[EVP_MAX_MD_SIZE];

    unsigned char finishedkey[EVP_MAX_MD_SIZE], tmpbinder[EVP_MAX_MD_SIZE];

    const char resumption_label[] = "resumption psk binder key";

    const char resumption_label[] = "res binder";

    size_t bindersize, hashsize = EVP_MD_size(md);

    int ret = -1;

ssl/tls13_enc.c

+9 −16
Original line number Diff line number Diff line
@@ -28,7 +28,7 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, 
                             const unsigned char *hash,

                             unsigned char *out, size_t outlen)

{

    const unsigned char label_prefix[] = "TLS 1.3, ";

    const unsigned char label_prefix[] = "tls13 ";

    EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);

    int ret;

    size_t hkdflabellen;
@@ -124,7 +124,7 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md, 
    size_t mdlen, prevsecretlen;

    int ret;

    EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);

    static const char derived_secret_label[] = "derived secret";

    static const char derived_secret_label[] = "derived";

    unsigned char preextractsec[EVP_MAX_MD_SIZE];



    if (pctx == NULL)
@@ -343,18 +343,12 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md, 


int tls13_change_cipher_state(SSL *s, int which)

{

    static const unsigned char client_early_traffic[] =

        "client early traffic secret";

    static const unsigned char client_handshake_traffic[] =

        "client handshake traffic secret";

    static const unsigned char client_application_traffic[] =

        "client application traffic secret";

    static const unsigned char server_handshake_traffic[] =

        "server handshake traffic secret";

    static const unsigned char server_application_traffic[] =

        "server application traffic secret";

    static const unsigned char resumption_master_secret[] =

        "resumption master secret";

    static const unsigned char client_early_traffic[] = "c e traffic";

    static const unsigned char client_handshake_traffic[] = "c hs traffic";

    static const unsigned char client_application_traffic[] = "c ap traffic";

    static const unsigned char server_handshake_traffic[] = "s hs traffic";

    static const unsigned char server_application_traffic[] = "s ap traffic";

    static const unsigned char resumption_master_secret[] = "res master";

    unsigned char *iv;

    unsigned char secret[EVP_MAX_MD_SIZE];

    unsigned char hashval[EVP_MAX_MD_SIZE];
@@ -559,8 +553,7 @@ int tls13_change_cipher_state(SSL *s, int which) 


int tls13_update_key(SSL *s, int sending)

{

    static const unsigned char application_traffic[] =

        "application traffic secret";

    static const unsigned char application_traffic[] = "traffic upd";

    const EVP_MD *md = ssl_handshake_md(s);

    size_t hashlen = EVP_MD_size(md);

    unsigned char *insecret, *iv;