Clean up resumption secret "derivation" step.

There is no more derivation step. We just use the resumption secret
directly. This saves us an unnecessary memcpy.

Change-Id: I203bdcc0463780c47cce655046aa1be560bb5b18
Reviewed-on: https://boringssl-review.googlesource.com/12472
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>

ssl/tls13_client.c

@@ -48,6 +48,8 @@ enum client_hs_state_t {
   state_done,
 };
 
+static const uint8_t kZeroes[EVP_MAX_MD_SIZE] = {0};
+
 static enum ssl_hs_wait_t do_process_hello_retry_request(SSL *ssl,
                                                          SSL_HANDSHAKE *hs) {
   if (ssl->s3->tmp.message_type != SSL3_MT_HELLO_RETRY_REQUEST) {
@@ -275,20 +277,17 @@ static enum ssl_hs_wait_t do_process_server_hello(SSL *ssl, SSL_HANDSHAKE *hs) {
   /* The PRF hash is now known. Set up the key schedule. */
   size_t hash_len =
       EVP_MD_size(ssl_get_handshake_digest(ssl_get_algorithm_prf(ssl)));
-
-  /* Derive resumption material. */
-  uint8_t psk_secret[EVP_MAX_MD_SIZE] = {0};
-  if (ssl->s3->session_reused) {
-    if (hash_len != (size_t) ssl->s3->new_session->master_key_length) {
-      return ssl_hs_error;
-    }
-    memcpy(psk_secret, ssl->s3->new_session->master_key, hash_len);
+  if (!tls13_init_key_schedule(ssl)) {
+    return ssl_hs_error;
   }
 
-  /* Set up the key schedule, hash in the ClientHello, and incorporate the PSK
-   * into the running secret. */
-  if (!tls13_init_key_schedule(ssl) ||
-      !tls13_advance_key_schedule(ssl, psk_secret, hash_len)) {
+  /* Incorporate the PSK into the running secret. */
+  if (ssl->s3->session_reused) {
+    if (!tls13_advance_key_schedule(ssl, ssl->s3->new_session->master_key,
+                                    ssl->s3->new_session->master_key_length)) {
+      return ssl_hs_error;
+    }
+  } else if (!tls13_advance_key_schedule(ssl, kZeroes, hash_len)) {
     return ssl_hs_error;
   }
 
@@ -430,7 +429,6 @@ static enum ssl_hs_wait_t do_process_server_certificate_verify(
 
 static enum ssl_hs_wait_t do_process_server_finished(SSL *ssl,
                                                      SSL_HANDSHAKE *hs) {
-  static const uint8_t kZeroes[EVP_MAX_MD_SIZE] = {0};
   if (!tls13_check_message_type(ssl, SSL3_MT_FINISHED) ||
       !tls13_process_finished(ssl) ||
       !ssl_hash_current_message(ssl) ||

ssl/tls13_server.c

@@ -284,23 +284,20 @@ static enum ssl_hs_wait_t do_select_parameters(SSL *ssl, SSL_HANDSHAKE *hs) {
     return ssl_hs_error;
   }
 
-  /* The PRF hash is now known. */
+  /* The PRF hash is now known. Set up the key schedule. */
   size_t hash_len =
       EVP_MD_size(ssl_get_handshake_digest(ssl_get_algorithm_prf(ssl)));
-
-  /* Derive resumption material. */
-  uint8_t psk_secret[EVP_MAX_MD_SIZE] = {0};
-  if (ssl->s3->session_reused) {
-    if (hash_len != (size_t) ssl->s3->new_session->master_key_length) {
-      return ssl_hs_error;
-    }
-    memcpy(psk_secret, ssl->s3->new_session->master_key, hash_len);
+  if (!tls13_init_key_schedule(ssl)) {
+    return ssl_hs_error;
   }
 
-  /* Set up the key schedule, hash in the ClientHello, and incorporate the PSK
-   * into the running secret. */
-  if (!tls13_init_key_schedule(ssl) ||
-      !tls13_advance_key_schedule(ssl, psk_secret, hash_len)) {
+  /* Incorporate the PSK into the running secret. */
+  if (ssl->s3->session_reused) {
+    if (!tls13_advance_key_schedule(ssl, ssl->s3->new_session->master_key,
+                                    ssl->s3->new_session->master_key_length)) {
+      return ssl_hs_error;
+    }
+  } else if (!tls13_advance_key_schedule(ssl, kZeroes, hash_len)) {
     return ssl_hs_error;
   }