From 8f820b4e439ee9f255ff93d94e0879fa798a6b2d Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Wed, 30 Nov 2016 11:24:40 -0500 Subject: [PATCH] Clean up resumption secret "derivation" step. There is no more derivation step. We just use the resumption secret directly. This saves us an unnecessary memcpy. Change-Id: I203bdcc0463780c47cce655046aa1be560bb5b18 Reviewed-on: https://boringssl-review.googlesource.com/12472 CQ-Verified: CQ bot account: commit-bot@chromium.org Reviewed-by: Steven Valdez Reviewed-by: David Benjamin Commit-Queue: David Benjamin --- ssl/tls13_client.c | 24 +++++++++++------------- ssl/tls13_server.c | 23 ++++++++++------------- 2 files changed, 21 insertions(+), 26 deletions(-) diff --git a/ssl/tls13_client.c b/ssl/tls13_client.c index 4a30ce3d..5a1a90d0 100644 --- a/ssl/tls13_client.c +++ b/ssl/tls13_client.c @@ -48,6 +48,8 @@ enum client_hs_state_t { state_done, }; +static const uint8_t kZeroes[EVP_MAX_MD_SIZE] = {0}; + static enum ssl_hs_wait_t do_process_hello_retry_request(SSL *ssl, SSL_HANDSHAKE *hs) { if (ssl->s3->tmp.message_type != SSL3_MT_HELLO_RETRY_REQUEST) { @@ -275,20 +277,17 @@ static enum ssl_hs_wait_t do_process_server_hello(SSL *ssl, SSL_HANDSHAKE *hs) { /* The PRF hash is now known. Set up the key schedule. */ size_t hash_len = EVP_MD_size(ssl_get_handshake_digest(ssl_get_algorithm_prf(ssl))); - - /* Derive resumption material. */ - uint8_t psk_secret[EVP_MAX_MD_SIZE] = {0}; - if (ssl->s3->session_reused) { - if (hash_len != (size_t) ssl->s3->new_session->master_key_length) { - return ssl_hs_error; - } - memcpy(psk_secret, ssl->s3->new_session->master_key, hash_len); + if (!tls13_init_key_schedule(ssl)) { + return ssl_hs_error; } - /* Set up the key schedule, hash in the ClientHello, and incorporate the PSK - * into the running secret. */ - if (!tls13_init_key_schedule(ssl) || - !tls13_advance_key_schedule(ssl, psk_secret, hash_len)) { + /* Incorporate the PSK into the running secret. */ + if (ssl->s3->session_reused) { + if (!tls13_advance_key_schedule(ssl, ssl->s3->new_session->master_key, + ssl->s3->new_session->master_key_length)) { + return ssl_hs_error; + } + } else if (!tls13_advance_key_schedule(ssl, kZeroes, hash_len)) { return ssl_hs_error; } @@ -430,7 +429,6 @@ static enum ssl_hs_wait_t do_process_server_certificate_verify( static enum ssl_hs_wait_t do_process_server_finished(SSL *ssl, SSL_HANDSHAKE *hs) { - static const uint8_t kZeroes[EVP_MAX_MD_SIZE] = {0}; if (!tls13_check_message_type(ssl, SSL3_MT_FINISHED) || !tls13_process_finished(ssl) || !ssl_hash_current_message(ssl) || diff --git a/ssl/tls13_server.c b/ssl/tls13_server.c index 83ef6795..e10e88ef 100644 --- a/ssl/tls13_server.c +++ b/ssl/tls13_server.c @@ -284,23 +284,20 @@ static enum ssl_hs_wait_t do_select_parameters(SSL *ssl, SSL_HANDSHAKE *hs) { return ssl_hs_error; } - /* The PRF hash is now known. */ + /* The PRF hash is now known. Set up the key schedule. */ size_t hash_len = EVP_MD_size(ssl_get_handshake_digest(ssl_get_algorithm_prf(ssl))); - - /* Derive resumption material. */ - uint8_t psk_secret[EVP_MAX_MD_SIZE] = {0}; - if (ssl->s3->session_reused) { - if (hash_len != (size_t) ssl->s3->new_session->master_key_length) { - return ssl_hs_error; - } - memcpy(psk_secret, ssl->s3->new_session->master_key, hash_len); + if (!tls13_init_key_schedule(ssl)) { + return ssl_hs_error; } - /* Set up the key schedule, hash in the ClientHello, and incorporate the PSK - * into the running secret. */ - if (!tls13_init_key_schedule(ssl) || - !tls13_advance_key_schedule(ssl, psk_secret, hash_len)) { + /* Incorporate the PSK into the running secret. */ + if (ssl->s3->session_reused) { + if (!tls13_advance_key_schedule(ssl, ssl->s3->new_session->master_key, + ssl->s3->new_session->master_key_length)) { + return ssl_hs_error; + } + } else if (!tls13_advance_key_schedule(ssl, kZeroes, hash_len)) { return ssl_hs_error; }