diff options
Diffstat (limited to 'lib/secrets.c')
-rw-r--r-- | lib/secrets.c | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/lib/secrets.c b/lib/secrets.c index 728876ede3..039181d27e 100644 --- a/lib/secrets.c +++ b/lib/secrets.c @@ -88,7 +88,7 @@ int _tls13_update_secret(gnutls_session_t session, const uint8_t *key, size_t ke } /* Derive-Secret(Secret, Label, Messages) */ -int _tls13_derive_secret2(const mac_entry_st *prf, +int _tls13_derive_secret2(const mac_entry_st *prf, transport_t type, const char *label, unsigned label_size, const uint8_t *tbh, size_t tbh_size, const uint8_t secret[MAX_HASH_SIZE], @@ -109,7 +109,7 @@ int _tls13_derive_secret2(const mac_entry_st *prf, if (ret < 0) return gnutls_assert_val(ret); - return _tls13_expand_secret2(prf, label, label_size, digest, digest_size, secret, digest_size, out); + return _tls13_expand_secret2(prf, type, label, label_size, digest, digest_size, secret, digest_size, out); } /* Derive-Secret(Secret, Label, Messages) */ @@ -122,25 +122,29 @@ int _tls13_derive_secret(gnutls_session_t session, if (unlikely(session->security_parameters.prf == NULL)) return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); - return _tls13_derive_secret2(session->security_parameters.prf, label, label_size, tbh, tbh_size, - secret, - out); + return _tls13_derive_secret2(session->security_parameters.prf, session->internals.transport, + label, label_size, tbh, tbh_size, secret, out); } /* HKDF-Expand-Label(Secret, Label, HashValue, Length) */ -int _tls13_expand_secret2(const mac_entry_st *prf, +int _tls13_expand_secret2(const mac_entry_st *prf, transport_t type, const char *label, unsigned label_size, const uint8_t *msg, size_t msg_size, const uint8_t secret[MAX_HASH_SIZE], unsigned out_size, void *out) { - uint8_t tmp[256] = "tls13 "; + uint8_t tmp[256]; gnutls_buffer_st str; gnutls_datum_t key; gnutls_datum_t info; int ret; + if (type == GNUTLS_STREAM) + memcpy(tmp, "tls13 ", 6); + else + memcpy(tmp, "dtls13", 6); + if (unlikely(label_size >= sizeof(tmp)-6)) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); @@ -207,6 +211,7 @@ int _tls13_expand_secret(gnutls_session_t session, return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); return _tls13_expand_secret2(session->security_parameters.prf, + session->internals.transport, label, label_size, msg, msg_size, secret, out_size, out); |