Fix the TLSv1.3 key schedule implementation. - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	jsing <jsing@openbsd.org>	2018-11-09 23:56:20 +0000
committer	jsing <jsing@openbsd.org>	2018-11-09 23:56:20 +0000
commit	b928de213c80d0732a4f0d45ab7b0ec87d1eba0b (patch)
tree	12a26c468d568f7184024aafe370813fc7bf2683 /lib/libssl/ssl_lib.c
parent	Use "send" and "recv" consistently instead of mixing them with "read" (diff)
download	wireguard-openbsd-b928de213c80d0732a4f0d45ab7b0ec87d1eba0b.tar.xz wireguard-openbsd-b928de213c80d0732a4f0d45ab7b0ec87d1eba0b.zip

Fix the TLSv1.3 key schedule implementation.

When the RFC refers to ("") for key derivation, it is referring to the transcript hash of an empty string, not an empty string. Rename tls13_secrets_new() to tls13_secrets_create(), make it take an EVP_MD * and calculate the hash of an empty string so that we have it available for the "derived" and other steps. Merge tls13_secrets_init() into the same function, remove the EVP_MD * from other functions and use the empty string hash at the appropriate places. ok beck@ tb@

Diffstat (limited to 'lib/libssl/ssl_lib.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: