buf, sizeof(buf), NULL));
}
+
if ((session->security_parameters.entity == GNUTLS_CLIENT && stage == STAGE_UPD_OURS) ||
(session->security_parameters.entity == GNUTLS_SERVER && stage == STAGE_UPD_PEERS)) {
+
/* client keys */
- ret = _tls13_derive_secret(session, APPLICATION_TRAFFIC_UPDATE,
+ ret = _tls13_expand_secret(session, APPLICATION_TRAFFIC_UPDATE,
sizeof(APPLICATION_TRAFFIC_UPDATE)-1,
NULL, 0,
- session->key.proto.tls13.temp_secret,
+ session->key.proto.tls13.hs_ckey,
+ session->security_parameters.prf->output_size,
session->key.proto.tls13.hs_ckey);
if (ret < 0)
return gnutls_assert_val(ret);
if (ret < 0)
return gnutls_assert_val(ret);
} else {
- ret = _tls13_derive_secret(session, APPLICATION_TRAFFIC_UPDATE,
+ ret = _tls13_expand_secret(session, APPLICATION_TRAFFIC_UPDATE,
sizeof(APPLICATION_TRAFFIC_UPDATE)-1,
NULL, 0,
- session->key.proto.tls13.temp_secret,
+ session->key.proto.tls13.hs_skey,
+ session->security_parameters.prf->output_size,
session->key.proto.tls13.hs_skey);
if (ret < 0)
return gnutls_assert_val(ret);
* early_secret, client_early_traffic_secret, ... */
uint8_t temp_secret[MAX_HASH_SIZE];
unsigned temp_secret_size; /* depends on negotiated PRF size */
- uint8_t hs_ckey[MAX_HASH_SIZE]; /* client_handshake_traffic_secret */
- uint8_t hs_skey[MAX_HASH_SIZE]; /* server_handshake_traffic_secret */
+ uint8_t hs_ckey[MAX_HASH_SIZE]; /* client_hs_traffic_secret/client_ap_traffic_secret */
+ uint8_t hs_skey[MAX_HASH_SIZE]; /* server_hs_traffic_secret/server_ap_traffic_secret */
uint8_t ap_expkey[MAX_HASH_SIZE]; /* exporter_master_secret */
uint8_t ap_rms[MAX_HASH_SIZE]; /* resumption_master_secret */
} tls13; /* tls1.3 */
} else {
gnutls_memset(session->key.proto.tls13.temp_secret, 0,
sizeof(session->key.proto.tls13.temp_secret));
- gnutls_memset(session->key.proto.tls13.hs_ckey, 0,
- sizeof(session->key.proto.tls13.hs_ckey));
- gnutls_memset(session->key.proto.tls13.hs_skey, 0,
- sizeof(session->key.proto.tls13.hs_skey));
}
reset_binders(session);
projects / thirdparty / gnutls.git / commitdiff
