ret = _tls13_derive_secret(session, APPLICATION_TRAFFIC_UPDATE,
sizeof(APPLICATION_TRAFFIC_UPDATE)-1,
NULL, 0,
- session->key.proto.kshare.temp_secret,
- session->key.proto.kshare.hs_ckey);
+ session->key.proto.tls13.temp_secret,
+ session->key.proto.tls13.hs_ckey);
if (ret < 0)
return gnutls_assert_val(ret);
- ret = _tls13_expand_secret(session, "key", 3, NULL, 0, session->key.proto.kshare.hs_ckey, key_size, key_block);
+ ret = _tls13_expand_secret(session, "key", 3, NULL, 0, session->key.proto.tls13.hs_ckey, key_size, key_block);
if (ret < 0)
return gnutls_assert_val(ret);
- ret = _tls13_expand_secret(session, "iv", 2, NULL, 0, session->key.proto.kshare.hs_ckey, iv_size, iv_block);
+ ret = _tls13_expand_secret(session, "iv", 2, NULL, 0, session->key.proto.tls13.hs_ckey, iv_size, iv_block);
if (ret < 0)
return gnutls_assert_val(ret);
} else {
ret = _tls13_derive_secret(session, APPLICATION_TRAFFIC_UPDATE,
sizeof(APPLICATION_TRAFFIC_UPDATE)-1,
NULL, 0,
- session->key.proto.kshare.temp_secret,
- session->key.proto.kshare.hs_skey);
+ session->key.proto.tls13.temp_secret,
+ session->key.proto.tls13.hs_skey);
if (ret < 0)
return gnutls_assert_val(ret);
- ret = _tls13_expand_secret(session, "key", 3, NULL, 0, session->key.proto.kshare.hs_skey, key_size, key_block);
+ ret = _tls13_expand_secret(session, "key", 3, NULL, 0, session->key.proto.tls13.hs_skey, key_size, key_block);
if (ret < 0)
return gnutls_assert_val(ret);
- ret = _tls13_expand_secret(session, "iv", 2, NULL, 0, session->key.proto.kshare.hs_skey, iv_size, iv_block);
+ ret = _tls13_expand_secret(session, "iv", 2, NULL, 0, session->key.proto.tls13.hs_skey, iv_size, iv_block);
if (ret < 0)
return gnutls_assert_val(ret);
}
ret = _tls13_derive_secret(session, label, label_size,
session->internals.handshake_hash_buffer.data,
hsk_len,
- session->key.proto.kshare.temp_secret,
- session->key.proto.kshare.hs_ckey);
+ session->key.proto.tls13.temp_secret,
+ session->key.proto.tls13.hs_ckey);
if (ret < 0)
return gnutls_assert_val(ret);
_gnutls_nss_keylog_write(session, keylog_label,
- session->key.proto.kshare.hs_ckey,
+ session->key.proto.tls13.hs_ckey,
session->security_parameters.prf->output_size);
/* client keys */
- ret = _tls13_expand_secret(session, "key", 3, NULL, 0, session->key.proto.kshare.hs_ckey, key_size, ckey_block);
+ ret = _tls13_expand_secret(session, "key", 3, NULL, 0, session->key.proto.tls13.hs_ckey, key_size, ckey_block);
if (ret < 0)
return gnutls_assert_val(ret);
- ret = _tls13_expand_secret(session, "iv", 2, NULL, 0, session->key.proto.kshare.hs_ckey, iv_size, civ_block);
+ ret = _tls13_expand_secret(session, "iv", 2, NULL, 0, session->key.proto.tls13.hs_ckey, iv_size, civ_block);
if (ret < 0)
return gnutls_assert_val(ret);
ret = _tls13_derive_secret(session, label, label_size,
session->internals.handshake_hash_buffer.data,
hsk_len,
- session->key.proto.kshare.temp_secret,
- session->key.proto.kshare.hs_skey);
+ session->key.proto.tls13.temp_secret,
+ session->key.proto.tls13.hs_skey);
if (ret < 0)
return gnutls_assert_val(ret);
_gnutls_nss_keylog_write(session, keylog_label,
- session->key.proto.kshare.hs_skey,
+ session->key.proto.tls13.hs_skey,
session->security_parameters.prf->output_size);
- ret = _tls13_expand_secret(session, "key", 3, NULL, 0, session->key.proto.kshare.hs_skey, key_size, skey_block);
+ ret = _tls13_expand_secret(session, "key", 3, NULL, 0, session->key.proto.tls13.hs_skey, key_size, skey_block);
if (ret < 0)
return gnutls_assert_val(ret);
- ret = _tls13_expand_secret(session, "iv", 2, NULL, 0, session->key.proto.kshare.hs_skey, iv_size, siv_block);
+ ret = _tls13_expand_secret(session, "iv", 2, NULL, 0, session->key.proto.tls13.hs_skey, iv_size, siv_block);
if (ret < 0)
return gnutls_assert_val(ret);
return gnutls_assert_val(ret);
if (group->pk == GNUTLS_PK_EC) {
- gnutls_pk_params_release(&session->key.proto.kshare.ecdh_params);
- gnutls_pk_params_init(&session->key.proto.kshare.ecdh_params);
+ gnutls_pk_params_release(&session->key.kshare.ecdh_params);
+ gnutls_pk_params_init(&session->key.kshare.ecdh_params);
ret = _gnutls_pk_generate_keys(group->pk, group->curve,
- &session->key.proto.kshare.ecdh_params, 1);
+ &session->key.kshare.ecdh_params, 1);
if (ret < 0)
return gnutls_assert_val(ret);
ret = _gnutls_ecc_ansi_x962_export(group->curve,
- session->key.proto.kshare.ecdh_params.params[ECC_X],
- session->key.proto.kshare.ecdh_params.params[ECC_Y],
+ session->key.kshare.ecdh_params.params[ECC_X],
+ session->key.kshare.ecdh_params.params[ECC_Y],
&tmp);
if (ret < 0)
return gnutls_assert_val(ret);
goto cleanup;
}
- session->key.proto.kshare.ecdh_params.algo = group->pk;
- session->key.proto.kshare.ecdh_params.curve = group->curve;
+ session->key.kshare.ecdh_params.algo = group->pk;
+ session->key.kshare.ecdh_params.curve = group->curve;
ret = 0;
} else if (group->pk == GNUTLS_PK_ECDH_X25519) {
- gnutls_pk_params_release(&session->key.proto.kshare.ecdhx_params);
- gnutls_pk_params_init(&session->key.proto.kshare.ecdhx_params);
+ gnutls_pk_params_release(&session->key.kshare.ecdhx_params);
+ gnutls_pk_params_init(&session->key.kshare.ecdhx_params);
ret = _gnutls_pk_generate_keys(group->pk, group->curve,
- &session->key.proto.kshare.ecdhx_params, 1);
+ &session->key.kshare.ecdhx_params, 1);
if (ret < 0)
return gnutls_assert_val(ret);
ret =
_gnutls_buffer_append_data_prefix(extdata, 16,
- session->key.proto.kshare.ecdhx_params.raw_pub.data,
- session->key.proto.kshare.ecdhx_params.raw_pub.size);
+ session->key.kshare.ecdhx_params.raw_pub.data,
+ session->key.kshare.ecdhx_params.raw_pub.size);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
- session->key.proto.kshare.ecdhx_params.algo = group->pk;
- session->key.proto.kshare.ecdhx_params.curve = group->curve;
+ session->key.kshare.ecdhx_params.algo = group->pk;
+ session->key.kshare.ecdhx_params.curve = group->curve;
ret = 0;
} else if (group->pk == GNUTLS_PK_DH) {
/* we need to initialize the group parameters first */
- gnutls_pk_params_release(&session->key.proto.kshare.dh_params);
- gnutls_pk_params_init(&session->key.proto.kshare.dh_params);
+ gnutls_pk_params_release(&session->key.kshare.dh_params);
+ gnutls_pk_params_init(&session->key.kshare.dh_params);
- ret = _gnutls_mpi_init_scan_nz(&session->key.proto.kshare.dh_params.params[DH_G],
+ ret = _gnutls_mpi_init_scan_nz(&session->key.kshare.dh_params.params[DH_G],
group->generator->data, group->generator->size);
if (ret < 0)
return gnutls_assert_val(ret);
- ret = _gnutls_mpi_init_scan_nz(&session->key.proto.kshare.dh_params.params[DH_P],
+ ret = _gnutls_mpi_init_scan_nz(&session->key.kshare.dh_params.params[DH_P],
group->prime->data, group->prime->size);
if (ret < 0)
return gnutls_assert_val(ret);
- session->key.proto.kshare.dh_params.algo = group->pk;
- session->key.proto.kshare.dh_params.qbits = *group->q_bits;
- session->key.proto.kshare.dh_params.params_nr = 3; /* empty q */
+ session->key.kshare.dh_params.algo = group->pk;
+ session->key.kshare.dh_params.qbits = *group->q_bits;
+ session->key.kshare.dh_params.params_nr = 3; /* empty q */
- ret = _gnutls_pk_generate_keys(group->pk, 0, &session->key.proto.kshare.dh_params, 1);
+ ret = _gnutls_pk_generate_keys(group->pk, 0, &session->key.kshare.dh_params, 1);
if (ret < 0)
return gnutls_assert_val(ret);
if (ret < 0)
return gnutls_assert_val(ret);
- ret = _gnutls_buffer_append_fixed_mpi(extdata, session->key.proto.kshare.dh_params.params[DH_Y],
+ ret = _gnutls_buffer_append_fixed_mpi(extdata, session->key.kshare.dh_params.params[DH_Y],
group->prime->size);
if (ret < 0)
return gnutls_assert_val(ret);
if (group->pk == GNUTLS_PK_EC) {
ret = _gnutls_ecc_ansi_x962_export(group->curve,
- session->key.proto.kshare.ecdh_params.params[ECC_X],
- session->key.proto.kshare.ecdh_params.params[ECC_Y],
+ session->key.kshare.ecdh_params.params[ECC_X],
+ session->key.kshare.ecdh_params.params[ECC_Y],
&tmp);
if (ret < 0)
return gnutls_assert_val(ret);
} else if (group->pk == GNUTLS_PK_ECDH_X25519) {
ret =
_gnutls_buffer_append_data_prefix(extdata, 16,
- session->key.proto.kshare.ecdhx_params.raw_pub.data,
- session->key.proto.kshare.ecdhx_params.raw_pub.size);
+ session->key.kshare.ecdhx_params.raw_pub.data,
+ session->key.kshare.ecdhx_params.raw_pub.size);
if (ret < 0)
return gnutls_assert_val(ret);
if (ret < 0)
return gnutls_assert_val(ret);
- ret = _gnutls_buffer_append_fixed_mpi(extdata, session->key.proto.kshare.dh_params.params[DH_Y],
+ ret = _gnutls_buffer_append_fixed_mpi(extdata, session->key.kshare.dh_params.params[DH_Y],
group->prime->size);
if (ret < 0)
return gnutls_assert_val(ret);
if (group->pk == GNUTLS_PK_EC) {
gnutls_pk_params_st pub;
- gnutls_pk_params_release(&session->key.proto.kshare.ecdh_params);
- gnutls_pk_params_init(&session->key.proto.kshare.ecdh_params);
+ gnutls_pk_params_release(&session->key.kshare.ecdh_params);
+ gnutls_pk_params_init(&session->key.kshare.ecdh_params);
curve = _gnutls_ecc_curve_get_params(group->curve);
return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
/* generate our key */
- ret = _gnutls_pk_generate_keys(curve->pk, curve->id, &session->key.proto.kshare.ecdh_params, 1);
+ ret = _gnutls_pk_generate_keys(curve->pk, curve->id, &session->key.kshare.ecdh_params, 1);
if (ret < 0)
return gnutls_assert_val(ret);
pub.params_nr = 2;
/* generate shared */
- ret = _gnutls_pk_derive_tls13(curve->pk, &session->key.key, &session->key.proto.kshare.ecdh_params, &pub);
+ ret = _gnutls_pk_derive_tls13(curve->pk, &session->key.key, &session->key.kshare.ecdh_params, &pub);
gnutls_pk_params_release(&pub);
if (ret < 0) {
return gnutls_assert_val(ret);
} else if (group->pk == GNUTLS_PK_ECDH_X25519) {
gnutls_pk_params_st pub;
- gnutls_pk_params_release(&session->key.proto.kshare.ecdhx_params);
- gnutls_pk_params_init(&session->key.proto.kshare.ecdhx_params);
+ gnutls_pk_params_release(&session->key.kshare.ecdhx_params);
+ gnutls_pk_params_init(&session->key.kshare.ecdhx_params);
curve = _gnutls_ecc_curve_get_params(group->curve);
return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
/* generate our key */
- ret = _gnutls_pk_generate_keys(curve->pk, curve->id, &session->key.proto.kshare.ecdhx_params, 1);
+ ret = _gnutls_pk_generate_keys(curve->pk, curve->id, &session->key.kshare.ecdhx_params, 1);
if (ret < 0)
return gnutls_assert_val(ret);
/* We don't mask the MSB in the final byte as required
* by RFC7748. This will be done internally by nettle 3.3 or later.
*/
- ret = _gnutls_pk_derive_tls13(curve->pk, &session->key.key, &session->key.proto.kshare.ecdhx_params, &pub);
+ ret = _gnutls_pk_derive_tls13(curve->pk, &session->key.key, &session->key.kshare.ecdhx_params, &pub);
if (ret < 0) {
return gnutls_assert_val(ret);
}
gnutls_pk_params_st pub;
/* we need to initialize the group parameters first */
- gnutls_pk_params_release(&session->key.proto.kshare.dh_params);
- gnutls_pk_params_init(&session->key.proto.kshare.dh_params);
+ gnutls_pk_params_release(&session->key.kshare.dh_params);
+ gnutls_pk_params_init(&session->key.kshare.dh_params);
if (data_size != group->prime->size)
return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
/* set group params */
- ret = _gnutls_mpi_init_scan_nz(&session->key.proto.kshare.dh_params.params[DH_G],
+ ret = _gnutls_mpi_init_scan_nz(&session->key.kshare.dh_params.params[DH_G],
group->generator->data, group->generator->size);
if (ret < 0)
return gnutls_assert_val(ret);
- ret = _gnutls_mpi_init_scan_nz(&session->key.proto.kshare.dh_params.params[DH_P],
+ ret = _gnutls_mpi_init_scan_nz(&session->key.kshare.dh_params.params[DH_P],
group->prime->data, group->prime->size);
if (ret < 0)
return gnutls_assert_val(ret);
- session->key.proto.kshare.dh_params.algo = GNUTLS_PK_DH;
- session->key.proto.kshare.dh_params.qbits = *group->q_bits;
- session->key.proto.kshare.dh_params.params_nr = 3; /* empty q */
+ session->key.kshare.dh_params.algo = GNUTLS_PK_DH;
+ session->key.kshare.dh_params.qbits = *group->q_bits;
+ session->key.kshare.dh_params.params_nr = 3; /* empty q */
/* generate our keys */
- ret = _gnutls_pk_generate_keys(group->pk, 0, &session->key.proto.kshare.dh_params, 1);
+ ret = _gnutls_pk_generate_keys(group->pk, 0, &session->key.kshare.dh_params, 1);
if (ret < 0)
return gnutls_assert_val(ret);
pub.algo = group->pk;
/* generate shared key */
- ret = _gnutls_pk_derive_tls13(GNUTLS_PK_DH, &session->key.key, &session->key.proto.kshare.dh_params, &pub);
+ ret = _gnutls_pk_derive_tls13(GNUTLS_PK_DH, &session->key.key, &session->key.kshare.dh_params, &pub);
_gnutls_mpi_release(&pub.params[DH_Y]);
if (ret < 0)
return gnutls_assert_val(ret);
pub.params_nr = 2;
/* generate shared key */
- ret = _gnutls_pk_derive_tls13(curve->pk, &session->key.key, &session->key.proto.kshare.ecdh_params, &pub);
+ ret = _gnutls_pk_derive_tls13(curve->pk, &session->key.key, &session->key.kshare.ecdh_params, &pub);
gnutls_pk_params_release(&pub);
if (ret < 0) {
return gnutls_assert_val(ret);
/* We don't mask the MSB in the final byte as required
* by RFC7748. This will be done internally by nettle 3.3 or later.
*/
- ret = _gnutls_pk_derive_tls13(curve->pk, &session->key.key, &session->key.proto.kshare.ecdhx_params, &pub);
+ ret = _gnutls_pk_derive_tls13(curve->pk, &session->key.key, &session->key.kshare.ecdhx_params, &pub);
if (ret < 0) {
return gnutls_assert_val(ret);
}
pub.algo = group->pk;
/* generate shared key */
- ret = _gnutls_pk_derive_tls13(GNUTLS_PK_DH, &session->key.key, &session->key.proto.kshare.dh_params, &pub);
+ ret = _gnutls_pk_derive_tls13(GNUTLS_PK_DH, &session->key.key, &session->key.kshare.dh_params, &pub);
_gnutls_mpi_release(&pub.params[DH_Y]);
if (ret < 0)
return gnutls_assert_val(ret);
} auth_cred_st;
struct gnutls_key_st {
- struct {
- /* TLS 1.3 key share exchange */
+ struct { /* These are kept outside the TLS1.3 union as they are
+ * negotiated via extension, even before protocol is negotiated */
+ gnutls_pk_params_st ecdh_params;
+ gnutls_pk_params_st ecdhx_params;
+ gnutls_pk_params_st dh_params;
+ } kshare;
+
+ /* The union contents depend on the negotiated protocol */
+ union {
struct {
- gnutls_pk_params_st ecdh_params;
- gnutls_pk_params_st ecdhx_params;
- gnutls_pk_params_st dh_params;
-
/* the current (depending on state) secret, can be
* early_secret, client_early_traffic_secret, ... */
uint8_t temp_secret[MAX_HASH_SIZE];
uint8_t hs_ckey[MAX_HASH_SIZE]; /* client_handshake_traffic_secret */
uint8_t hs_skey[MAX_HASH_SIZE]; /* server_handshake_traffic_secret */
uint8_t ap_expkey[MAX_HASH_SIZE]; /* exporter_master_secret */
- } kshare; /* tls1.3 */
+ } tls13; /* tls1.3 */
/* Folow the SSL3.0 and TLS1.2 key exchanges */
-
struct {
/* For ECDH KX */
struct {
uint8_t zero[MAX_HASH_SIZE];
ret = _tls13_derive_secret(session, DERIVED_LABEL, sizeof(DERIVED_LABEL)-1,
- NULL, 0, session->key.proto.kshare.temp_secret,
- session->key.proto.kshare.temp_secret);
+ NULL, 0, session->key.proto.tls13.temp_secret,
+ session->key.proto.tls13.temp_secret);
if (ret < 0)
return gnutls_assert_val(ret);
ret = _tls13_derive_secret(session, EXPORTER_MASTER_LABEL, sizeof(EXPORTER_MASTER_LABEL)-1,
session->internals.handshake_hash_buffer.data,
session->internals.handshake_hash_buffer_server_finished_len,
- session->key.proto.kshare.temp_secret,
- session->key.proto.kshare.ap_expkey);
+ session->key.proto.tls13.temp_secret,
+ session->key.proto.tls13.ap_expkey);
if (ret < 0)
return gnutls_assert_val(ret);
_gnutls_nss_keylog_write(session, "EXPORTER_SECRET",
- session->key.proto.kshare.ap_expkey,
+ session->key.proto.tls13.ap_expkey,
session->security_parameters.prf->output_size);
_gnutls_epoch_bump(session);
{
int ret;
- if (unlikely(session->key.key.size == 0 || session->key.proto.kshare.temp_secret_size == 0))
+ if (unlikely(session->key.key.size == 0 || session->key.proto.tls13.temp_secret_size == 0))
return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
ret = _tls13_update_secret(session, session->key.key.data, session->key.key.size);
return gnutls_assert_val(ret);
ret = _tls13_derive_secret(session, DERIVED_LABEL, sizeof(DERIVED_LABEL)-1,
- NULL, 0, session->key.proto.kshare.temp_secret,
- session->key.proto.kshare.temp_secret);
+ NULL, 0, session->key.proto.tls13.temp_secret,
+ session->key.proto.tls13.temp_secret);
if (ret < 0)
return gnutls_assert_val(ret);
if (vers->tls13_sem) {
ret = _tls13_derive_secret(session, DERIVED_LABEL, sizeof(DERIVED_LABEL)-1,
- NULL, 0, session->key.proto.kshare.temp_secret,
- session->key.proto.kshare.temp_secret);
+ NULL, 0, session->key.proto.tls13.temp_secret,
+ session->key.proto.tls13.temp_secret);
if (ret < 0) {
gnutls_assert();
goto fail;
}
ret = _tls13_derive_secret(session, label, label_size, NULL, 0,
- session->key.proto.kshare.ap_expkey, secret);
+ session->key.proto.tls13.ap_expkey, secret);
if (ret < 0)
return gnutls_assert_val(ret);
{
char buf[128];
- session->key.proto.kshare.temp_secret_size = session->security_parameters.prf->output_size;
+ session->key.proto.tls13.temp_secret_size = session->security_parameters.prf->output_size;
/* when no PSK, use the zero-value */
if (psk == NULL) {
- psk_size = session->key.proto.kshare.temp_secret_size;
+ psk_size = session->key.proto.tls13.temp_secret_size;
if (unlikely(psk_size >= sizeof(buf)))
return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
return gnutls_hmac_fast(session->security_parameters.prf->id,
"", 0,
psk, psk_size,
- session->key.proto.kshare.temp_secret);
+ session->key.proto.tls13.temp_secret);
}
/* HKDF-Extract(Prev-Secret, key) */
int _tls13_update_secret(gnutls_session_t session, const uint8_t *key, size_t key_size)
{
return gnutls_hmac_fast(session->security_parameters.prf->id,
- session->key.proto.kshare.temp_secret, session->key.proto.kshare.temp_secret_size,
+ session->key.proto.tls13.temp_secret, session->key.proto.tls13.temp_secret_size,
key, key_size,
- session->key.proto.kshare.temp_secret);
+ session->key.proto.tls13.temp_secret);
}
/* Derive-Secret(Secret, Label, Messages) */
static void deinit_keys(gnutls_session_t session)
{
- gnutls_pk_params_release(&session->key.proto.tls12.ecdh.params);
- gnutls_pk_params_release(&session->key.proto.tls12.dh.params);
+ const version_entry_st *vers = get_version(session);
- gnutls_pk_params_release(&session->key.proto.kshare.ecdhx_params);
- gnutls_pk_params_release(&session->key.proto.kshare.ecdh_params);
- gnutls_pk_params_release(&session->key.proto.kshare.dh_params);
-
- zrelease_temp_mpi_key(&session->key.proto.tls12.ecdh.x);
- zrelease_temp_mpi_key(&session->key.proto.tls12.ecdh.y);
- _gnutls_free_temp_key_datum(&session->key.proto.tls12.ecdh.raw);
-
- zrelease_temp_mpi_key(&session->key.proto.tls12.dh.client_Y);
-
- /* SRP */
- zrelease_temp_mpi_key(&session->key.proto.tls12.srp.srp_p);
- zrelease_temp_mpi_key(&session->key.proto.tls12.srp.srp_g);
- zrelease_temp_mpi_key(&session->key.proto.tls12.srp.srp_key);
+ if (vers == NULL)
+ return;
- zrelease_temp_mpi_key(&session->key.proto.tls12.srp.u);
- zrelease_temp_mpi_key(&session->key.proto.tls12.srp.a);
- zrelease_temp_mpi_key(&session->key.proto.tls12.srp.x);
- zrelease_temp_mpi_key(&session->key.proto.tls12.srp.A);
- zrelease_temp_mpi_key(&session->key.proto.tls12.srp.B);
- zrelease_temp_mpi_key(&session->key.proto.tls12.srp.b);
+ gnutls_pk_params_release(&session->key.kshare.ecdhx_params);
+ gnutls_pk_params_release(&session->key.kshare.ecdh_params);
+ gnutls_pk_params_release(&session->key.kshare.dh_params);
+
+ if (!vers->tls13_sem) {
+ gnutls_pk_params_release(&session->key.proto.tls12.ecdh.params);
+ gnutls_pk_params_release(&session->key.proto.tls12.dh.params);
+ zrelease_temp_mpi_key(&session->key.proto.tls12.ecdh.x);
+ zrelease_temp_mpi_key(&session->key.proto.tls12.ecdh.y);
+ _gnutls_free_temp_key_datum(&session->key.proto.tls12.ecdh.raw);
+
+ zrelease_temp_mpi_key(&session->key.proto.tls12.dh.client_Y);
+
+ /* SRP */
+ zrelease_temp_mpi_key(&session->key.proto.tls12.srp.srp_p);
+ zrelease_temp_mpi_key(&session->key.proto.tls12.srp.srp_g);
+ zrelease_temp_mpi_key(&session->key.proto.tls12.srp.srp_key);
+
+ zrelease_temp_mpi_key(&session->key.proto.tls12.srp.u);
+ zrelease_temp_mpi_key(&session->key.proto.tls12.srp.a);
+ zrelease_temp_mpi_key(&session->key.proto.tls12.srp.x);
+ zrelease_temp_mpi_key(&session->key.proto.tls12.srp.A);
+ zrelease_temp_mpi_key(&session->key.proto.tls12.srp.B);
+ zrelease_temp_mpi_key(&session->key.proto.tls12.srp.b);
+ } else {
+ gnutls_memset(session->key.proto.tls13.temp_secret, 0,
+ sizeof(session->key.proto.tls13.temp_secret));
+ gnutls_memset(session->key.proto.tls13.hs_ckey, 0,
+ sizeof(session->key.proto.tls13.hs_ckey));
+ gnutls_memset(session->key.proto.tls13.hs_skey, 0,
+ sizeof(session->key.proto.tls13.hs_skey));
+ }
_gnutls_free_temp_key_datum(&session->key.key);
- _gnutls_free_temp_key_datum(&session->key.key);
}
/* An internal version of _gnutls_handshake_internal_state_clear(),
/* we rely on priorities' internal reference counting */
gnutls_priority_deinit(session->internals.priorities);
+ /* overwrite any temp TLS1.3 keys */
+ gnutls_memset(&session->key.proto, 0, sizeof(session->key.proto));
+
gnutls_free(session);
}
unsigned hash_size = session->security_parameters.prf->output_size;
if (session->security_parameters.entity == GNUTLS_CLIENT)
- base_key = session->key.proto.kshare.hs_skey;
+ base_key = session->key.proto.tls13.hs_skey;
else
- base_key = session->key.proto.kshare.hs_ckey;
+ base_key = session->key.proto.tls13.hs_ckey;
ret = _tls13_expand_secret(session, "finished", 8, NULL, 0, base_key,
hash_size, fkey);
if (again == 0) {
if (session->security_parameters.entity == GNUTLS_CLIENT)
- base_key = session->key.proto.kshare.hs_ckey;
+ base_key = session->key.proto.tls13.hs_ckey;
else
- base_key = session->key.proto.kshare.hs_skey;
+ base_key = session->key.proto.tls13.hs_skey;
ret = _tls13_expand_secret(session, "finished", 8, NULL, 0, base_key,
hash_size, fkey);
{
int ret;
- ret = _tls13_update_secret(session, session->key.proto.kshare.temp_secret,
- session->key.proto.kshare.temp_secret_size);
+ ret = _tls13_update_secret(session, session->key.proto.tls13.temp_secret,
+ session->key.proto.tls13.temp_secret_size);
if (ret < 0)
return gnutls_assert_val(ret);
projects / thirdparty / gnutls.git / commitdiff
