From: Matt Caswell <matt@openssl.org>
Date: Wed, 3 May 2017 11:11:41 +0000 (+0100)
Subject: Update the HKDF labels for draft-20
X-Git-Tag: OpenSSL_1_1_1-pre1~1598
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=17aa119e7be1894cddedbe4d8668c3f530f95105

Update the HKDF labels for draft-20

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3371)
---

diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index f892675c0b..847ff139a4 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -1187,7 +1187,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
     EVP_MD_CTX *mctx = NULL;
     unsigned char hash[EVP_MAX_MD_SIZE], binderkey[EVP_MAX_MD_SIZE];
     unsigned char finishedkey[EVP_MAX_MD_SIZE], tmpbinder[EVP_MAX_MD_SIZE];
-    const char resumption_label[] = "resumption psk binder key";
+    const char resumption_label[] = "res binder";
     size_t bindersize, hashsize = EVP_MD_size(md);
     int ret = -1;
 
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index 9030d1a292..255bc96ac1 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -28,7 +28,7 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
                              const unsigned char *hash,
                              unsigned char *out, size_t outlen)
 {
-    const unsigned char label_prefix[] = "TLS 1.3, ";
+    const unsigned char label_prefix[] = "tls13 ";
     EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
     int ret;
     size_t hkdflabellen;
@@ -124,7 +124,7 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md,
     size_t mdlen, prevsecretlen;
     int ret;
     EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
-    static const char derived_secret_label[] = "derived secret";
+    static const char derived_secret_label[] = "derived";
     unsigned char preextractsec[EVP_MAX_MD_SIZE];
 
     if (pctx == NULL)
@@ -343,18 +343,12 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md,
 
 int tls13_change_cipher_state(SSL *s, int which)
 {
-    static const unsigned char client_early_traffic[] =
-        "client early traffic secret";
-    static const unsigned char client_handshake_traffic[] =
-        "client handshake traffic secret";
-    static const unsigned char client_application_traffic[] =
-        "client application traffic secret";
-    static const unsigned char server_handshake_traffic[] =
-        "server handshake traffic secret";
-    static const unsigned char server_application_traffic[] =
-        "server application traffic secret";
-    static const unsigned char resumption_master_secret[] =
-        "resumption master secret";
+    static const unsigned char client_early_traffic[] = "c e traffic";
+    static const unsigned char client_handshake_traffic[] = "c hs traffic";
+    static const unsigned char client_application_traffic[] = "c ap traffic";
+    static const unsigned char server_handshake_traffic[] = "s hs traffic";
+    static const unsigned char server_application_traffic[] = "s ap traffic";
+    static const unsigned char resumption_master_secret[] = "res master";
     unsigned char *iv;
     unsigned char secret[EVP_MAX_MD_SIZE];
     unsigned char hashval[EVP_MAX_MD_SIZE];
@@ -559,8 +553,7 @@ int tls13_change_cipher_state(SSL *s, int which)
 
 int tls13_update_key(SSL *s, int sending)
 {
-    static const unsigned char application_traffic[] =
-        "application traffic secret";
+    static const unsigned char application_traffic[] = "traffic upd";
     const EVP_MD *md = ssl_handshake_md(s);
     size_t hashlen = EVP_MD_size(md);
     unsigned char *insecret, *iv;