unsigned char *outsecret)
{
size_t mdlen, prevsecretlen;
+ int mdleni;
int ret;
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
static const char derived_secret_label[] = "derived";
return 0;
}
- mdlen = EVP_MD_size(md);
+ mdleni = EVP_MD_size(md);
+ /* Ensure cast to size_t is safe */
+ if (!ossl_assert(mdleni >= 0)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+ mdlen = (size_t)mdleni;
if (insecret == NULL) {
insecret = default_zeros;
goto err;
}
- if (str == s->method->ssl3_enc->server_finished_label)
+ if (str == s->method->ssl3_enc->server_finished_label) {
key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL,
s->server_finished_secret, hashlen);
- else
+ } else if (SSL_IS_FIRST_HANDSHAKE(s)) {
key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL,
s->client_finished_secret, hashlen);
+ } else {
+ unsigned char finsecret[EVP_MAX_MD_SIZE];
+
+ if (!tls13_derive_finishedkey(s, ssl_handshake_md(s),
+ s->client_app_traffic_secret,
+ finsecret, hashlen))
+ goto err;
+
+ key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, finsecret,
+ hashlen);
+ }
if (key == NULL
|| ctx == NULL
{
unsigned char key[EVP_MAX_KEY_LENGTH];
size_t ivlen, keylen, taglen;
- size_t hashlen = EVP_MD_size(md);
+ int hashleni = EVP_MD_size(md);
+ size_t hashlen;
+
+ /* Ensure cast to size_t is safe */
+ if (!ossl_assert(hashleni >= 0)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DERIVE_SECRET_KEY_AND_IV,
+ ERR_R_EVP_LIB);
+ goto err;
+ }
+ hashlen = (size_t)hashleni;
if (!tls13_hkdf_expand(s, md, insecret, label, labellen, hash, hashlen,
secret, hashlen)) {
if (!tls13_hkdf_expand(s, ssl_handshake_md(s), insecret,
resumption_master_secret,
sizeof(resumption_master_secret) - 1,
- hashval, hashlen, s->session->master_key,
+ hashval, hashlen, s->resumption_master_secret,
hashlen)) {
/* SSLfatal() already called */
goto err;
}
- s->session->master_key_length = hashlen;
}
if (!derive_secret_key_and_iv(s, which & SSL3_CC_WRITE, md, cipher,