From 58e06430e7416571ee978a615b3d128ae8bd4456 Mon Sep 17 00:00:00 2001 From: Todd Short Date: Fri, 30 Aug 2019 11:38:56 -0400 Subject: [PATCH] Tweeks to quic_change_cipher_state() --- ssl/tls13_enc.c | 69 +++++++++++++++++-------------------------------- 1 file changed, 24 insertions(+), 45 deletions(-) diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index ff75a5e4477e3..10b05ec2ebcee 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -475,33 +475,18 @@ static int quic_change_cipher_state(SSL *s, int which) } hashlen = (size_t)hashleni; - if (is_handshake) - level = ssl_encryption_handshake; - else - level = ssl_encryption_application; - if (is_client_read || is_server_write) { if (is_handshake) { level = ssl_encryption_handshake; if (!tls13_hkdf_expand(s, md, s->handshake_secret, client_handshake_traffic, sizeof(client_handshake_traffic)-1, hash, hashlen, - s->client_hand_traffic_secret, hashlen, 1)) { - /* SSLfatal() already called */ - goto err; - } - if (!ssl_log_secret(s, CLIENT_HANDSHAKE_LABEL, s->client_hand_traffic_secret, hashlen)) { - /* SSLfatal() already called */ - goto err; - } - - if (!tls13_hkdf_expand(s, md, s->handshake_secret, server_handshake_traffic, - sizeof(server_handshake_traffic)-1, hash, hashlen, - s->server_hand_traffic_secret, hashlen, 1)) { - /* SSLfatal() already called */ - goto err; - } - if (!ssl_log_secret(s, SERVER_HANDSHAKE_LABEL, s->server_hand_traffic_secret, hashlen)) { + s->client_hand_traffic_secret, hashlen, 1) + || !ssl_log_secret(s, CLIENT_HANDSHAKE_LABEL, s->client_hand_traffic_secret, hashlen) + || !tls13_hkdf_expand(s, md, s->handshake_secret, server_handshake_traffic, + sizeof(server_handshake_traffic)-1, hash, hashlen, + s->server_hand_traffic_secret, hashlen, 1) + || !ssl_log_secret(s, SERVER_HANDSHAKE_LABEL, s->server_hand_traffic_secret, hashlen)) { /* SSLfatal() already called */ goto err; } @@ -510,26 +495,20 @@ static int quic_change_cipher_state(SSL *s, int which) if (!tls13_hkdf_expand(s, md, s->master_secret, client_application_traffic, sizeof(client_application_traffic)-1, hash, hashlen, - s->client_app_traffic_secret, hashlen, 1)) { - /* SSLfatal() already called */ - goto err; - } - if (!ssl_log_secret(s, CLIENT_APPLICATION_LABEL, s->client_app_traffic_secret, hashlen)) { - /* SSLfatal() already called */ - goto err; - } - - if (!tls13_hkdf_expand(s, md, s->master_secret, server_application_traffic, - sizeof(server_application_traffic)-1, hash, hashlen, - s->server_app_traffic_secret, hashlen, 1)) { - /* SSLfatal() already called */ - goto err; - } - if (!ssl_log_secret(s, SERVER_APPLICATION_LABEL, s->server_app_traffic_secret, hashlen)) { + s->client_app_traffic_secret, hashlen, 1) + || !ssl_log_secret(s, CLIENT_APPLICATION_LABEL, s->client_app_traffic_secret, hashlen) + || !tls13_hkdf_expand(s, md, s->master_secret, server_application_traffic, + sizeof(server_application_traffic)-1, hash, hashlen, + s->server_app_traffic_secret, hashlen, 1) + || !ssl_log_secret(s, SERVER_APPLICATION_LABEL, s->server_app_traffic_secret, hashlen)) { /* SSLfatal() already called */ goto err; } } + if (!quic_set_encryption_secrets(s, level)) { + /* SSLfatal() already called */ + goto err; + } if (s->server) s->quic_write_level = level; else @@ -540,24 +519,24 @@ static int quic_change_cipher_state(SSL *s, int which) if (!tls13_hkdf_expand(s, md, s->early_secret, client_early_traffic, sizeof(client_early_traffic)-1, hash, hashlen, - s->client_early_traffic_secret, hashlen, 1)) { - /* SSLfatal() already called */ - goto err; - } - if (!ssl_log_secret(s, CLIENT_EARLY_LABEL, s->client_early_traffic_secret, hashlen)) { + s->client_early_traffic_secret, hashlen, 1) + || !ssl_log_secret(s, CLIENT_EARLY_LABEL, s->client_early_traffic_secret, hashlen) + || !quic_set_encryption_secrets(s, level)) { /* SSLfatal() already called */ goto err; } + } else if (is_handshake) { + level = ssl_encryption_handshake; + } else { + level = ssl_encryption_application; } + if (s->server) s->quic_read_level = level; else s->quic_write_level = level; } - if (level != ssl_encryption_initial && !quic_set_encryption_secrets(s, level)) - goto err; - ret = 1; err: return ret;