diff options
| author | Sahana Prasad <sahana@redhat.com> | 2020-09-14 13:09:00 +0200 |
|---|---|---|
| committer | Sahana Prasad <sahana@redhat.com> | 2020-09-17 13:30:50 +0200 |
| commit | 8384f82c961be65fee01556b168e3bf1b375e5f5 (patch) | |
| tree | cd0e6a70aeb5ae0f6b31e39bb28830eee7d6aed0 | |
| parent | 7a1eed1befab3ea49667bdd24eabe3e5262ec77d (diff) | |
| download | gnutls-8384f82c961be65fee01556b168e3bf1b375e5f5.tar.gz | |
Modifies P_hash() to hash the seed and label separately
Thereby not restricting the implementation of prf to MAX_SEED_SIZE
MAX_SEED_SIZE is not used anymore
Signed-off-by: Sahana Prasad <sahana@redhat.com>
| -rw-r--r-- | lib/nettle/int/tls1-prf.c | 26 | ||||
| -rw-r--r-- | lib/nettle/int/tls1-prf.h | 1 |
2 files changed, 8 insertions, 19 deletions
diff --git a/lib/nettle/int/tls1-prf.c b/lib/nettle/int/tls1-prf.c index 6763d76cc9..19ca5d34dc 100644 --- a/lib/nettle/int/tls1-prf.c +++ b/lib/nettle/int/tls1-prf.c @@ -48,6 +48,7 @@ P_hash( void *mac_ctx, nettle_hash_digest_func *digest, size_t digest_size, size_t seed_size, const uint8_t *seed, + size_t label_size, const char *label, size_t dst_length, uint8_t *dst) { @@ -60,6 +61,7 @@ P_hash( void *mac_ctx, while(left > 0) { if (started == 0) { /* A(0) */ + update(mac_ctx, label_size, (const uint8_t *)label); /* hash label */ update(mac_ctx, seed_size, seed); started = 1; } else { @@ -68,6 +70,7 @@ P_hash( void *mac_ctx, digest(mac_ctx, digest_size, Atmp); /* store A(i) */ update(mac_ctx, digest_size, Atmp); /* hash A(i) */ + update(mac_ctx, label_size, (const uint8_t *)label); /* hash label */ update(mac_ctx, seed_size, seed); /* hash seed */ if (left < (ssize_t)digest_size) @@ -88,19 +91,15 @@ tls10_prf(size_t secret_size, const uint8_t *secret, size_t seed_size, const uint8_t *seed, size_t length, uint8_t *dst) { - int l_s, cseed_size = seed_size + label_size; + int l_s; const uint8_t *s1, *s2; struct hmac_md5_ctx md5_ctx; struct hmac_sha1_ctx sha1_ctx; uint8_t o1[MAX_PRF_BYTES]; - uint8_t cseed[MAX_SEED_SIZE]; - if (cseed_size > MAX_SEED_SIZE || length > MAX_PRF_BYTES) + if (length > MAX_PRF_BYTES) return 0; - memcpy(cseed, label, label_size); - memcpy(&cseed[label_size], seed, seed_size); - l_s = secret_size / 2; s1 = &secret[0]; s2 = &secret[l_s]; @@ -113,14 +112,14 @@ tls10_prf(size_t secret_size, const uint8_t *secret, P_hash(&md5_ctx, (nettle_hash_update_func*)hmac_md5_update, (nettle_hash_digest_func*)hmac_md5_digest, MD5_DIGEST_SIZE, - cseed_size, cseed, length, o1); + seed_size, seed, label_size, label, length, o1); hmac_sha1_set_key(&sha1_ctx, l_s, s2); P_hash(&sha1_ctx, (nettle_hash_update_func*)hmac_sha1_update, (nettle_hash_digest_func*)hmac_sha1_digest, SHA1_DIGEST_SIZE, - cseed_size, cseed, length, dst); + seed_size, seed, label_size, label, length, dst); memxor(dst, o1, length); @@ -153,17 +152,8 @@ tls12_prf(void *mac_ctx, size_t seed_size, const uint8_t *seed, size_t length, uint8_t *dst) { - size_t cseed_size = seed_size + label_size; - uint8_t cseed[MAX_SEED_SIZE]; - - if (cseed_size > MAX_SEED_SIZE) - return 0; - - memcpy(cseed, label, label_size); - memcpy(&cseed[label_size], seed, seed_size); - P_hash(mac_ctx, update, digest, digest_size, - cseed_size, cseed, length, dst); + seed_size, seed, label_size, label, length, dst); return 1; } diff --git a/lib/nettle/int/tls1-prf.h b/lib/nettle/int/tls1-prf.h index f5d9c82702..e79d1c8639 100644 --- a/lib/nettle/int/tls1-prf.h +++ b/lib/nettle/int/tls1-prf.h @@ -25,7 +25,6 @@ #include <nettle/nettle-meta.h> -#define MAX_SEED_SIZE 200 #define MAX_PRF_BYTES 200 /* Namespace mangling */ |