Skip to content

Commit abb6f39

Browse files
committed
New method to get QUIC secret length
1 parent 05fdae9 commit abb6f39

File tree

3 files changed

+27
-8
lines changed

3 files changed

+27
-8
lines changed

ssl/ssl_locl.h

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1584,7 +1584,6 @@ struct ssl_st {
15841584
QUIC_DATA *quic_input_data_head;
15851585
QUIC_DATA *quic_input_data_tail;
15861586
const SSL_QUIC_METHOD *quic_method;
1587-
size_t quic_len;
15881587
#endif
15891588
/*
15901589
* Parsed form of the ClientHello, kept around across client_hello_cb

ssl/ssl_quic.c

Lines changed: 27 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -181,6 +181,8 @@ int quic_set_encryption_secrets(SSL *ssl, OSSL_ENCRYPTION_LEVEL level)
181181
{
182182
uint8_t *read_secret = NULL;
183183
uint8_t *write_secret = NULL;
184+
size_t len;
185+
const EVP_MD *md;
184186
static const unsigned char zeros[EVP_MAX_MD_SIZE];
185187

186188
if (!SSL_IS_QUIC(ssl))
@@ -202,22 +204,43 @@ int quic_set_encryption_secrets(SSL *ssl, OSSL_ENCRYPTION_LEVEL level)
202204
default:
203205
return 1;
204206
}
207+
208+
md = ssl_handshake_md(ssl);
209+
if (md == NULL) {
210+
/* May not have selected cipher, yet */
211+
const SSL_CIPHER *c = NULL;
212+
213+
if (ssl->session != NULL)
214+
c = SSL_SESSION_get0_cipher(ssl->session);
215+
else if (ssl->psksession != NULL)
216+
c = SSL_SESSION_get0_cipher(ssl->psksession);
217+
218+
if (c != NULL)
219+
md = SSL_CIPHER_get_handshake_digest(c);
220+
}
221+
222+
if ((len = EVP_MD_size(md)) <= 0) {
223+
SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, SSL_F_QUIC_SET_ENCRYPTION_SECRETS,
224+
ERR_R_INTERNAL_ERROR);
225+
return 0;
226+
}
227+
205228
/* In some cases, we want to set the secret only when BOTH are non-zero */
206229
if (read_secret != NULL && write_secret != NULL
207-
&& !memcmp(read_secret, zeros, ssl->quic_len)
208-
&& !memcmp(write_secret, zeros, ssl->quic_len))
230+
&& !memcmp(read_secret, zeros, len)
231+
&& !memcmp(write_secret, zeros, len))
209232
return 1;
210233

211234
if (ssl->server) {
212235
if (!ssl->quic_method->set_encryption_secrets(ssl, level, read_secret,
213-
write_secret, ssl->quic_len)) {
236+
write_secret, len)) {
214237
SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, SSL_F_QUIC_SET_ENCRYPTION_SECRETS,
215238
ERR_R_INTERNAL_ERROR);
216239
return 0;
217240
}
218241
} else {
219242
if (!ssl->quic_method->set_encryption_secrets(ssl, level, write_secret,
220-
read_secret, ssl->quic_len)) {
243+
read_secret, len)) {
221244
SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, SSL_F_QUIC_SET_ENCRYPTION_SECRETS,
222245
ERR_R_INTERNAL_ERROR);
223246
return 0;

ssl/tls13_enc.c

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -569,9 +569,6 @@ int tls13_change_cipher_state(SSL *s, int which)
569569
goto err;
570570
}
571571
hashlen = hashlenui;
572-
#ifndef OPENSSL_NO_QUIC
573-
s->quic_len = hashlen;
574-
#endif
575572
EVP_MD_CTX_free(mdctx);
576573

577574
if (!tls13_hkdf_expand(s, md, insecret,

0 commit comments

Comments
 (0)