diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index b568f3fd89..4fe1d5c65e 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -858,20 +858,23 @@ int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl, mbedtls_md_info_t const *md_info; size_t md_size; - unsigned char transcript[MBEDTLS_MD_MAX_SIZE]; + unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE]; size_t transcript_len; mbedtls_cipher_info_t const *cipher_info; size_t keylen, ivlen; + mbedtls_ssl_handshake_params *handshake = ssl->handshake; + const mbedtls_ssl_ciphersuite_t *ciphersuite_info = handshake->ciphersuite_info; + mbedtls_ssl_tls1_3_handshake_secrets *tls13_hs_secrets = &handshake->tls13_hs_secrets; + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls13_generate_handshake_keys" ) ); - cipher_info = mbedtls_cipher_info_from_type( - ssl->handshake->ciphersuite_info->cipher ); + cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher ); keylen = cipher_info->key_bitlen >> 3; ivlen = cipher_info->iv_size; - md_type = ssl->handshake->ciphersuite_info->mac; + md_type = ciphersuite_info->mac; md_info = mbedtls_md_info_from_type( md_type ); md_size = mbedtls_md_get_size( md_info ); @@ -888,9 +891,8 @@ int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl, } ret = mbedtls_ssl_tls1_3_derive_handshake_secrets( md_type, - ssl->handshake->tls1_3_master_secrets.handshake, - transcript, transcript_len, - &ssl->handshake->tls13_hs_secrets ); + handshake->tls1_3_master_secrets.handshake, + transcript, transcript_len, tls13_hs_secrets ); if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_derive_handshake_secrets", @@ -899,11 +901,10 @@ int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl, } MBEDTLS_SSL_DEBUG_BUF( 4, "Client handshake traffic secret", - ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret, + tls13_hs_secrets->client_handshake_traffic_secret, md_size ); - MBEDTLS_SSL_DEBUG_BUF( 4, "Server handshake traffic secret", - ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret, + tls13_hs_secrets->server_handshake_traffic_secret, md_size ); /* @@ -914,27 +915,26 @@ int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl, { ssl->f_export_keys( ssl->p_export_keys, MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_HANDSHAKE_TRAFFIC_SECRET, - ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret, + tls13_hs_secrets->client_handshake_traffic_secret, md_size, - ssl->handshake->randbytes + 32, - ssl->handshake->randbytes, + handshake->randbytes + 32, + handshake->randbytes, MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ ); ssl->f_export_keys( ssl->p_export_keys, MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_HANDSHAKE_TRAFFIC_SECRET, - ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret, + tls13_hs_secrets->server_handshake_traffic_secret, md_size, - ssl->handshake->randbytes + 32, - ssl->handshake->randbytes, + handshake->randbytes + 32, + handshake->randbytes, MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ ); } #endif /* MBEDTLS_SSL_EXPORT_KEYS */ ret = mbedtls_ssl_tls1_3_make_traffic_keys( md_type, - ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret, - ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret, - md_size, - keylen, ivlen, traffic_keys ); + tls13_hs_secrets->client_handshake_traffic_secret, + tls13_hs_secrets->server_handshake_traffic_secret, + md_size, keylen, ivlen, traffic_keys ); if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_make_traffic_keys", ret );