From 334c367052d739e22b14fcbf41630c9461b8cb8d Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Mon, 12 Aug 2024 11:20:39 +0200 Subject: [PATCH] Simplify mbedtls_ssl_tls13_exporter RFC 8446 made it look like we can't use Derive-Secret for the second step, but actually, Transcript-Hash and Hash are the same thing, so we can. Signed-off-by: Max Fillinger --- library/ssl_tls13_keys.c | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 38b342ea8b..e2ddaa7086 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1832,26 +1832,17 @@ int mbedtls_ssl_tls13_exporter(const psa_algorithm_t hash_alg, { size_t hash_len = PSA_HASH_LENGTH(hash_alg); unsigned char hkdf_secret[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - unsigned char hashed_context[PSA_HASH_MAX_SIZE]; - size_t hashed_context_len = 0; int ret = 0; - psa_status_t status = 0; ret = mbedtls_ssl_tls13_derive_secret(hash_alg, secret, secret_len, label, label_len, NULL, 0, MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, hkdf_secret, hash_len); if (ret != 0) { goto exit; } - - status = psa_hash_compute(hash_alg, context_value, context_len, hashed_context, hash_len, &hashed_context_len); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto exit; - } - ret = mbedtls_ssl_tls13_hkdf_expand_label(hash_alg, hkdf_secret, hash_len, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(exporter), - hashed_context, hashed_context_len, - out, out_len); + ret = mbedtls_ssl_tls13_derive_secret(hash_alg, hkdf_secret, hash_len, + MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(exporter), + context_value, context_len, MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, + out, out_len); exit: mbedtls_platform_zeroize(hkdf_secret, sizeof(hkdf_secret));