New method to get QUIC secret length

tmshort · Aug 30, 2019 · abb6f39 · abb6f39
1 parent 05fdae9
commit abb6f39
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 8 deletions.
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
@@ -1584,7 +1584,6 @@ struct ssl_st {
     QUIC_DATA *quic_input_data_head;
     QUIC_DATA *quic_input_data_tail;
     const SSL_QUIC_METHOD *quic_method;
-    size_t quic_len;
 #endif
     /*
      * Parsed form of the ClientHello, kept around across client_hello_cb

diff --git a/ssl/ssl_quic.c b/ssl/ssl_quic.c
@@ -181,6 +181,8 @@ int quic_set_encryption_secrets(SSL *ssl, OSSL_ENCRYPTION_LEVEL level)
 {
     uint8_t *read_secret = NULL;
     uint8_t *write_secret = NULL;
+    size_t len;
+    const EVP_MD *md;
     static const unsigned char zeros[EVP_MAX_MD_SIZE];
 
     if (!SSL_IS_QUIC(ssl))
@@ -202,22 +204,43 @@ int quic_set_encryption_secrets(SSL *ssl, OSSL_ENCRYPTION_LEVEL level)
     default:
         return 1;
     }
+
+    md = ssl_handshake_md(ssl);
+    if (md == NULL) {
+        /* May not have selected cipher, yet */
+        const SSL_CIPHER *c = NULL;
+
+        if (ssl->session != NULL)
+            c = SSL_SESSION_get0_cipher(ssl->session);
+        else if (ssl->psksession != NULL)
+            c = SSL_SESSION_get0_cipher(ssl->psksession);
+
+        if (c != NULL)
+            md = SSL_CIPHER_get_handshake_digest(c);
+    }
+
+    if ((len = EVP_MD_size(md)) <= 0) {
+        SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, SSL_F_QUIC_SET_ENCRYPTION_SECRETS,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
     /* In some cases, we want to set the secret only when BOTH are non-zero */
     if (read_secret != NULL && write_secret != NULL
-            && !memcmp(read_secret, zeros, ssl->quic_len)
-            && !memcmp(write_secret, zeros, ssl->quic_len))
+            && !memcmp(read_secret, zeros, len)
+            && !memcmp(write_secret, zeros, len))
         return 1;
 
     if (ssl->server) {
         if (!ssl->quic_method->set_encryption_secrets(ssl, level, read_secret,
-                                                      write_secret, ssl->quic_len)) {
+                                                      write_secret, len)) {
             SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, SSL_F_QUIC_SET_ENCRYPTION_SECRETS,
                      ERR_R_INTERNAL_ERROR);
             return 0;
         }
     } else {
         if (!ssl->quic_method->set_encryption_secrets(ssl, level, write_secret,
-                                                      read_secret, ssl->quic_len)) {
+                                                      read_secret, len)) {
             SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, SSL_F_QUIC_SET_ENCRYPTION_SECRETS,
                      ERR_R_INTERNAL_ERROR);
             return 0;

diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
@@ -569,9 +569,6 @@ int tls13_change_cipher_state(SSL *s, int which)
                 goto err;
             }
             hashlen = hashlenui;
-#ifndef OPENSSL_NO_QUIC
-            s->quic_len = hashlen;
-#endif
             EVP_MD_CTX_free(mdctx);
 
             if (!tls13_hkdf_expand(s, md, insecret,