diff options
| author | Michael Brown <mcb30@ipxe.org> | 2022-10-06 16:06:44 +0100 |
|---|---|---|
| committer | Michael Brown <mcb30@ipxe.org> | 2022-10-11 14:37:12 +0100 |
| commit | 1a7317e7d46f134f21244f6d272f90648beda4e7 (patch) | |
| tree | f9b9183152d4485a0e7277bcdb940268c08e7991 | |
| parent | 18b861024ad542bd6df337dfb10a84e04173040f (diff) | |
| download | ipxe-1a7317e7d46f134f21244f6d272f90648beda4e7.zip ipxe-1a7317e7d46f134f21244f6d272f90648beda4e7.tar.gz ipxe-1a7317e7d46f134f21244f6d272f90648beda4e7.tar.bz2 | |
[tls] Generate master secret at point of sending ClientKeyExchange
The master secret is currently constructed upon receiving the
ServerHello message. This precludes the use of key exchange
mechanisms such as Ephemeral Diffie-Hellman (DHE), which require a
ServerKeyExchange message to exchange additional key material before
the pre-master secret and master secret can be constructed.
Allow for the use of such cipher suites by deferring generation of the
master secret until the point of sending the ClientKeyExchange
message.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
| -rw-r--r-- | src/net/tls.c | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/src/net/tls.c b/src/net/tls.c index 21f7073..89ed6fc 100644 --- a/src/net/tls.c +++ b/src/net/tls.c @@ -1220,6 +1220,16 @@ static int tls_send_client_key_exchange ( struct tls_connection *tls ) { int len; int rc; + /* Generate master secret */ + tls_generate_master_secret ( tls ); + + /* Generate keys */ + if ( ( rc = tls_generate_keys ( tls ) ) != 0 ) { + DBGC ( tls, "TLS %p could not generate keys: %s\n", + tls, strerror ( rc ) ); + return rc; + } + /* Encrypt pre-master secret using server's public key */ memset ( &key_xchg, 0, sizeof ( key_xchg ) ); len = pubkey_encrypt ( pubkey, cipherspec->pubkey_ctx, @@ -1622,7 +1632,7 @@ static int tls_new_server_hello ( struct tls_connection *tls, if ( ( rc = tls_select_cipher ( tls, hello_b->cipher_suite ) ) != 0 ) return rc; - /* Reuse or generate master secret */ + /* Check session ID */ if ( hello_a->session_id_len && ( hello_a->session_id_len == tls->session_id_len ) && ( memcmp ( session_id, tls->session_id, @@ -1631,12 +1641,11 @@ static int tls_new_server_hello ( struct tls_connection *tls, /* Session ID match: reuse master secret */ DBGC ( tls, "TLS %p resuming session ID:\n", tls ); DBGC_HDA ( tls, 0, tls->session_id, tls->session_id_len ); + if ( ( rc = tls_generate_keys ( tls ) ) != 0 ) + return rc; } else { - /* Generate new master secret */ - tls_generate_master_secret ( tls ); - /* Record new session ID, if present */ if ( hello_a->session_id_len && ( hello_a->session_id_len <= sizeof ( tls->session_id ))){ @@ -1649,10 +1658,6 @@ static int tls_new_server_hello ( struct tls_connection *tls, } } - /* Generate keys */ - if ( ( rc = tls_generate_keys ( tls ) ) != 0 ) - return rc; - /* Handle secure renegotiation */ if ( tls->secure_renegotiation ) { |