mirror of
https://github.com/cuberite/polarssl.git
synced 2025-10-30 19:20:40 -04:00
Don't use 48 as a magic number in ssl_derive_keys()
In multiple places, it occurrs as the fixed length of the master secret, so use a constant with a descriptive name instead. This is reinforced by the fact the some further occurrences of '48' are semantically different.
This commit is contained in:
Hanno Becker
parent
c1385c104f
commit
f9ed7d5f76
@ -643,6 +643,10 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
|||||||
const mbedtls_cipher_info_t *cipher_info;
|
const mbedtls_cipher_info_t *cipher_info;
|
||||||
const mbedtls_md_info_t *md_info;
|
const mbedtls_md_info_t *md_info;
|
||||||
|
|
||||||
|
/* cf. RFC 5246, Section 8.1:
|
||||||
|
* "The master secret is always exactly 48 bytes in length." */
|
||||||
|
size_t const master_secret_len = 48;
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
|
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
|
||||||
unsigned char session_hash[48];
|
unsigned char session_hash[48];
|
||||||
#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
|
#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
|
||||||
@ -807,14 +811,15 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
|||||||
salt, salt_len,
|
salt, salt_len,
|
||||||
(unsigned char const *) lbl,
|
(unsigned char const *) lbl,
|
||||||
(size_t) strlen( lbl ),
|
(size_t) strlen( lbl ),
|
||||||
48 );
|
master_secret_len );
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
{
|
{
|
||||||
psa_generator_abort( &generator );
|
psa_generator_abort( &generator );
|
||||||
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
|
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
|
||||||
}
|
}
|
||||||
|
|
||||||
status = psa_generator_read( &generator, session->master, 48 );
|
status = psa_generator_read( &generator, session->master,
|
||||||
|
master_secret_len );
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
{
|
{
|
||||||
psa_generator_abort( &generator );
|
psa_generator_abort( &generator );
|
||||||
@ -830,7 +835,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
|||||||
{
|
{
|
||||||
ret = handshake->tls_prf( handshake->premaster, handshake->pmslen,
|
ret = handshake->tls_prf( handshake->premaster, handshake->pmslen,
|
||||||
lbl, salt, salt_len,
|
lbl, salt, salt_len,
|
||||||
session->master, 48 );
|
session->master,
|
||||||
|
master_secret_len );
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret );
|
MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret );
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user