Google Git
Sign in
boringssl/boringssl.git/5351c8bf3865b85eae085c86338db31ff16dd8c7^!/./ssl/ssl_asn1.cc
commit
5351c8bf3865b85eae085c86338db31ff16dd8c7
[log]
author
David Benjamin <davidben@google.com>
Thu Nov 19 00:25:29 2020 -0500
committer
Adam Langley <agl@google.com>
Thu Nov 19 13:33:42 2020 +0000
tree
cfbe585a98b9d79858ffc0b8457d99d3964f93f1
parent
0a6bfa36c932fbf6bf8d8cc8611d499a6f2d9b5d [diff] [blame]
Rename the master_key field in SSL_SESSION to secret.

It's not even accurate. The term "master key" dates to SSL 2, which we
do not implement. (Starting SSL 3, "key" was replaced with "secret".)
The field stores, at various points, the TLS 1.2 master secret, the TLS
1.3 resumption master secret, and the TLS 1.3 resumption PSK. Simply
rename the field to 'secret', which is as descriptive of a name as we
can get at this point.

I've left SSL_SESSION_get_master_key alone for now, as it's there for
OpenSSL compatibility, as well as references to the various TLS secrets
since those refer to concepts in the spec. (When the dust settles a bit
on rfc8446bis, we can fix those.)

Change-Id: I3c1007eb7982788789cc5db851de8724c7f35baf
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44144
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/ssl/ssl_asn1.cc b/ssl/ssl_asn1.cc
index 0e91308..27bc310 100644
--- a/ssl/ssl_asn1.cc
+++ b/ssl/ssl_asn1.cc

@@ -105,7 +105,7 @@
 //     sslVersion                  INTEGER,      -- protocol version number
 //     cipher                      OCTET STRING, -- two bytes long
 //     sessionID                   OCTET STRING,
-//     masterKey                   OCTET STRING,
+//     secret                      OCTET STRING,
 //     time                    [1] INTEGER, -- seconds since UNIX epoch
 //     timeout                 [2] INTEGER, -- in seconds
 //     peer                    [3] Certificate OPTIONAL,
@@ -218,8 +218,7 @@
       // The session ID is irrelevant for a session ticket.
       !CBB_add_asn1_octet_string(&session, in->session_id,
                                  for_ticket ? 0 : in->session_id_length) ||
-      !CBB_add_asn1_octet_string(&session, in->master_key,
-                                 in->master_key_length) ||
+      !CBB_add_asn1_octet_string(&session, in->secret, in->secret_length) ||
       !CBB_add_asn1(&session, &child, kTimeTag) ||
       !CBB_add_asn1_uint64(&child, in->time) ||
       !CBB_add_asn1(&session, &child, kTimeoutTag) ||
@@ -593,18 +592,18 @@
     return nullptr;
   }
 
-  CBS session_id, master_key;
+  CBS session_id, secret;
   if (!CBS_get_asn1(&session, &session_id, CBS_ASN1_OCTETSTRING) ||
       CBS_len(&session_id) > SSL3_MAX_SSL_SESSION_ID_LENGTH ||
-      !CBS_get_asn1(&session, &master_key, CBS_ASN1_OCTETSTRING) ||
-      CBS_len(&master_key) > SSL_MAX_MASTER_KEY_LENGTH) {
+      !CBS_get_asn1(&session, &secret, CBS_ASN1_OCTETSTRING) ||
+      CBS_len(&secret) > SSL_MAX_MASTER_KEY_LENGTH) {
     OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION);
     return nullptr;
   }
   OPENSSL_memcpy(ret->session_id, CBS_data(&session_id), CBS_len(&session_id));
   ret->session_id_length = CBS_len(&session_id);
-  OPENSSL_memcpy(ret->master_key, CBS_data(&master_key), CBS_len(&master_key));
-  ret->master_key_length = CBS_len(&master_key);
+  OPENSSL_memcpy(ret->secret, CBS_data(&secret), CBS_len(&secret));
+  ret->secret_length = CBS_len(&secret);
 
   CBS child;
   uint64_t timeout;