[tls] Generate master secret only after sending Client Key Exchange

The calculation for the extended master secret as defined in RFC 7627 relies upon the digest of all handshake messages up to and including the Client Key Exchange. Facilitate this calculation by generating the master secret only after sending the Client Key Exchange message. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2026-01-22 20:19:08 +03:00 · 2025-10-12 22:20:13 +01:00
parent 4f44f62402
commit d6656106e9
1 changed files with 19 additions and 13 deletions
--- a/src/net/tls.c
+++ b/src/net/tls.c
@@ -1399,10 +1399,6 @@ static int tls_send_client_key_exchange_pubkey ( struct tls_connection *tls ) {
 		return rc;
 	}

-	/* Generate master secret */
-	tls_generate_master_secret ( tls, &pre_master_secret,
-				     sizeof ( pre_master_secret ) );
-
 	/* Encrypt pre-master secret using server's public key */
 	memset ( &key_xchg, 0, sizeof ( key_xchg ) );
 	len = pubkey_encrypt ( pubkey, &tls->server.key, &pre_master_secret,
@@ -1423,8 +1419,18 @@ static int tls_send_client_key_exchange_pubkey ( struct tls_connection *tls ) {
 		htons ( sizeof ( key_xchg.encrypted_pre_master_secret ) -
 			unused );

-	return tls_send_handshake ( tls, &key_xchg,
-				    ( sizeof ( key_xchg ) - unused ) );
+	/* Transmit Client Key Exchange record */
+	if ( ( rc = tls_send_handshake ( tls, &key_xchg,
+					 ( sizeof ( key_xchg ) -
+					   unused ) ) ) != 0 ) {
+		return rc;
+	}
+
+	/* Generate master secret */
+	tls_generate_master_secret ( tls, &pre_master_secret,
+				     sizeof ( pre_master_secret ) );
+
+	return 0;
 }

 /** Public key exchange algorithm */
@@ -1622,15 +1628,15 @@ static int tls_send_client_key_exchange_dhe ( struct tls_connection *tls ) {
 			len--;
 		}

-		/* Generate master secret */
-		tls_generate_master_secret ( tls, pre_master_secret, len );
-
 		/* Transmit Client Key Exchange record */
 		if ( ( rc = tls_send_handshake ( tls, key_xchg,
 						 sizeof ( *key_xchg ) ) ) !=0){
 			goto err_send_handshake;
 		}

+		/* Generate master secret */
+		tls_generate_master_secret ( tls, pre_master_secret, len );
+
 	err_send_handshake:
 	err_dhe_key:
 		free ( dynamic );
@@ -1749,10 +1755,6 @@ static int tls_send_client_key_exchange_ecdhe ( struct tls_connection *tls ) {
 			return rc;
 		}

-		/* Generate master secret */
-		tls_generate_master_secret ( tls, pre_master_secret,
-					     curve->pre_master_secret_len );
-
 		/* Generate Client Key Exchange record */
 		key_xchg.type_length =
 			( cpu_to_le32 ( TLS_CLIENT_KEY_EXCHANGE ) |
@@ -1767,6 +1769,10 @@ static int tls_send_client_key_exchange_ecdhe ( struct tls_connection *tls ) {
 						 sizeof ( key_xchg ) ) ) !=0){
 			return rc;
 		}
+
+		/* Generate master secret */
+		tls_generate_master_secret ( tls, pre_master_secret,
+					     curve->pre_master_secret_len );
 	}

 	return 0;