[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Wed May 23 14:07:25 UTC 2018
The branch master has been updated
via de9f5b3554274e27949941cbe74a07c8a5f25dbf (commit)
from b501ab6bee469eafb8b67ac38896bb689ab632fa (commit)
- Log -----------------------------------------------------------------
commit de9f5b3554274e27949941cbe74a07c8a5f25dbf
Author: Matt Caswell <matt at openssl.org>
Date: Fri May 18 17:33:19 2018 +0100
Use the client app traffic secret for PHA Finished message
The TLSv1.3 spec requires us to use the client application traffic secret
during generation of the Finished message following a post handshake
authentication.
Fixes #6263
Reviewed-by: Ben Kaduk <kaduk at mit.edu>
(Merged from https://github.com/openssl/openssl/pull/6297)
-----------------------------------------------------------------------
Summary of changes:
ssl/tls13_enc.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index 1613004..1e6db92 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -247,12 +247,23 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,
goto err;
}
- if (str == s->method->ssl3_enc->server_finished_label)
+ if (str == s->method->ssl3_enc->server_finished_label) {
key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL,
s->server_finished_secret, hashlen);
- else
+ } else if (SSL_IS_FIRST_HANDSHAKE(s)) {
key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL,
s->client_finished_secret, hashlen);
+ } else {
+ unsigned char finsecret[EVP_MAX_MD_SIZE];
+
+ if (!tls13_derive_finishedkey(s, ssl_handshake_md(s),
+ s->client_app_traffic_secret,
+ finsecret, hashlen))
+ goto err;
+
+ key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, finsecret,
+ hashlen);
+ }
if (key == NULL
|| ctx == NULL
More information about the openssl-commits
mailing list