The branch master has been updated
       via  de9f5b3554274e27949941cbe74a07c8a5f25dbf (commit)
      from  b501ab6bee469eafb8b67ac38896bb689ab632fa (commit)


- Log -----------------------------------------------------------------
commit de9f5b3554274e27949941cbe74a07c8a5f25dbf
Author: Matt Caswell <m...@openssl.org>
Date:   Fri May 18 17:33:19 2018 +0100

    Use the client app traffic secret for PHA Finished message
    
    The TLSv1.3 spec requires us to use the client application traffic secret
    during generation of the Finished message following a post handshake
    authentication.
    
    Fixes #6263
    
    Reviewed-by: Ben Kaduk <ka...@mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/6297)

-----------------------------------------------------------------------

Summary of changes:
 ssl/tls13_enc.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index 1613004..1e6db92 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -247,12 +247,23 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, 
size_t slen,
         goto err;
     }
 
-    if (str == s->method->ssl3_enc->server_finished_label)
+    if (str == s->method->ssl3_enc->server_finished_label) {
         key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL,
                                            s->server_finished_secret, hashlen);
-    else
+    } else if (SSL_IS_FIRST_HANDSHAKE(s)) {
         key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL,
                                            s->client_finished_secret, hashlen);
+    } else {
+        unsigned char finsecret[EVP_MAX_MD_SIZE];
+
+        if (!tls13_derive_finishedkey(s, ssl_handshake_md(s),
+                                      s->client_app_traffic_secret,
+                                      finsecret, hashlen))
+            goto err;
+
+        key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, finsecret,
+                                           hashlen);
+    }
 
     if (key == NULL
             || ctx == NULL
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

Reply via email to