New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use the client app traffic secret for PHA Finished message #6297
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Don't we still have to do the HKDF-Expand-Label(BaseKey, "finished", "", Hash.length)
?
9d61a41
to
eb2f28a
Compare
Yeah, good catch. Update pushed. |
ssl/tls13_enc.c
Outdated
goto err; | ||
|
||
key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, | ||
s->client_app_traffic_secret, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
finsecret
, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FFS. Fix coming up.
The TLSv1.3 spec requires us to use the client application traffic secret during generation of the Finished message following a post handshake authentication. Fixes openssl#6263
eb2f28a
to
595ee8b
Compare
Fixed for sure this time! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This one seems okay. (I had delayed making a patch myself because I was pondering whether to reuse the client_finished_secret field or add a new one, and I don't think just using a temporary local occurred to me.)
Pushed. |
The TLSv1.3 spec requires us to use the client application traffic secret
during generation of the Finished message following a post handshake
authentication.
Fixes #6263
Checklist