Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use the client app traffic secret for PHA Finished message #6297

Closed
wants to merge 1 commit into from
Closed

Use the client app traffic secret for PHA Finished message #6297

wants to merge 1 commit into from

Conversation

mattcaswell
Copy link
Member

The TLSv1.3 spec requires us to use the client application traffic secret
during generation of the Finished message following a post handshake
authentication.

Fixes #6263

Checklist
  • documentation is added or updated
  • tests are added or updated

@mattcaswell mattcaswell mentioned this pull request May 18, 2018
Closed
kaduk
kaduk reviewed May 18, 2018
View reviewed changes
Copy link
Contributor

@kaduk kaduk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't we still have to do the HKDF-Expand-Label(BaseKey, "finished", "", Hash.length)?

@mattcaswell
Copy link
Member Author

Don't we still have to do the HKDF-Expand-Label(BaseKey, "finished", "", Hash.length)?

Yeah, good catch. Update pushed.

kaduk
kaduk reviewed May 22, 2018
View reviewed changes
ssl/tls13_enc.c Outdated
goto err;

key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL,
s->client_app_traffic_secret,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

finsecret, right?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FFS. Fix coming up.

@mattcaswell
Use the client app traffic secret for PHA Finished message
595ee8b 
The TLSv1.3 spec requires us to use the client application traffic secret
during generation of the Finished message following a post handshake
authentication.

Fixes openssl#6263
@mattcaswell
Copy link
Member Author

Fixed for sure this time!

kaduk
kaduk approved these changes May 22, 2018
View reviewed changes
Copy link
Contributor

@kaduk kaduk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This one seems okay. (I had delayed making a patch myself because I was pondering whether to reuse the client_finished_secret field or add a new one, and I don't think just using a temporary local occurred to me.)

levitte pushed a commit that referenced this pull request May 23, 2018
@mattcaswell
Use the client app traffic secret for PHA Finished message
de9f5b3 
The TLSv1.3 spec requires us to use the client application traffic secret
during generation of the Finished message following a post handshake
authentication.

Fixes #6263

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from #6297)
@mattcaswell
Copy link
Member Author

Pushed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kaduk kaduk kaduk approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Regarding TLS-1.3 ClientFinished during post-handshake authentication
2 participants
@mattcaswell @kaduk