Commit 6612d87b authored by Matt Caswell's avatar Matt Caswell
Browse files

Use the correct size for TLSv1.3 finished keys 



We need to use the length of the handshake hash for the length of the
finished key.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
parent ac77aa9a

ssl/tls13_enc.c

+2 −2
Original line number Diff line number Diff line
@@ -330,7 +330,7 @@ int tls13_change_cipher_state(SSL *s, int which) 
        if (which & SSL3_CC_HANDSHAKE) {

            insecret = s->handshake_secret;

            finsecret = s->client_finished_secret;

            finsecretlen = sizeof(s->client_finished_secret);

            finsecretlen = EVP_MD_size(ssl_handshake_md(s));

            label = client_handshake_traffic;

            labellen = sizeof(client_handshake_traffic) - 1;

        } else {
@@ -342,7 +342,7 @@ int tls13_change_cipher_state(SSL *s, int which) 
        if (which & SSL3_CC_HANDSHAKE) {

            insecret = s->handshake_secret;

            finsecret = s->server_finished_secret;

            finsecretlen = sizeof(s->server_finished_secret);

            finsecretlen = EVP_MD_size(ssl_handshake_md(s));

            label = server_handshake_traffic;

            labellen = sizeof(server_handshake_traffic) - 1;

        } else {