Start using the key_share data to derive the PMS

[openssl.git] / ssl / t1_enc.c

diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 16d3d3e816614928fa9472f5ee3b3aa9d0d0e3c4..df2ce3703057e9879fe353c92b6112e5894aee67 100644 (file)
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -264,7 +264,7 @@ int tls1_change_cipher_state(SSL *s, int which)
 #ifdef SSL_DEBUG
     printf("which = %04X\nmac key=", which);
     {
-        int z;
+        size_t z;
         for (z = 0; z < i; z++)
             printf("%02X%c", ms[z], ((z + 1) % 16) ? ' ' : '\n');
     }
@@ -334,7 +334,7 @@ int tls1_change_cipher_state(SSL *s, int which)
     }
     printf("\niv=");
     {
-        int z;
+        size_t z;
         for (z = 0; z < k; z++)
             printf("%02X%c", iv[z], ((z + 1) % 16) ? ' ' : '\n');
     }
@@ -474,7 +474,13 @@ size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen,
 int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
                                 size_t len, size_t *secret_size)
 {
-    if (s->session->flags & SSL_SESS_FLAG_EXTMS) {
+    /*
+     * TODO(TLS1.3): We haven't implemented TLS1.3 key derivation yet. For now
+     * we will just force no use of EMS (which adds complications around the
+     * handshake has). This will need to be removed later
+     */
+    if ((s->session->flags & SSL_SESS_FLAG_EXTMS)
+            && s->version != TLS1_3_VERSION) {
         unsigned char hash[EVP_MAX_MD_SIZE * 2];
         size_t hashlen;
         /*