projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Use the correct size for TLSv1.3 finished keys
[openssl.git] / ssl / tls13_enc.c
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index 5af0c303bb9e243a74f8c0df30245b006c5072bf..cbe989c6a2eb62a0c95027e3723a72e16391db34 100644 (file)
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -330,7 +330,7 @@ int tls13_change_cipher_state(SSL *s, int which)
         if (which & SSL3_CC_HANDSHAKE) {
             insecret = s->handshake_secret;
             finsecret = s->client_finished_secret;
-            finsecretlen = sizeof(s->client_finished_secret);
+            finsecretlen = EVP_MD_size(ssl_handshake_md(s));
             label = client_handshake_traffic;
             labellen = sizeof(client_handshake_traffic) - 1;
         } else {
@@ -342,7 +342,7 @@ int tls13_change_cipher_state(SSL *s, int which)
         if (which & SSL3_CC_HANDSHAKE) {
             insecret = s->handshake_secret;
             finsecret = s->server_finished_secret;
-            finsecretlen = sizeof(s->server_finished_secret);
+            finsecretlen = EVP_MD_size(ssl_handshake_md(s));
             label = server_handshake_traffic;
             labellen = sizeof(server_handshake_traffic) - 1;
         } else {
@@ -391,10 +391,8 @@ int tls13_change_cipher_state(SSL *s, int which)
 #endif
 
     ret = 1;
-
  err:
     OPENSSL_cleanse(secret, sizeof(secret));
     OPENSSL_cleanse(key, sizeof(key));
-    OPENSSL_cleanse(iv, sizeof(iv));
     return ret;
 }
Unnamed repository; edit this file 'description' to name the repository.