From 2d933f318b24545d8fde479eb87661e52a1c68e7 Mon Sep 17 00:00:00 2001 From: Pascal Knecht Date: Tue, 10 Nov 2020 14:44:51 +0100 Subject: [PATCH] tls-peer: Derive application traffic keys after server finished message The inbound key is used right away, the outbound key only after the client finished message has been sent. --- src/libtls/tls_peer.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/libtls/tls_peer.c b/src/libtls/tls_peer.c index 1f9e27077..c9da4e260 100644 --- a/src/libtls/tls_peer.c +++ b/src/libtls/tls_peer.c @@ -1710,14 +1710,14 @@ METHOD(tls_handshake_t, build, status_t, case STATE_HELLO_DONE: case STATE_CIPHERSPEC_CHANGED_OUT: case STATE_FINISHED_RECEIVED: - return send_finished(this, type, writer); - case STATE_FINISHED_SENT: if (!this->crypto->derive_app_keys(this->crypto)) { this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR); return NEED_MORE; } this->crypto->change_cipher(this->crypto, TRUE); + return send_finished(this, type, writer); + case STATE_FINISHED_SENT: this->crypto->change_cipher(this->crypto, FALSE); this->state = STATE_FINISHED_SENT_KEY_SWITCHED; return INVALID_STATE;