make sure kdf labels are always used

author: Kai Michaelis <[email protected]> 2016-06-01 11:57:42 +0200
committer: Kai Michaelis <[email protected]> 2016-06-01 11:57:42 +0200
commit: cf74d1c376df1d9e6400e264a1d059720eeaa059 (patch)
tree: ac16b3e568c59a710af79020c0fee96887a9c4df /src/lib/tls/msg_finished.cpp
parent: 57a3f3272c96a83c5c87c36761caee83982be498 (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/src/lib/tls/msg_finished.cpp b/src/lib/tls/msg_finished.cpp
index 7c61ed98e..3a2c88fb1 100644
--- a/src/lib/tls/msg_finished.cpp
+++ b/src/lib/tls/msg_finished.cpp
@@ -31,14 +31,15 @@ std::vector<byte> finished_compute_verify(const Handshake_State& state,
    std::unique_ptr<KDF> prf(state.protocol_specific_prf());
 
    std::vector<byte> input;
+   std::vector<byte> label;
    if(side == CLIENT)
-      input += std::make_pair(TLS_CLIENT_LABEL, sizeof(TLS_CLIENT_LABEL));
+      label += std::make_pair(TLS_CLIENT_LABEL, sizeof(TLS_CLIENT_LABEL));
    else
-      input += std::make_pair(TLS_SERVER_LABEL, sizeof(TLS_SERVER_LABEL));
+      label += std::make_pair(TLS_SERVER_LABEL, sizeof(TLS_SERVER_LABEL));
 
    input += state.hash().final(state.version(), state.ciphersuite().prf_algo());
 
-   return unlock(prf->derive_key(12, state.session_keys().master_secret(), input, secure_vector<byte>()));
+   return unlock(prf->derive_key(12, state.session_keys().master_secret(), input, label));
    }
 
 }
author	Kai Michaelis <[email protected]>	2016-06-01 11:57:42 +0200
committer	Kai Michaelis <[email protected]>	2016-06-01 11:57:42 +0200
commit	cf74d1c376df1d9e6400e264a1d059720eeaa059 (patch)
tree	ac16b3e568c59a710af79020c0fee96887a9c4df /src/lib/tls/msg_finished.cpp
parent	57a3f3272c96a83c5c87c36761caee83982be498 (diff)