Fix SSL_get{,_peer}_finished() with TLSv1.3

As reported by Steffen Ullrich and bluhm, the Finished tests in
p5-Net-SSLeay's t/local/43_misc_functions.t broke with with TLSv1.3.
The reason for this is that we don't copy the MDs over to the SSL, so
the API functions can't retrieve them.  This commit fixes this part of
the test (one unrelated test still fails).

ok inoguchi jsing

1 files changed, 14 insertions, 1 deletions

diff --git a/lib/libssl/tls13_client.c b/lib/libssl/tls13_client.c
index 35409d92bdc..f804f272930 100644
--- a/lib/libssl/tls13_client.c
+++ b/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.67 2020/09/11 17:36:27 jsing Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.68 2020/12/14 15:26:36 tb Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -756,6 +756,7 @@ tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs)
 	uint8_t key[EVP_MAX_MD_SIZE];
 	HMAC_CTX *hmac_ctx = NULL;
 	unsigned int hlen;
+	SSL *s = ctx->ssl;
 	int ret = 0;
 
 	/*
@@ -790,6 +791,11 @@ tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs)
 		goto err;
 	}
 
+	if (!CBS_write_bytes(cbs, S3I(s)->tmp.peer_finish_md,
+	    sizeof(S3I(s)->tmp.peer_finish_md),
+	    &S3I(s)->tmp.peer_finish_md_len))
+		goto err;
+
 	if (!CBS_skip(cbs, verify_data_len))
 		goto err;
 
@@ -1036,6 +1042,8 @@ tls13_client_finished_send(struct tls13_ctx *ctx, CBB *cbb)
 	size_t hmac_len;
 	unsigned int hlen;
 	HMAC_CTX *hmac_ctx = NULL;
+	CBS cbs;
+	SSL *s = ctx->ssl;
 	int ret = 0;
 
 	finished_key.data = key;
@@ -1066,6 +1074,11 @@ tls13_client_finished_send(struct tls13_ctx *ctx, CBB *cbb)
 	if (hlen != hmac_len)
 		goto err;
 
+	CBS_init(&cbs, verify_data, hmac_len);
+	if (!CBS_write_bytes(&cbs, S3I(s)->tmp.finish_md,
+	    sizeof(S3I(s)->tmp.finish_md), &S3I(s)->tmp.finish_md_len))
+		goto err;
+
 	ret = 1;
 
  err: