summaryrefslogtreecommitdiffstats
path: root/lib/libssl/tls13_client.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libssl/tls13_client.c')
-rw-r--r--lib/libssl/tls13_client.c15
1 files changed, 14 insertions, 1 deletions
diff --git a/lib/libssl/tls13_client.c b/lib/libssl/tls13_client.c
index 35409d92bdc..f804f272930 100644
--- a/lib/libssl/tls13_client.c
+++ b/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.67 2020/09/11 17:36:27 jsing Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.68 2020/12/14 15:26:36 tb Exp $ */
/*
* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
*
@@ -756,6 +756,7 @@ tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs)
uint8_t key[EVP_MAX_MD_SIZE];
HMAC_CTX *hmac_ctx = NULL;
unsigned int hlen;
+ SSL *s = ctx->ssl;
int ret = 0;
/*
@@ -790,6 +791,11 @@ tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs)
goto err;
}
+ if (!CBS_write_bytes(cbs, S3I(s)->tmp.peer_finish_md,
+ sizeof(S3I(s)->tmp.peer_finish_md),
+ &S3I(s)->tmp.peer_finish_md_len))
+ goto err;
+
if (!CBS_skip(cbs, verify_data_len))
goto err;
@@ -1036,6 +1042,8 @@ tls13_client_finished_send(struct tls13_ctx *ctx, CBB *cbb)
size_t hmac_len;
unsigned int hlen;
HMAC_CTX *hmac_ctx = NULL;
+ CBS cbs;
+ SSL *s = ctx->ssl;
int ret = 0;
finished_key.data = key;
@@ -1066,6 +1074,11 @@ tls13_client_finished_send(struct tls13_ctx *ctx, CBB *cbb)
if (hlen != hmac_len)
goto err;
+ CBS_init(&cbs, verify_data, hmac_len);
+ if (!CBS_write_bytes(&cbs, S3I(s)->tmp.finish_md,
+ sizeof(S3I(s)->tmp.finish_md), &S3I(s)->tmp.finish_md_len))
+ goto err;
+
ret = 1;
err:
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.