diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/tls13_client.c | 15 | ||||
| -rw-r--r-- | src/lib/libssl/tls13_server.c | 15 |
2 files changed, 28 insertions, 2 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index 35409d92bd..f804f27293 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_client.c,v 1.67 2020/09/11 17:36:27 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_client.c,v 1.68 2020/12/14 15:26:36 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -756,6 +756,7 @@ tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs) | |||
| 756 | uint8_t key[EVP_MAX_MD_SIZE]; | 756 | uint8_t key[EVP_MAX_MD_SIZE]; |
| 757 | HMAC_CTX *hmac_ctx = NULL; | 757 | HMAC_CTX *hmac_ctx = NULL; |
| 758 | unsigned int hlen; | 758 | unsigned int hlen; |
| 759 | SSL *s = ctx->ssl; | ||
| 759 | int ret = 0; | 760 | int ret = 0; |
| 760 | 761 | ||
| 761 | /* | 762 | /* |
| @@ -790,6 +791,11 @@ tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs) | |||
| 790 | goto err; | 791 | goto err; |
| 791 | } | 792 | } |
| 792 | 793 | ||
| 794 | if (!CBS_write_bytes(cbs, S3I(s)->tmp.peer_finish_md, | ||
| 795 | sizeof(S3I(s)->tmp.peer_finish_md), | ||
| 796 | &S3I(s)->tmp.peer_finish_md_len)) | ||
| 797 | goto err; | ||
| 798 | |||
| 793 | if (!CBS_skip(cbs, verify_data_len)) | 799 | if (!CBS_skip(cbs, verify_data_len)) |
| 794 | goto err; | 800 | goto err; |
| 795 | 801 | ||
| @@ -1036,6 +1042,8 @@ tls13_client_finished_send(struct tls13_ctx *ctx, CBB *cbb) | |||
| 1036 | size_t hmac_len; | 1042 | size_t hmac_len; |
| 1037 | unsigned int hlen; | 1043 | unsigned int hlen; |
| 1038 | HMAC_CTX *hmac_ctx = NULL; | 1044 | HMAC_CTX *hmac_ctx = NULL; |
| 1045 | CBS cbs; | ||
| 1046 | SSL *s = ctx->ssl; | ||
| 1039 | int ret = 0; | 1047 | int ret = 0; |
| 1040 | 1048 | ||
| 1041 | finished_key.data = key; | 1049 | finished_key.data = key; |
| @@ -1066,6 +1074,11 @@ tls13_client_finished_send(struct tls13_ctx *ctx, CBB *cbb) | |||
| 1066 | if (hlen != hmac_len) | 1074 | if (hlen != hmac_len) |
| 1067 | goto err; | 1075 | goto err; |
| 1068 | 1076 | ||
| 1077 | CBS_init(&cbs, verify_data, hmac_len); | ||
| 1078 | if (!CBS_write_bytes(&cbs, S3I(s)->tmp.finish_md, | ||
| 1079 | sizeof(S3I(s)->tmp.finish_md), &S3I(s)->tmp.finish_md_len)) | ||
| 1080 | goto err; | ||
| 1081 | |||
| 1069 | ret = 1; | 1082 | ret = 1; |
| 1070 | 1083 | ||
| 1071 | err: | 1084 | err: |
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c index a3adf9e6b3..1c8644ab27 100644 --- a/src/lib/libssl/tls13_server.c +++ b/src/lib/libssl/tls13_server.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_server.c,v 1.63 2020/11/17 07:02:30 tb Exp $ */ | 1 | /* $OpenBSD: tls13_server.c,v 1.64 2020/12/14 15:26:36 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2020 Bob Beck <beck@openbsd.org> | 4 | * Copyright (c) 2020 Bob Beck <beck@openbsd.org> |
| @@ -776,6 +776,8 @@ tls13_server_finished_send(struct tls13_ctx *ctx, CBB *cbb) | |||
| 776 | size_t hmac_len; | 776 | size_t hmac_len; |
| 777 | unsigned int hlen; | 777 | unsigned int hlen; |
| 778 | HMAC_CTX *hmac_ctx = NULL; | 778 | HMAC_CTX *hmac_ctx = NULL; |
| 779 | CBS cbs; | ||
| 780 | SSL *s = ctx->ssl; | ||
| 779 | int ret = 0; | 781 | int ret = 0; |
| 780 | 782 | ||
| 781 | finished_key.data = key; | 783 | finished_key.data = key; |
| @@ -806,6 +808,11 @@ tls13_server_finished_send(struct tls13_ctx *ctx, CBB *cbb) | |||
| 806 | if (hlen != hmac_len) | 808 | if (hlen != hmac_len) |
| 807 | goto err; | 809 | goto err; |
| 808 | 810 | ||
| 811 | CBS_init(&cbs, verify_data, hmac_len); | ||
| 812 | if (!CBS_write_bytes(&cbs, S3I(s)->tmp.finish_md, | ||
| 813 | sizeof(S3I(s)->tmp.finish_md), &S3I(s)->tmp.finish_md_len)) | ||
| 814 | goto err; | ||
| 815 | |||
| 809 | ret = 1; | 816 | ret = 1; |
| 810 | 817 | ||
| 811 | err: | 818 | err: |
| @@ -1036,6 +1043,7 @@ tls13_client_finished_recv(struct tls13_ctx *ctx, CBS *cbs) | |||
| 1036 | uint8_t key[EVP_MAX_MD_SIZE]; | 1043 | uint8_t key[EVP_MAX_MD_SIZE]; |
| 1037 | HMAC_CTX *hmac_ctx = NULL; | 1044 | HMAC_CTX *hmac_ctx = NULL; |
| 1038 | unsigned int hlen; | 1045 | unsigned int hlen; |
| 1046 | SSL *s = ctx->ssl; | ||
| 1039 | int ret = 0; | 1047 | int ret = 0; |
| 1040 | 1048 | ||
| 1041 | /* | 1049 | /* |
| @@ -1070,6 +1078,11 @@ tls13_client_finished_recv(struct tls13_ctx *ctx, CBS *cbs) | |||
| 1070 | goto err; | 1078 | goto err; |
| 1071 | } | 1079 | } |
| 1072 | 1080 | ||
| 1081 | if (!CBS_write_bytes(cbs, S3I(s)->tmp.peer_finish_md, | ||
| 1082 | sizeof(S3I(s)->tmp.peer_finish_md), | ||
| 1083 | &S3I(s)->tmp.peer_finish_md_len)) | ||
| 1084 | goto err; | ||
| 1085 | |||
| 1073 | if (!CBS_skip(cbs, verify_data_len)) | 1086 | if (!CBS_skip(cbs, verify_data_len)) |
| 1074 | goto err; | 1087 | goto err; |
| 1075 | 1088 | ||