diff options
author | Daiki Ueno <dueno@redhat.com> | 2019-04-08 10:05:56 +0200 |
---|---|---|
committer | Daiki Ueno <dueno@redhat.com> | 2019-04-08 10:05:56 +0200 |
commit | 0151b2ce26b409ab041e1a08ba4bd905cd565dc5 (patch) | |
tree | c59ce243b8dda474fb933382c79695afaab1751f /lib/ssl/tls13hashstate.c | |
parent | 57344729bcdc0be111130c848a412526262ad817 (diff) | |
download | nss-hg-0151b2ce26b409ab041e1a08ba4bd905cd565dc5.tar.gz |
Bug 1532312, fix transcript-hash calculation after handshake, r=mt
Summary:
In post-handshake, Handshake Context should be:
```
ClientHello ... client Finished + CertificateRequest
```
while NSS continues feeding any handshake message after handshake.
Reviewers: mt
Reviewed By: mt
Bug #: 1532312
Differential Revision: https://phabricator.services.mozilla.com/D21935
Diffstat (limited to 'lib/ssl/tls13hashstate.c')
-rw-r--r-- | lib/ssl/tls13hashstate.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/ssl/tls13hashstate.c b/lib/ssl/tls13hashstate.c index cc0ed286b..53d3738f0 100644 --- a/lib/ssl/tls13hashstate.c +++ b/lib/ssl/tls13hashstate.c @@ -157,7 +157,8 @@ tls13_RecoverHashState(sslSocket *ss, /* Now reinject the message. */ SSL_ASSERT_HASHES_EMPTY(ss); rv = ssl_HashHandshakeMessageInt(ss, ssl_hs_message_hash, 0, - SSL_READER_CURRENT(&reader), hashLen); + SSL_READER_CURRENT(&reader), hashLen, + ssl3_UpdateHandshakeHashes); if (rv != SECSuccess) { return SECFailure; } @@ -173,7 +174,8 @@ tls13_RecoverHashState(sslSocket *ss, rv = ssl_HashHandshakeMessageInt(ss, ssl_hs_server_hello, 0, SSL_BUFFER_BASE(&messageBuf), - SSL_BUFFER_LEN(&messageBuf)); + SSL_BUFFER_LEN(&messageBuf), + ssl3_UpdateHandshakeHashes); sslBuffer_Clear(&messageBuf); if (rv != SECSuccess) { return SECFailure; |