diff options
author | Péter Dimitrov <[email protected]> | 2019-03-07 16:34:38 +0100 |
---|---|---|
committer | Péter Dimitrov <[email protected]> | 2019-03-07 16:34:38 +0100 |
commit | ecdfcfd6e85747b37881f873a64ee5ea068a94d1 (patch) | |
tree | 24006033527bf3d17b00dd984fdf8f090aaae2a6 /lib/ssl/src/tls_handshake_1_3.erl | |
parent | 0d37395176d63bb08c5cdbd46466630a132ea5b4 (diff) | |
download | otp-ecdfcfd6e85747b37881f873a64ee5ea068a94d1.tar.gz otp-ecdfcfd6e85747b37881f873a64ee5ea068a94d1.tar.bz2 otp-ecdfcfd6e85747b37881f873a64ee5ea068a94d1.zip |
ssl: Fix get_handshake_context/2
Split get_handshake_context/2 into two functions. The new
get_handshake_context_cv/2 returns the context for the
verification of CertificateVerify.
Change-Id: I461eb67bda1d9c1673e463d417c3e838fca6b40c
Diffstat (limited to 'lib/ssl/src/tls_handshake_1_3.erl')
-rw-r--r-- | lib/ssl/src/tls_handshake_1_3.erl | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/lib/ssl/src/tls_handshake_1_3.erl b/lib/ssl/src/tls_handshake_1_3.erl index c250e95029..9c6c9190a1 100644 --- a/lib/ssl/src/tls_handshake_1_3.erl +++ b/lib/ssl/src/tls_handshake_1_3.erl @@ -993,6 +993,8 @@ cipher_init(Key, IV, FinishedKey) -> tag_len = 16}. +%% Get handshake context for verification of CertificateVerify. +%% %% Verify CertificateVerify: %% ClientHello (client) (1) %% ServerHello (server) (2) @@ -1003,8 +1005,12 @@ cipher_init(Key, IV, FinishedKey) -> %% Finished (server) (20) %% Certificate (client) (11) %% CertificateVerify (client) (15) - Drop! Not included in calculations! -get_handshake_context({[<<15,_/binary>>|Messages], _}) -> - Messages; +get_handshake_context_cv({[<<15,_/binary>>|Messages], _}) -> + Messages. + + +%% Get handshake context for traffic key calculation. +%% %% Client is authenticated with certificate: %% ClientHello (client) (1) %% ServerHello (server) (2) @@ -1062,7 +1068,7 @@ verify_signature_algorithm(#state{ssl_options = State1 = calculate_traffic_secrets(State0), State = ssl_record:step_encryption_state(State1), {error, {{handshake_failure, - "CertificateVerify has a not supported signature algorithm"}, State}} + "CertificateVerify uses unsupported signature algorithm"}, State}} end. @@ -1081,7 +1087,7 @@ verify_certificate_verify(#state{connection_states = ConnectionStates, {HashAlgo, _, _} = ssl_cipher:scheme_to_components(SignatureScheme), - Messages = get_handshake_context(HHistory), + Messages = get_handshake_context_cv(HHistory), Context = lists:reverse(Messages), |