From ecdfcfd6e85747b37881f873a64ee5ea068a94d1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A9ter=20Dimitrov?= <peterdmv@erlang.org>
Date: Thu, 7 Mar 2019 16:34:38 +0100
Subject: ssl: Fix get_handshake_context/2

Split get_handshake_context/2 into two functions. The new
get_handshake_context_cv/2 returns the context for the
verification of CertificateVerify.

Change-Id: I461eb67bda1d9c1673e463d417c3e838fca6b40c
---
 lib/ssl/src/tls_handshake_1_3.erl | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

(limited to 'lib')

diff --git a/lib/ssl/src/tls_handshake_1_3.erl b/lib/ssl/src/tls_handshake_1_3.erl
index c250e95029..9c6c9190a1 100644
--- a/lib/ssl/src/tls_handshake_1_3.erl
+++ b/lib/ssl/src/tls_handshake_1_3.erl
@@ -993,6 +993,8 @@ cipher_init(Key, IV, FinishedKey) ->
                   tag_len = 16}.
 
 
+%% Get handshake context for verification of CertificateVerify.
+%%
 %% Verify CertificateVerify:
 %%    ClientHello         (client) (1)
 %%    ServerHello         (server) (2)
@@ -1003,8 +1005,12 @@ cipher_init(Key, IV, FinishedKey) ->
 %%    Finished            (server) (20)
 %%    Certificate         (client) (11)
 %%    CertificateVerify   (client) (15) - Drop! Not included in calculations!
-get_handshake_context({[<<15,_/binary>>|Messages], _}) ->
-    Messages;
+get_handshake_context_cv({[<<15,_/binary>>|Messages], _}) ->
+    Messages.
+
+
+%% Get handshake context for traffic key calculation.
+%%
 %% Client is authenticated with certificate:
 %%    ClientHello         (client) (1)
 %%    ServerHello         (server) (2)
@@ -1062,7 +1068,7 @@ verify_signature_algorithm(#state{ssl_options =
             State1 = calculate_traffic_secrets(State0),
             State = ssl_record:step_encryption_state(State1),
             {error, {{handshake_failure,
-                      "CertificateVerify has a not supported signature algorithm"}, State}}
+                      "CertificateVerify uses unsupported signature algorithm"}, State}}
     end.
 
 
@@ -1081,7 +1087,7 @@ verify_certificate_verify(#state{connection_states = ConnectionStates,
     {HashAlgo, _, _} =
         ssl_cipher:scheme_to_components(SignatureScheme),
 
-    Messages = get_handshake_context(HHistory),
+    Messages = get_handshake_context_cv(HHistory),
 
     Context = lists:reverse(Messages),
 
-- 
cgit v1.2.3