mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 21:40:48 +02:00
Harden hash comparison in TLS1.2 finished
This commit is contained in:
+2
-1
@@ -17611,7 +17611,8 @@ int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size,
|
||||
#endif
|
||||
|
||||
if (sniff == NO_SNIFF) {
|
||||
if (XMEMCMP(input + *inOutIdx, &ssl->hsHashes->verifyHashes,size) != 0){
|
||||
if (ConstantCompare(input + *inOutIdx,
|
||||
(const byte*)&ssl->hsHashes->verifyHashes, (int)size) != 0) {
|
||||
WOLFSSL_MSG("Verify finished error on hashes");
|
||||
WOLFSSL_ERROR_VERBOSE(VERIFY_FINISHED_ERROR);
|
||||
return VERIFY_FINISHED_ERROR;
|
||||
|
||||
Reference in New Issue
Block a user