Harden hash comparison in TLS1.2 finished

This commit is contained in:
Tobias Frauenschläger
2026-03-05 11:46:33 +01:00
parent 1c8d593af7
commit eaa40f3df6
+2 -1
View File
@@ -17611,7 +17611,8 @@ int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size,
#endif
if (sniff == NO_SNIFF) {
if (XMEMCMP(input + *inOutIdx, &ssl->hsHashes->verifyHashes,size) != 0){
if (ConstantCompare(input + *inOutIdx,
(const byte*)&ssl->hsHashes->verifyHashes, (int)size) != 0) {
WOLFSSL_MSG("Verify finished error on hashes");
WOLFSSL_ERROR_VERBOSE(VERIFY_FINISHED_ERROR);
return VERIFY_FINISHED_ERROR;