Skip to content

Commit

Permalink
Merge pull request #8318 from dgarske/CID444418
Browse files Browse the repository at this point in the history 
Fix for finishedSz checking with TLSv1.3 and `WOLFSSL_HAVE_TLS_UNIQUE` (CID444418)
  • Loading branch information
@JacobBarthelmeh
JacobBarthelmeh authored Dec 24, 2024
2 parents 17c17cd + e1baf27 commit f57f044
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions src/tls13.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10867,12 +10867,12 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
}

if (sniff == NO_SNIFF) {
ret = BuildTls13HandshakeHmac(ssl, secret, mac, &finishedSz);

if (finishedSz > WOLFSSL_MAX_8BIT) {
ret = BuildTls13HandshakeHmac(ssl, secret, mac, &finishedSz);
#ifdef WOLFSSL_HAVE_TLS_UNIQUE
if (finishedSz > TLS_FINISHED_SZ_MAX) {
return BUFFER_ERROR;
}
#ifdef WOLFSSL_HAVE_TLS_UNIQUE
if (ssl->options.side == WOLFSSL_CLIENT_END) {
XMEMCPY(ssl->serverFinished, mac, finishedSz);
ssl->serverFinished_len = (byte)finishedSz;
Expand Down

0 comments on commit f57f044

Please sign in to comment.