(out []byte)
| 988 | } |
| 989 | |
| 990 | func (hs *clientHandshakeState) readFinished(out []byte) error { |
| 991 | c := hs.c |
| 992 | |
| 993 | if err := c.readChangeCipherSpec(); err != nil { |
| 994 | return err |
| 995 | } |
| 996 | |
| 997 | // finishedMsg is included in the transcript, but not until after we |
| 998 | // check the client version, since the state before this message was |
| 999 | // sent is used during verification. |
| 1000 | msg, err := c.readHandshake(nil) |
| 1001 | if err != nil { |
| 1002 | return err |
| 1003 | } |
| 1004 | serverFinished, ok := msg.(*finishedMsg) |
| 1005 | if !ok { |
| 1006 | c.sendAlert(alertUnexpectedMessage) |
| 1007 | return unexpectedMessageError(serverFinished, msg) |
| 1008 | } |
| 1009 | |
| 1010 | verify := hs.finishedHash.serverSum(hs.masterSecret) |
| 1011 | if len(verify) != len(serverFinished.verifyData) || |
| 1012 | subtle.ConstantTimeCompare(verify, serverFinished.verifyData) != 1 { |
| 1013 | c.sendAlert(alertHandshakeFailure) |
| 1014 | return errors.New("tls: server's Finished message was incorrect") |
| 1015 | } |
| 1016 | |
| 1017 | if err := transcriptMsg(serverFinished, &hs.finishedHash); err != nil { |
| 1018 | return err |
| 1019 | } |
| 1020 | |
| 1021 | copy(out, verify) |
| 1022 | return nil |
| 1023 | } |
| 1024 | |
| 1025 | func (hs *clientHandshakeState) readSessionTicket() error { |
| 1026 | if !hs.serverHello.ticketSupported { |
no test coverage detected