(out []byte)
| 809 | } |
| 810 | |
| 811 | func (hs *serverHandshakeState) readFinished(out []byte) error { |
| 812 | c := hs.c |
| 813 | |
| 814 | if err := c.readChangeCipherSpec(); err != nil { |
| 815 | return err |
| 816 | } |
| 817 | |
| 818 | // finishedMsg is included in the transcript, but not until after we |
| 819 | // check the client version, since the state before this message was |
| 820 | // sent is used during verification. |
| 821 | msg, err := c.readHandshake(nil) |
| 822 | if err != nil { |
| 823 | return err |
| 824 | } |
| 825 | clientFinished, ok := msg.(*finishedMsg) |
| 826 | if !ok { |
| 827 | c.sendAlert(alertUnexpectedMessage) |
| 828 | return unexpectedMessageError(clientFinished, msg) |
| 829 | } |
| 830 | |
| 831 | verify := hs.finishedHash.clientSum(hs.masterSecret) |
| 832 | if len(verify) != len(clientFinished.verifyData) || |
| 833 | subtle.ConstantTimeCompare(verify, clientFinished.verifyData) != 1 { |
| 834 | c.sendAlert(alertHandshakeFailure) |
| 835 | return errors.New("tls: client's Finished message is incorrect") |
| 836 | } |
| 837 | |
| 838 | if err := transcriptMsg(clientFinished, &hs.finishedHash); err != nil { |
| 839 | return err |
| 840 | } |
| 841 | |
| 842 | copy(out, verify) |
| 843 | return nil |
| 844 | } |
| 845 | |
| 846 | func (hs *serverHandshakeState) sendSessionTicket() error { |
| 847 | if !hs.hello.ticketSupported { |
no test coverage detected