diff --git a/ssl/handshake.cc b/ssl/handshake.cc index 3e2ae614..573d3357 100644 --- a/ssl/handshake.cc +++ b/ssl/handshake.cc @@ -402,8 +402,7 @@ enum ssl_hs_wait_t ssl_get_finished(SSL_HANDSHAKE *hs) { uint8_t finished[EVP_MAX_MD_SIZE]; size_t finished_len; if (!hs->transcript.GetFinishedMAC(finished, &finished_len, - SSL_get_session(ssl), !ssl->server, - ssl3_protocol_version(ssl)) || + SSL_get_session(ssl), !ssl->server) || !ssl_hash_message(hs, msg)) { return ssl_hs_error; } diff --git a/ssl/internal.h b/ssl/internal.h index 1140c925..480723d3 100644 --- a/ssl/internal.h +++ b/ssl/internal.h @@ -437,7 +437,7 @@ class SSLTranscript { // have room for |EVP_MAX_MD_SIZE| bytes. It returns true on success and false // on failure. bool GetFinishedMAC(uint8_t *out, size_t *out_len, const SSL_SESSION *session, - bool from_server, uint16_t version); + bool from_server); private: // buffer_, if non-null, contains the handshake transcript. diff --git a/ssl/s3_both.cc b/ssl/s3_both.cc index 144da07b..624ea248 100644 --- a/ssl/s3_both.cc +++ b/ssl/s3_both.cc @@ -302,7 +302,7 @@ int ssl3_send_finished(SSL_HANDSHAKE *hs) { uint8_t finished[EVP_MAX_MD_SIZE]; size_t finished_len; if (!hs->transcript.GetFinishedMAC(finished, &finished_len, session, - ssl->server, ssl3_protocol_version(ssl))) { + ssl->server)) { return 0; } diff --git a/ssl/ssl_transcript.cc b/ssl/ssl_transcript.cc index 81d85daf..b9c1713e 100644 --- a/ssl/ssl_transcript.cc +++ b/ssl/ssl_transcript.cc @@ -328,9 +328,9 @@ bool SSLTranscript::GetSSL3CertVerifyHash(uint8_t *out, size_t *out_len, } bool SSLTranscript::GetFinishedMAC(uint8_t *out, size_t *out_len, - const SSL_SESSION *session, bool from_server, - uint16_t version) { - if (version == SSL3_VERSION) { + const SSL_SESSION *session, + bool from_server) { + if (session->ssl_version == SSL3_VERSION) { if (Digest() != EVP_md5_sha1()) { OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); return false;