handshake: record transcript offset of client Finished

This is for deriving resumption_master_secret, whose value is
calculated over ClientHello...client Finished.

Signed-off-by: Daiki Ueno <dueno@redhat.com>

1 files changed, 7 insertions, 0 deletions

diff --git a/lib/handshake.c b/lib/handshake.c
index e756574277..1c0d25fb93 100644
--- a/lib/handshake.c
+++ b/lib/handshake.c
@@ -81,6 +81,7 @@ handshake_hash_buffer_reset(gnutls_session_t session)
 
 	session->internals.handshake_hash_buffer_client_kx_len = 0;
 	session->internals.handshake_hash_buffer_server_finished_len = 0;
+	session->internals.handshake_hash_buffer_client_finished_len = 0;
 	session->internals.handshake_hash_buffer_prev_len = 0;
 	session->internals.handshake_hash_buffer.length = 0;
 	session->internals.full_client_hello.length = 0;
@@ -1303,6 +1304,9 @@ handshake_hash_add_recvd(gnutls_session_t session,
 	if (recv_type == GNUTLS_HANDSHAKE_FINISHED && session->security_parameters.entity == GNUTLS_CLIENT)
 		session->internals.handshake_hash_buffer_server_finished_len =
 			session->internals.handshake_hash_buffer.length;
+	if (recv_type == GNUTLS_HANDSHAKE_FINISHED && session->security_parameters.entity == GNUTLS_SERVER)
+		session->internals.handshake_hash_buffer_client_finished_len =
+			session->internals.handshake_hash_buffer.length;
 
 	return 0;
 }
@@ -1352,6 +1356,9 @@ handshake_hash_add_sent(gnutls_session_t session,
 		if (type == GNUTLS_HANDSHAKE_FINISHED && session->security_parameters.entity == GNUTLS_SERVER)
 			session->internals.handshake_hash_buffer_server_finished_len =
 				session->internals.handshake_hash_buffer.length;
+		if (type == GNUTLS_HANDSHAKE_FINISHED && session->security_parameters.entity == GNUTLS_CLIENT)
+			session->internals.handshake_hash_buffer_client_finished_len =
+				session->internals.handshake_hash_buffer.length;
 
 		return 0;
 	}