diff --git a/src/session.rs b/src/session.rs index fad2839..71d3cd8 100644 --- a/src/session.rs +++ b/src/session.rs @@ -610,7 +610,14 @@ impl<'a> Session<'a> { .verify_digest( verify_hash, &ecdsa_signature ).unwrap(); - return + + // Usual procedures: update hash + self.hash.update(cert_verify_slice); + + // At last, update client state + self.state = TlsState::WAIT_FINISHED; + + return; } if signature_algorithm == SignatureScheme::ed25519 { @@ -628,7 +635,14 @@ impl<'a> Session<'a> { .unwrap() .verify_prehashed(verify_hash, None, &ed25519_signature) .unwrap(); - return + + // Usual procedures: update hash + self.hash.update(cert_verify_slice); + + // At last, update client state + self.state = TlsState::WAIT_FINISHED; + + return; } // Get verification hash, and verify the signature @@ -1275,7 +1289,7 @@ impl<'a> Session<'a> { use p256::ecdsa::signature::DigestSigner; let sig_vec = alloc::vec::Vec::from( - cert_signing_key.sign_digest(verify_hash).as_ref() + cert_signing_key.sign_digest(verify_hash).to_asn1().as_ref() ); ( diff --git a/src/tls.rs b/src/tls.rs index 3926e21..7a9e6f7 100644 --- a/src/tls.rs +++ b/src/tls.rs @@ -748,12 +748,14 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> { // Perform verification, update TLS state if successful let (sig_alg, signature) = might_be_cert_verify.get_signature().unwrap(); - self.session.borrow_mut() - .client_update_for_wait_cv( - cert_verify_slice, - sig_alg, - signature - ); + { + self.session.borrow_mut() + .client_update_for_wait_cv( + cert_verify_slice, + sig_alg, + signature + ); + } log::info!("Received CV"); },