LibTLS: Do not process_message() the finished message twice

With two different sequence numbers to boot!
Fixes #3273

Libraries/LibTLS/ClientHandshake.cpp

@@ -216,7 +216,6 @@ ssize_t TLSv12::handle_finished(const ByteBuffer& buffer, WritePacketStage& writ
     size_t index = 3;
 
     u32 size = buffer[0] * 0x10000 + buffer[1] * 0x100 + buffer[2];
-    index += 3;
 
     if (size < 12) {
 #ifdef TLS_DEBUG
@@ -248,7 +247,7 @@ ssize_t TLSv12::handle_finished(const ByteBuffer& buffer, WritePacketStage& writ
     if (on_tls_ready_to_write)
         on_tls_ready_to_write(*this);
 
-    return handle_message(buffer);
+    return index + size;
 }
 
 void TLSv12::build_random(PacketBuilder& builder)

Libraries/LibTLS/Record.cpp

@@ -233,11 +233,13 @@ ssize_t TLSv12::handle_message(const ByteBuffer& buffer)
             return (i8)Error::BrokenPacket;
         }
 
-        const u8* message_hmac = decrypted_span.offset(length - mac_size);
+        length -= mac_size;
+
+        const u8* message_hmac = decrypted_span.offset(length);
         u8 temp_buf[5];
         memcpy(temp_buf, buffer.offset_pointer(0), 3);
         *(u16*)(temp_buf + 3) = convert_between_host_and_network(length);
-        auto hmac = hmac_message({ temp_buf, 5 }, decrypted_span, mac_size);
+        auto hmac = hmac_message({ temp_buf, 5 }, decrypted_span.slice(0, length), mac_size);
         auto message_mac = ByteBuffer::wrap(const_cast<u8*>(message_hmac), mac_size);
         if (hmac != message_mac) {
             dbg() << "integrity check failed (mac length " << length << ")";
@@ -250,7 +252,7 @@ ssize_t TLSv12::handle_message(const ByteBuffer& buffer)
 
             return (i8)Error::IntegrityCheckFailed;
         }
-        plain = decrypted.slice(0, length - mac_size);
+        plain = decrypted.slice(0, length);
     }
     m_context.remote_sequence_number++;