projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 30562ca) | patch
Don't calculate the Finished MAC twice
authorMatt Caswell <matt@openssl.org>
Thu, 8 Feb 2018 14:48:51 +0000 (14:48 +0000)
committerMatt Caswell <matt@openssl.org>
Fri, 9 Feb 2018 15:32:00 +0000 (15:32 +0000)
commit622ddb57798bb5c895b0fe40e3fd89fdb4cdbc65
tree73b1333b21e6c112e9030f37308f9338d272f5f7tree | snapshot
parent30562caa34de5f23dead9b246aaf284748e184bfcommit | diff
Don't calculate the Finished MAC twice

In <= TLSv1.2 a Finished message always comes immediately after a CCS
except in the case of NPN where there is an additional message between
the CCS and Finished. Historically we always calculated the Finished MAC
when we processed the CCS. However to deal with NPN we also calculated it
when we receive the Finished message. Really this should only have been
done if we hand negotiated NPN.

This simplifies the code to only calculate the MAC when we receive the
Finished. In 1.1.1 we need to do it this way anyway because there is no
CCS (except in middlebox compat mode) in TLSv1.3.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5286)
include/openssl/ssl.h diff | blob | history
ssl/s3_msg.c diff | blob | history
ssl/ssl_err.c diff | blob | history
ssl/statem/statem_dtls.c diff | blob | history
ssl/statem/statem_lib.c diff | blob | history
ssl/statem/statem_locl.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.