git.openssl.org Git - openssl.git/commit

author	Matt Caswell <matt@openssl.org>
	Thu, 8 Feb 2018 14:48:51 +0000 (14:48 +0000)
committer	Matt Caswell <matt@openssl.org>
	Fri, 9 Feb 2018 15:27:32 +0000 (15:27 +0000)
commit	5d671101739f9e9b259126375a9e8b2fa42ac45f
tree	cee4d20075e4ad2b05fe59d0a8f431fa053fe15b	tree \| snapshot
parent	368297d17352c7eb30efff443509caf7cf59f65f	commit \| diff

Don't calculate the Finished MAC twice

In <= TLSv1.2 a Finished message always comes immediately after a CCS
except in the case of NPN where there is an additional message between
the CCS and Finished. Historically we always calculated the Finished MAC
when we processed the CCS. However to deal with NPN we also calculated it
when we receive the Finished message. Really this should only have been
done if we hand negotiated NPN.

This simplifies the code to only calculate the MAC when we receive the
Finished. In 1.1.1 we need to do it this way anyway because there is no
CCS (except in middlebox compat mode) in TLSv1.3.

Coincidentally, this commit also fixes the fact that no-nextprotoneg does
not currently work in master.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5285)

ssl/s3_msg.c		diff \| blob \| history
ssl/statem/statem_dtls.c		diff \| blob \| history
ssl/statem/statem_lib.c		diff \| blob \| history
ssl/statem/statem_locl.h		diff \| blob \| history