diff options
author | Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk> | 2023-10-16 10:43:17 +0200 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2024-04-23 11:57:05 +0100 |
commit | c88ec0c693be00c21b7c4ca962adf9dec4107590 (patch) | |
tree | b1f53a03e9300117ec38808b514d9055d9754ff3 | |
parent | 0aae70fc384cce08b7760c7fb560b9d733d86595 (diff) |
Make similar changes to dtls1_do_write() for dtls1.3 as in ssl3_do_write() for tls1.3
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22360)
-rw-r--r-- | ssl/statem/statem_dtls.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c index b37ac80a60..97b1af1c0e 100644 --- a/ssl/statem/statem_dtls.c +++ b/ssl/statem/statem_dtls.c @@ -285,9 +285,19 @@ int dtls1_do_write(SSL_CONNECTION *s, uint8_t type) p += DTLS1_HM_HEADER_LENGTH; xlen = written - DTLS1_HM_HEADER_LENGTH; } - - if (!ssl3_finish_mac(s, p, xlen)) - return -1; + /* + * should not be done for 'Hello Request's, but in that case we'll + * ignore the result anyway + * DTLS1.3 KeyUpdate and NewSessionTicket do not need to be added + */ + if (!SSL_CONNECTION_IS_DTLS13(s) + || (s->statem.hand_state != TLS_ST_SW_SESSION_TICKET + && s->statem.hand_state != TLS_ST_CW_KEY_UPDATE + && s->statem.hand_state != TLS_ST_SW_KEY_UPDATE)) { + if (!ssl3_finish_mac(s, p, xlen)) { + return -1; + } + } } if (written == s->init_num) { |