summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFrederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>2023-10-16 10:43:17 +0200
committerMatt Caswell <matt@openssl.org>2024-04-23 11:57:05 +0100
commitc88ec0c693be00c21b7c4ca962adf9dec4107590 (patch)
treeb1f53a03e9300117ec38808b514d9055d9754ff3
parent0aae70fc384cce08b7760c7fb560b9d733d86595 (diff)
Make similar changes to dtls1_do_write() for dtls1.3 as in ssl3_do_write() for tls1.3
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22360)
Diffstat
-rw-r--r--ssl/statem/statem_dtls.c16
1 files changed, 13 insertions, 3 deletions
diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c
index b37ac80a60..97b1af1c0e 100644
--- a/ssl/statem/statem_dtls.c
+++ b/ssl/statem/statem_dtls.c
@@ -285,9 +285,19 @@ int dtls1_do_write(SSL_CONNECTION *s, uint8_t type)
p += DTLS1_HM_HEADER_LENGTH;
xlen = written - DTLS1_HM_HEADER_LENGTH;
}
-
- if (!ssl3_finish_mac(s, p, xlen))
- return -1;
+ /*
+ * should not be done for 'Hello Request's, but in that case we'll
+ * ignore the result anyway
+ * DTLS1.3 KeyUpdate and NewSessionTicket do not need to be added
+ */
+ if (!SSL_CONNECTION_IS_DTLS13(s)
+ || (s->statem.hand_state != TLS_ST_SW_SESSION_TICKET
+ && s->statem.hand_state != TLS_ST_CW_KEY_UPDATE
+ && s->statem.hand_state != TLS_ST_SW_KEY_UPDATE)) {
+ if (!ssl3_finish_mac(s, p, xlen)) {
+ return -1;
+ }
+ }
}
if (written == s->init_num) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-21 08:23:01 +0000