diff options
| author | Matt Caswell <matt@openssl.org> | 2018-02-08 14:48:51 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2018-02-09 15:27:32 +0000 |
| commit | 5d671101739f9e9b259126375a9e8b2fa42ac45f (patch) | |
| tree | cee4d20075e4ad2b05fe59d0a8f431fa053fe15b /ssl/s3_msg.c | |
| parent | 368297d17352c7eb30efff443509caf7cf59f65f (diff) | |
Don't calculate the Finished MAC twice
In <= TLSv1.2 a Finished message always comes immediately after a CCS
except in the case of NPN where there is an additional message between
the CCS and Finished. Historically we always calculated the Finished MAC
when we processed the CCS. However to deal with NPN we also calculated it
when we receive the Finished message. Really this should only have been
done if we hand negotiated NPN.
This simplifies the code to only calculate the MAC when we receive the
Finished. In 1.1.1 we need to do it this way anyway because there is no
CCS (except in middlebox compat mode) in TLSv1.3.
Coincidentally, this commit also fixes the fact that no-nextprotoneg does
not currently work in master.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5285)
Diffstat (limited to 'ssl/s3_msg.c')
| -rw-r--r-- | ssl/s3_msg.c | 23 |
1 files changed, 0 insertions, 23 deletions
diff --git a/ssl/s3_msg.c b/ssl/s3_msg.c index 5e6e7c4428..6e102a14fd 100644 --- a/ssl/s3_msg.c +++ b/ssl/s3_msg.c @@ -12,9 +12,6 @@ int ssl3_do_change_cipher_spec(SSL *s) { int i; - size_t finish_md_len; - const char *sender; - size_t slen; if (s->server) i = SSL3_CHANGE_CIPHER_SERVER_READ; @@ -36,26 +33,6 @@ int ssl3_do_change_cipher_spec(SSL *s) if (!s->method->ssl3_enc->change_cipher_state(s, i)) return 0; - /* - * we have to record the message digest at this point so we can get it - * before we read the finished message - */ - if (!s->server) { - sender = s->method->ssl3_enc->server_finished_label; - slen = s->method->ssl3_enc->server_finished_label_len; - } else { - sender = s->method->ssl3_enc->client_finished_label; - slen = s->method->ssl3_enc->client_finished_label_len; - } - - finish_md_len = s->method->ssl3_enc->final_finish_mac(s, sender, slen, - s->s3->tmp.peer_finish_md); - if (finish_md_len == 0) { - SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR); - return 0; - } - s->s3->tmp.peer_finish_md_len = finish_md_len; - return 1; } |