Fix DTLS transcript handling for HelloVerifyRequest. - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	jsing <>	2018-11-21 15:13:29 +0000
committer	jsing <>	2018-11-21 15:13:29 +0000
commit	ab91451e6ebf1260022c78c25a334e437c04d78e (patch)
tree	7992535c747d2aff7dd9a131f8fc65ad2af3636d /src/lib/libcrypto/dsa/dsa.h
parent	1b50b4396296c64d8937c2ec1c7ed2eb5547cf91 (diff)
download	openbsd-ab91451e6ebf1260022c78c25a334e437c04d78e.tar.gz openbsd-ab91451e6ebf1260022c78c25a334e437c04d78e.tar.bz2 openbsd-ab91451e6ebf1260022c78c25a334e437c04d78e.zip

Fix DTLS transcript handling for HelloVerifyRequest.

If DTLS sees a HelloVerifyRequest the transcript is reset - the previous tls1_init_finished_mac() function could be called multiple times and would discard any existing state. The replacement tls1_transcript_init() is more strict and fails if a transcript already exists. Provide an explicit tls1_transcript_reset() function and call it from the appropriate places. This also lets us make DTLS less of a special snowflake and call tls1_transcript_init() in the same place as used for TLS. ok beck@ tb@

Diffstat (limited to 'src/lib/libcrypto/dsa/dsa.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: