From e04ca894aa08b4b01dbc7ead7524d8026ce8f3be Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sun, 5 Mar 2017 14:39:53 +0000
Subject: Provide a rolling handshake hash that commences as soon as the cipher
 suite has been selected, and convert the final finish MAC to use this
 handshake hash.

This is a first step towards cleaning up the current handshake
buffer/digest code.

ok beck@ inoguchi@
---
 src/lib/libssl/ssl_srvr.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'src/lib/libssl/ssl_srvr.c')

diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 09ea657174..a48cf246da 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.9 2017/03/05 14:24:12 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.10 2017/03/05 14:39:53 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1045,6 +1045,9 @@ ssl3_get_client_hello(SSL *s)
 		S3I(s)->tmp.new_cipher = s->session->cipher;
 	}
 
+	if (!tls1_handshake_hash_init(s))
+		goto err;
+
 	alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;
 	if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) ||
 	    !(s->verify_mode & SSL_VERIFY_PEER)) {
-- 
cgit v1.2.3-55-g6feb