From 2f89d7839a55a48505ab2b34d0fe67064819920f Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sun, 2 May 2021 15:55:29 +0000
Subject: Stop deriving peer finished twice for TLSv1.2.

We already derive the peer finished in ssl3_do_change_cipher_spec(), which
DTLS relies on. In the case of TLS we've been doing it twice - once in
ssl3_get_message() and once in ssl3_do_change_cipher_spec().

ok tb@
---
 src/lib/libssl/ssl_both.c | 13 +------------
 1 file changed, 1 insertion(+), 12 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libssl/ssl_both.c b/src/lib/libssl/ssl_both.c
index fe04f809b0..c133449a6d 100644
--- a/src/lib/libssl/ssl_both.c
+++ b/src/lib/libssl/ssl_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_both.c,v 1.29 2021/04/25 13:15:22 jsing Exp $ */
+/* $OpenBSD: ssl_both.c,v 1.30 2021/05/02 15:55:29 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -511,17 +511,6 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
 		n -= i;
 	}
 
-	/*
-	 * If receiving Finished, record MAC of prior handshake messages for
-	 * Finished verification.
-	 */
-	if (*s->internal->init_buf->data == SSL3_MT_FINISHED) {
-		if (S3I(s)->hs.cipher != NULL) {
-			if (!tls12_derive_peer_finished(s))
-				goto err;
-		}
-	}
-
 	/* Feed this message into MAC computation. */
 	if (s->internal->mac_packet) {
 		tls1_transcript_record(s, (unsigned char *)s->internal->init_buf->data,
-- 
cgit v1.2.3-55-g6feb