CVSROOT: /cvs
Module name: src
Changes by: js...@cvs.openbsd.org 2018/11/21 08:13:29
Modified files:
lib/libssl : ssl_clnt.c ssl_locl.h ssl_srvr.c t1_hash.c
Log message:
Fix DTLS transcript handling for HelloVerifyRequest.
If DTLS sees a HelloVerifyRequest the transcript is reset - the previous
tls1_init_finished_mac() function could be called multiple times and would
discard any existing state. The replacement tls1_transcript_init() is more
strict and fails if a transcript already exists.
Provide an explicit tls1_transcript_reset() function and call it from the
appropriate places. This also lets us make DTLS less of a special snowflake
and call tls1_transcript_init() in the same place as used for TLS.
ok beck@ tb@
