CVSROOT: /cvs Module name: src Changes by: js...@cvs.openbsd.org 2018/11/21 08:13:29
Modified files: lib/libssl : ssl_clnt.c ssl_locl.h ssl_srvr.c t1_hash.c Log message: Fix DTLS transcript handling for HelloVerifyRequest. If DTLS sees a HelloVerifyRequest the transcript is reset - the previous tls1_init_finished_mac() function could be called multiple times and would discard any existing state. The replacement tls1_transcript_init() is more strict and fails if a transcript already exists. Provide an explicit tls1_transcript_reset() function and call it from the appropriate places. This also lets us make DTLS less of a special snowflake and call tls1_transcript_init() in the same place as used for TLS. ok beck@ tb@