Skip to content

Commit

Permalink
Make similar changes to dtls1_do_write() for dtls1.3 as in ssl3_do_wr…
Browse files Browse the repository at this point in the history 
…ite() for tls1.3

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from #22360)
  • Loading branch information
@fwh-dc @mattcaswell
fwh-dc authored and mattcaswell committed Apr 22, 2024
1 parent 5e081ca commit de51f15
Showing 1 changed file with 13 additions and 3 deletions.
16 changes: 13 additions & 3 deletions ssl/statem/statem_dtls.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -285,9 +285,19 @@ int dtls1_do_write(SSL_CONNECTION *s, uint8_t type)
p += DTLS1_HM_HEADER_LENGTH;
xlen = written - DTLS1_HM_HEADER_LENGTH;
}

if (!ssl3_finish_mac(s, p, xlen))
return -1;
/*
* should not be done for 'Hello Request's, but in that case we'll
* ignore the result anyway
* DTLS1.3 KeyUpdate and NewSessionTicket do not need to be added
*/
if (!SSL_CONNECTION_IS_DTLS13(s)
|| (s->statem.hand_state != TLS_ST_SW_SESSION_TICKET
&& s->statem.hand_state != TLS_ST_CW_KEY_UPDATE
&& s->statem.hand_state != TLS_ST_SW_KEY_UPDATE)) {
if (!ssl3_finish_mac(s, p, xlen)) {
return -1;
}
}
}

if (written == s->init_num) {
Expand Down

0 comments on commit de51f15

Please sign in to comment.