Commit 635b7d3f authored by Matt Caswell's avatar Matt Caswell
Browse files

Updates following review feedback 



Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895)
parent c35cb287

ssl/statem/statem_lib.c

+4 −6
Original line number Diff line number Diff line
@@ -1881,12 +1881,9 @@ int create_synthetic_message_hash(SSL *s) 
{

    unsigned char hashval[EVP_MAX_MD_SIZE];

    size_t hashlen = 0;

    unsigned char msghdr[SSL3_HM_HEADER_LENGTH] = {

        SSL3_MT_MESSAGE_HASH,

        0,

        0,

        0

    };

    unsigned char msghdr[SSL3_HM_HEADER_LENGTH];



    memset(msghdr, 0, sizeof(msghdr));



    /* Get the hash of the initial ClientHello */

    if (!ssl3_digest_cached_records(s, 0)
@@ -1900,6 +1897,7 @@ int create_synthetic_message_hash(SSL *s) 
        return 0;



    /* Inject the synthetic message_hash message */

    msghdr[0] = SSL3_MT_MESSAGE_HASH;

    msghdr[SSL3_HM_HEADER_LENGTH - 1] = hashlen;

    if (!ssl3_finish_mac(s, msghdr, SSL3_HM_HEADER_LENGTH)

            || !ssl3_finish_mac(s, hashval, hashlen)) {

ssl/statem/statem_srvr.c

+1 −1
Original line number Diff line number Diff line
@@ -1534,7 +1534,7 @@ static int tls_early_post_process_client_hello(SSL *s, int *al) 
        goto err;

    }



    /* TLSv1.3 defines that a ClientHello must end on a record boundary */

    /* TLSv1.3 specifies that a ClientHello must end on a record boundary */

    if (SSL_IS_TLS13(s) && RECORD_LAYER_processed_read_pending(&s->rlayer)) {

        *al = SSL_AD_UNEXPECTED_MESSAGE;

        SSLerr(SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,