Bug 1387306 - Restart the hashes more consistently, r=ekr NSS_TLS13_DRAFT19_BRANCH
authorMartin Thomson <martin.thomson@gmail.com>
Wed, 02 Aug 2017 16:22:17 +1000
branchNSS_TLS13_DRAFT19_BRANCH
changeset 13503 b7d4f0321b9bea91dbed884f0b5521ebc41166ed
parent 13495 36f70fdd3435063e9e8df7798ccda2581b6988ee
child 13506 867ef08a8ad7e2b590b008e65fe4ea78191d6224
push id2303
push usermartin.thomson@gmail.com
push dateFri, 04 Aug 2017 02:24:27 +0000
reviewersekr
bugs1387306
Bug 1387306 - Restart the hashes more consistently, r=ekr
lib/ssl/ssl3con.c
lib/ssl/tls13con.c
--- a/lib/ssl/ssl3con.c
+++ b/lib/ssl/ssl3con.c
@@ -11661,19 +11661,18 @@ ssl3_HandleHandshakeMessage(sslSocket *s
     PRUint16 epoch;
 
     PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
     PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
 
     SSL_TRC(30, ("%d: SSL3[%d]: handle handshake message: %s", SSL_GETPID(),
                  ss->fd, ssl3_DecodeHandshakeType(ss->ssl3.hs.msg_type)));
 
-    /* Start new handshake hashes when we start a new handshake.  Unless this is
-     * TLS 1.3 and we sent a HelloRetryRequest. */
-    if (ss->ssl3.hs.msg_type == ssl_hs_client_hello && !ss->ssl3.hs.helloRetry) {
+    /* Start new handshake hashes when we start a new handshake. */
+    if (ss->ssl3.hs.msg_type == ssl_hs_client_hello) {
         ssl3_RestartHandshakeHashes(ss);
     }
     switch (ss->ssl3.hs.msg_type) {
         case ssl_hs_hello_request:
         case ssl_hs_hello_verify_request:
             /* We don't include hello_request and hello_verify_request messages
              * in the handshake hashes */
             break;
--- a/lib/ssl/tls13con.c
+++ b/lib/ssl/tls13con.c
@@ -1634,20 +1634,16 @@ tls13_SendHelloRetryRequest(sslSocket *s
     ss->ssl3.hs.helloRetry = PR_TRUE;
 
     /* We received early data but have to ignore it because we sent a retry. */
     if (ss->ssl3.hs.zeroRttState == ssl_0rtt_sent) {
         ss->ssl3.hs.zeroRttState = ssl_0rtt_ignored;
         ss->ssl3.hs.zeroRttIgnore = ssl_0rtt_ignore_hrr;
     }
 
-    /* Restart the handshake hashes because we will refresh them when we
-     * get ClientHello2 again. */
-    ssl3_RestartHandshakeHashes(ss);
-
     return SECSuccess;
 
 loser:
     sslBuffer_Clear(&messageBuf);
     ssl_ReleaseXmitBufLock(ss);
     return SECFailure;
 }