Update note about hardcoded verify_data_length

commit: 214a84889cfc8fd18ef08f72e4b9074b4f8472d6 [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Mon Feb 22 11:27:26 2016 +0100
committer: Simon Butcher <simon.butcher@arm.com> Wed Mar 09 19:32:08 2016 +0000
tree: eb475e899c38e43fe88171c1b5a6406df72a12f8
parent: 967994a05ed52cf19e5d88b14b6d1ba5a20dec58 [diff] [blame]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 0c1a7cc..afbcdd9 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -5011,7 +5011,12 @@
 
     ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, ssl->conf->endpoint );
 
-    // TODO TLS/1.2 Hash length is determined by cipher suite (Page 63)
+    /*
+     * RFC 5246 7.4.9 (Page 63) says 12 is the default length and ciphersuites
+     * may define some other value. Currently (early 2016), no defined
+     * ciphersuite does this (and this is unlikely to change as activity has
+     * moved to TLS 1.3 now) so we can keep the hardcoded 12 here.
+     */
     hash_len = ( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) ? 36 : 12;
 
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
commit	214a84889cfc8fd18ef08f72e4b9074b4f8472d6	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Mon Feb 22 11:27:26 2016 +0100
committer	Simon Butcher <simon.butcher@arm.com>	Wed Mar 09 19:32:08 2016 +0000
tree	eb475e899c38e43fe88171c1b5a6406df72a12f8
parent	967994a05ed52cf19e5d88b14b6d1ba5a20dec58 [diff] [blame]