Stop deriving peer finished twice for TLSv1.2.

We already derive the peer finished in ssl3_do_change_cipher_spec(), which
DTLS relies on. In the case of TLS we've been doing it twice - once in
ssl3_get_message() and once in ssl3_do_change_cipher_spec().

ok tb@

diff --git a/lib/libssl/ssl_both.c b/lib/libssl/ssl_both.c
index fe04f80..c133449 100644 (file)
--- a/lib/libssl/ssl_both.c
+++ b/lib/libssl/ssl_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_both.c,v 1.29 2021/04/25 13:15:22 jsing Exp $ */
+/* $OpenBSD: ssl_both.c,v 1.30 2021/05/02 15:55:29 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -511,17 +511,6 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
                n -= i;
        }
 
-       /*
-        * If receiving Finished, record MAC of prior handshake messages for
-        * Finished verification.
-        */
-       if (*s->internal->init_buf->data == SSL3_MT_FINISHED) {
-               if (S3I(s)->hs.cipher != NULL) {
-                       if (!tls12_derive_peer_finished(s))
-                               goto err;
-               }
-       }
-
        /* Feed this message into MAC computation. */
        if (s->internal->mac_packet) {
                tls1_transcript_record(s, (unsigned char *)s->internal->init_buf->data,