Fix bug in TLSv1.3 PSK processing

author Matt Caswell <matt@openssl.org>

Tue, 5 Dec 2017 13:36:13 +0000 (13:36 +0000)

committer Matt Caswell <matt@openssl.org>

Wed, 6 Dec 2017 14:56:28 +0000 (14:56 +0000)
author Matt Caswell <matt@openssl.org>
Tue, 5 Dec 2017 13:36:13 +0000 (13:36 +0000)
committer Matt Caswell <matt@openssl.org>
Wed, 6 Dec 2017 14:56:28 +0000 (14:56 +0000)
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c

index c626ba61c7a3d9816fc44ab092ddecf61787cdc4..b07376fe9e6a7387c956bb704d6f32c3bd12b2b0 100644 (file)
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -850,11 +850,14 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
          }
      }
  
-    if (PACKET_remaining(&binder) != hashsize
-            || tls_psk_do_binder(s, md,
-                                 (const unsigned char *)s->init_buf->data,
-                                 binderoffset, PACKET_data(&binder), NULL,
-                                 sess, 0, ext) != 1) {
+    if (PACKET_remaining(&binder) != hashsize) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_PSK,
+                 SSL_R_BAD_EXTENSION);
+        goto err;
+    }
+    if (tls_psk_do_binder(s, md, (const unsigned char *)s->init_buf->data,
+                          binderoffset, PACKET_data(&binder), NULL, sess, 0,
+                          ext) != 1) {
          /* SSLfatal() already called */
          goto err;
      }
author	Matt Caswell <matt@openssl.org>
	Tue, 5 Dec 2017 13:36:13 +0000 (13:36 +0000)
committer	Matt Caswell <matt@openssl.org>
	Wed, 6 Dec 2017 14:56:28 +0000 (14:56 +0000)