Ensure after an HRR any PSKs have the right hash

author Matt Caswell <matt@openssl.org>

Mon, 13 Mar 2017 16:09:47 +0000 (16:09 +0000)

committer Matt Caswell <matt@openssl.org>

Thu, 16 Mar 2017 14:20:38 +0000 (14:20 +0000)
author Matt Caswell <matt@openssl.org>
Mon, 13 Mar 2017 16:09:47 +0000 (16:09 +0000)
committer Matt Caswell <matt@openssl.org>
Thu, 16 Mar 2017 14:20:38 +0000 (14:20 +0000)
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c

index 59bc97421939b5d507c08d4be289280cb3ff87a7..84bfb3c265ed8e7e82f80e54d835fe82a6decbe0 100644 (file)
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -769,6 +769,14 @@ int tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, X509 *x,
          return 1;
      }
  
+    if (s->hello_retry_request && md != ssl_handshake_md(s)) {
+        /*
+         * Selected ciphersuite hash does not match the hash for the session so
+         * we can't use it.
+         */
+        return 1;
+    }
+
      /*
       * Technically the C standard just says time() returns a time_t and says
       * nothing about the encoding of that type. In practice most implementations
author	Matt Caswell <matt@openssl.org>
	Mon, 13 Mar 2017 16:09:47 +0000 (16:09 +0000)
committer	Matt Caswell <matt@openssl.org>
	Thu, 16 Mar 2017 14:20:38 +0000 (14:20 +0000)