From 2f97192c78928ab2b2d44ac2f4859c321f57fd1f Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Mon, 26 Sep 2016 15:31:20 +0100
Subject: [PATCH] Fix a bug in Renegotiation extension construction

The conversion to WPACKET broke the construction of the renegotiation
extension.

Reviewed-by: Rich Salz <rsalz@openssl.org>
---
 ssl/t1_lib.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 4733bff3a3..40932fa985 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1040,8 +1040,10 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al)
     /* Add RI if renegotiating */
     if (s->renegotiate) {
         if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_renegotiate)
-                || !WPACKET_sub_memcpy_u16(pkt, s->s3->previous_client_finished,
-                                   s->s3->previous_client_finished_len)) {
+                || !WPACKET_start_sub_packet_u16(pkt)
+                || !WPACKET_sub_memcpy_u8(pkt, s->s3->previous_client_finished,
+                                   s->s3->previous_client_finished_len)
+                || !WPACKET_close(pkt)) {
             SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
             return 0;
         }
-- 
2.25.1