summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ssl/statem/extensions.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 0ab1f0494c..8550dfe22e 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -1191,11 +1191,18 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
* ClientHello - which we don't want - so we need to take that bit off.
*/
if (s->server) {
- if (hdatalen < s->init_num + SSL3_HM_HEADER_LENGTH) {
+ PACKET hashprefix, msg;
+
+ /* Find how many bytes are left after the first two messages */
+ if (!PACKET_buf_init(&hashprefix, hdata, hdatalen)
+ || !PACKET_forward(&hashprefix, 1)
+ || !PACKET_get_length_prefixed_3(&hashprefix, &msg)
+ || !PACKET_forward(&hashprefix, 1)
+ || !PACKET_get_length_prefixed_3(&hashprefix, &msg)) {
SSLerr(SSL_F_TLS_PSK_DO_BINDER, ERR_R_INTERNAL_ERROR);
goto err;
}
- hdatalen -= s->init_num + SSL3_HM_HEADER_LENGTH;
+ hdatalen -= PACKET_remaining(&hashprefix);
}
if (EVP_DigestUpdate(mctx, hdata, hdatalen) <= 0) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-24 22:02:28 +0000