From: Matt Caswell Date: Mon, 20 Mar 2017 18:03:34 +0000 (+0000) Subject: Fix resumption after HRR X-Git-Tag: OpenSSL_1_1_1-pre1~1976 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=77815a026cbedbb7b9a89558612f69e6294fe1ea;p=openssl Fix resumption after HRR Commit 6b1bb98fa moved the processing of ClientHello extensions into the state machine post-processing stage. After processing s->init_num is reset to 0, so by post-processing we cannot rely on its value. Unfortunately we were using it to handle the PSK extension. This causes the handshake to fail. We were using init_num to figure out the length of ClientHello2 so we can remove it from the handshake_buffer. The handshake_buffer holds the transcript of all the messages sent so far. For PSK processing though we only want to add in a partial ClientHello2. This commit changes things so we just work out where ClientHello2 starts, working forward from the beginning of handshake_buffer. Fixes #2983 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2996) --- diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index d0b15d576a..9cdb263ee3 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -1242,11 +1242,18 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, * ClientHello - which we don't want - so we need to take that bit off. */ if (s->server) { - if (hdatalen < s->init_num + SSL3_HM_HEADER_LENGTH) { + PACKET hashprefix, msg; + + /* Find how many bytes are left after the first two messages */ + if (!PACKET_buf_init(&hashprefix, hdata, hdatalen) + || !PACKET_forward(&hashprefix, 1) + || !PACKET_get_length_prefixed_3(&hashprefix, &msg) + || !PACKET_forward(&hashprefix, 1) + || !PACKET_get_length_prefixed_3(&hashprefix, &msg)) { SSLerr(SSL_F_TLS_PSK_DO_BINDER, ERR_R_INTERNAL_ERROR); goto err; } - hdatalen -= s->init_num + SSL3_HM_HEADER_LENGTH; + hdatalen -= PACKET_remaining(&hashprefix); } if (EVP_DigestUpdate(mctx, hdata, hdatalen) <= 0) {