git.openssl.org Git - openssl.git/commit

author	Matt Caswell <matt@openssl.org>
	Mon, 20 Mar 2017 18:03:34 +0000 (18:03 +0000)
committer	Matt Caswell <matt@openssl.org>
	Tue, 21 Mar 2017 10:00:44 +0000 (10:00 +0000)
commit	77815a026cbedbb7b9a89558612f69e6294fe1ea
tree	37e67930c8a00abf0b598e5b70cfddbdf548364b	tree \| snapshot
parent	9ea6d56d044a95459e563abdc85aed26149e6ee9	commit \| diff

Fix resumption after HRR

Commit 6b1bb98fa moved the processing of ClientHello extensions into the
state machine post-processing stage. After processing s->init_num is reset
to 0, so by post-processing we cannot rely on its value. Unfortunately we
were using it to handle the PSK extension. This causes the handshake to
fail.

We were using init_num to figure out the length of ClientHello2 so we can
remove it from the handshake_buffer. The handshake_buffer holds the
transcript of all the messages sent so far. For PSK processing though we
only want to add in a partial ClientHello2. This commit changes things so
we just work out where ClientHello2 starts, working forward from the
beginning of handshake_buffer.

Fixes #2983

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2996)