mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-21 09:23:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

Tolerate a zero length ticket nonce

Browse Source 
TLSv1.3 draft-21 requires the ticket nonce to be at least 1 byte in length.
However NSS sends a zero length nonce. This is actually ok because the next
draft will allow zero length nonces anyway, so we should tolerate this.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3957)
This commit is contained in:
Matt Caswell 2017-07-18 16:11:20 +01:00
parent 6b84e6bf19
commit 00848ea842
2 changed files with 0 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ssl/statem/extensions.c
View File

@ -1259,10 +1259,6 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
if (external) {
psk = sess->master_key;
} else {
if (sess->ext.tick_nonce == NULL) {
SSLerr(SSL_F_TLS_PSK_DO_BINDER, SSL_R_BAD_PSK);
goto err;
}
psk = tmppsk;
if (!tls13_hkdf_expand(s, md, sess->master_key,
(const unsigned char *)nonce_label,

1
ssl/statem/statem_clnt.c
View File

@ -2429,7 +2429,6 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
|| (SSL_IS_TLS13(s)
&& (!PACKET_get_net_4(pkt, &age_add)
|| !PACKET_get_length_prefixed_1(pkt, &nonce)
|| PACKET_remaining(&nonce) == 0
|| !PACKET_memdup(&nonce, &s->session->ext.tick_nonce,
&s->session->ext.tick_nonce_len)))
|| !PACKET_get_net_2(pkt, &ticklen)