Commit 2894e9cb authored by Matt Caswell's avatar Matt Caswell
Browse files

Fix bug in TLSv1.3 PSK processing 



The recent SSL error overhaul left a case where an error occurs but
SSLfatal() is not called.

Credit to OSSfuzz for finding this issue.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4847)
parent 723a7c5a

ssl/statem/extensions_srvr.c

+8 −5
Original line number Diff line number Diff line
@@ -850,11 +850,14 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, 
        }

    }



    if (PACKET_remaining(&binder) != hashsize

            || tls_psk_do_binder(s, md,

                                 (const unsigned char *)s->init_buf->data,

                                 binderoffset, PACKET_data(&binder), NULL,

                                 sess, 0, ext) != 1) {

    if (PACKET_remaining(&binder) != hashsize) {

        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_PSK,

                 SSL_R_BAD_EXTENSION);

        goto err;

    }

    if (tls_psk_do_binder(s, md, (const unsigned char *)s->init_buf->data,

                          binderoffset, PACKET_data(&binder), NULL, sess, 0,

                          ext) != 1) {

        /* SSLfatal() already called */

        goto err;

    }