![Please Enable Javascript]()
{"schema":"libjg2-1",
"vpath":"/git/",
"avatar":"/git/avatar/",
"alang":"",
"gen_ut":1752650508,
"reponame":"openssl",
"desc":"OpenSSL",
"owner": { "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" },"url":"https://warmcat.com/repo/openssl",
"f":3,
"items": [
{"schema":"libjg2-1",
"cid":"350f3e34467079c998fe3a0a08ce5d66",
"commit": {"type":"commit",
"time": 1500393577,
"time_ofs": 60,
"oid_tree": { "oid": "b926435776b9b12e8992be820d7aa361bff1a278", "alias": []},
"oid":{ "oid": "00848ea842f911dac4e10bb39a08bb4b6de9e66a", "alias": []},
"msg": "Tolerate a zero length ticket nonce",
"sig_commit": { "git_time": { "time": 1500393577, "offset": 60 }, "name": "Matt Caswell", "email": "matt@openssl.org", "md5": "10f7b441a32d5790efad9fc68cae4af2" },
"sig_author": { "git_time": { "time": 1500390680, "offset": 60 }, "name": "Matt Caswell", "email": "matt@openssl.org", "md5": "10f7b441a32d5790efad9fc68cae4af2" }},
"body": "Tolerate a zero length ticket nonce\n\nTLSv1.3 draft-21 requires the ticket nonce to be at least 1 byte in length.\nHowever NSS sends a zero length nonce. This is actually ok because the next\ndraft will allow zero length nonces anyway, so we should tolerate this.\n\nReviewed-by: Rich Salz \u003crsalz@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/3957)\n"
,
"diff": "diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c\nindex 9e25a3e..ab9f0d3 100644\n--- a/ssl/statem/extensions.c\n+++ b/ssl/statem/extensions.c\n@@ -1259,10 +1259,6 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,\n if (external) {\n psk \u003d sess-\u003emaster_key;\n } else {\n- if (sess-\u003eext.tick_nonce \u003d\u003d NULL) {\n- SSLerr(SSL_F_TLS_PSK_DO_BINDER, SSL_R_BAD_PSK);\n- goto err;\n- }\n psk \u003d tmppsk;\n if (!tls13_hkdf_expand(s, md, sess-\u003emaster_key,\n (const unsigned char *)nonce_label,\ndiff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c\nindex ed9bd5c..cef0df8 100644\n--- a/ssl/statem/statem_clnt.c\n+++ b/ssl/statem/statem_clnt.c\n@@ -2429,7 +2429,6 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)\n || (SSL_IS_TLS13(s)\n \u0026\u0026 (!PACKET_get_net_4(pkt, \u0026age_add)\n || !PACKET_get_length_prefixed_1(pkt, \u0026nonce)\n- || PACKET_remaining(\u0026nonce) \u003d\u003d 0\n || !PACKET_memdup(\u0026nonce, \u0026s-\u003esession-\u003eext.tick_nonce,\n \u0026s-\u003esession-\u003eext.tick_nonce_len)))\n || !PACKET_get_net_2(pkt, \u0026ticklen)\n","s":{"c":1752650508,"u": 44364}}
],"g": 45271,"chitpc": 0,"ehitpc": 0,"indexed":0
,
"ab": 0, "si": 0, "db":0, "di":0, "sat":0, "lfc": "0000"}