CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2026/05/09 05:45:50
Modified files:
lib/libssl : ssl_tlsext.c
Log message:
libssl: record extension lengths in ClientHello hashing
The ClientHello hash is intended to ensure that the second CH after an HRR
only makes the allowed changes to the TLS extensiosn by recording message
type followed by the raw extension data if it must remain unchanged.
This makes it possible (in principle) that part of free form extension
data is confused with type (and length) information of a subsequent
extension.
Recording the length after the type prevents such a confusion and fixes
the framing of the extensions.
Found by Frank Denis
ok jsing
