Grow init_buf before stashing a handshake message for the legacy stack.

When transitioning from the TLSv1.3 stack to the legacy stack, grow
init_buf before stashing the handshake message. The TLSv1.3 stack has
already received the handshake message (potentially from multiple TLS
records) and validated its size, however the default allocation is only
for a single plaintext record, which can result in the handshake message
failing to fit in certain cases.

Issue noted by tb@ via tlsfuzzer.

ok tb@

1 files changed, 3 insertions, 1 deletions

diff --git a/src/lib/libssl/tls13_legacy.c b/src/lib/libssl/tls13_legacy.c
index 943e2db9a1..a9a7fff3e0 100644
--- a/src/lib/libssl/tls13_legacy.c
+++ b/src/lib/libssl/tls13_legacy.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_legacy.c,v 1.16 2020/10/11 02:22:27 jsing Exp $ */
+/*      $OpenBSD: tls13_legacy.c,v 1.17 2020/10/11 02:59:47 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -340,6 +340,8 @@ tls13_use_legacy_stack(struct tls13_ctx *ctx)
 
         /* Stash the current handshake message. */
         tls13_handshake_msg_data(ctx->hs_msg, &cbs);
+        if (!BUF_MEM_grow_clean(s->internal->init_buf, CBS_len(&cbs)))
+                goto err;
         if (!CBS_write_bytes(&cbs, s->internal->init_buf->data,
             s->internal->init_buf->length, NULL))
                 goto err;