Sanitize use of client_opaque_prf_input: set it to NULL immediately after

free()ing it, rather than in conditional code. Also do not bother setting server_opaque_prf_input (server, not client) to NULL in conditional code 10 lines after explicitely free()ing it and setting it to NULL (were the developers afraid of zombie pointers?) ok guenther@
author: miod <> 2014-06-04 21:05:30 +0000
committer: miod <> 2014-06-04 21:05:30 +0000
commit: 5e2731501137a3bdb1c9a5b0ef6a691daa72ad6d (patch)
tree: ceca9740dc0af30a4f552a6cbf0c0e2aedfc4f6f /src/lib
parent: 98cd07cb773373d61f700f7305f402159b70ed45 (diff)
download: openbsd-5e2731501137a3bdb1c9a5b0ef6a691daa72ad6d.tar.gz
openbsd-5e2731501137a3bdb1c9a5b0ef6a691daa72ad6d.tar.bz2
openbsd-5e2731501137a3bdb1c9a5b0ef6a691daa72ad6d.zip
2 files changed, 44 insertions, 36 deletions
diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c
index a18032b9c8..e46e2530e3 100644
--- a/src/lib/libssl/src/ssl/t1_lib.c
+++ b/src/lib/libssl/src/ssl/t1_lib.c
@@ -1147,10 +1147,9 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
                        }
                        free(s->s3->client_opaque_prf_input);
+                        s->s3->client_opaque_prf_input = NULL;
-                        if (s->s3->client_opaque_prf_input_len == 0)
+                        if (s->s3->client_opaque_prf_input_len != 0) {
-                                s->s3->client_opaque_prf_input = NULL;
-                        else {
                                s->s3->client_opaque_prf_input =
                                    BUF_memdup(sdata,
                                      s->s3->client_opaque_prf_input_len);
@@ -1615,16 +1614,16 @@ ssl_prepare_clienthello_tlsext(SSL *s)
                int r = 1;
                if (s->ctx->tlsext_opaque_prf_input_callback != 0) {
-                        r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, s->ctx->tlsext_opaque_prf_input_callback_arg);
+                        r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0,
+                            s->ctx->tlsext_opaque_prf_input_callback_arg);
                        if (!r)
                                return -1;
                }
                if (s->tlsext_opaque_prf_input != NULL) {
                        free(s->s3->client_opaque_prf_input);
-                        if (s->tlsext_opaque_prf_input_len == 0)
+                        s->s3->client_opaque_prf_input = NULL;
-                                s->s3->client_opaque_prf_input = NULL;
+                        if (s->tlsext_opaque_prf_input_len != 0) {
-                        else {
                                s->s3->client_opaque_prf_input =
                                    BUF_memdup(s->tlsext_opaque_prf_input,
                                      s->tlsext_opaque_prf_input_len);
@@ -1634,7 +1633,8 @@ ssl_prepare_clienthello_tlsext(SSL *s)
                                        return -1;
                                }
                        }
-                        s->s3->client_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;
+                        s->s3->client_opaque_prf_input_len =
+                            s->tlsext_opaque_prf_input_len;
                }
                if (r == 2) {
@@ -1704,7 +1704,8 @@ ssl_check_clienthello_tlsext_early(SSL *s)
                int r = 1;
                if (s->ctx->tlsext_opaque_prf_input_callback != 0) {
-                        r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, s->ctx->tlsext_opaque_prf_input_callback_arg);
+                        r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0,
+                            s->ctx->tlsext_opaque_prf_input_callback_arg);
                        if (!r) {
                                ret = SSL_TLSEXT_ERR_ALERT_FATAL;
                                al = SSL_AD_INTERNAL_ERROR;
@@ -1717,13 +1718,14 @@ ssl_check_clienthello_tlsext_early(SSL *s)
                if (s->tlsext_opaque_prf_input != NULL) {
                        if (s->s3->client_opaque_prf_input != NULL &&
-                            s->s3->client_opaque_prf_input_len == s->tlsext_opaque_prf_input_len) {
+                            s->s3->client_opaque_prf_input_len ==
-                                /* can only use this extension if we have a server opaque PRF input
+                              s->tlsext_opaque_prf_input_len) {
-                                 * of the same length as the client opaque PRF input! */
+                                /*
+                                 * Can only use this extension if we have a
-                                if (s->tlsext_opaque_prf_input_len == 0)
+                                 * server opaque PRF input of the same length
-                                        s->s3->server_opaque_prf_input = NULL;
+                                 * as the client opaque PRF input!
-                                else {
+                                 */
+                                if (s->tlsext_opaque_prf_input_len != 0) {
                                        s->s3->server_opaque_prf_input =
                                            BUF_memdup(s->tlsext_opaque_prf_input,
                                              s->tlsext_opaque_prf_input_len);
@@ -1734,7 +1736,8 @@ ssl_check_clienthello_tlsext_early(SSL *s)
                                                goto err;
                                        }
                                }
-                                s->s3->server_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;
+                                s->s3->server_opaque_prf_input_len =
+                                    s->tlsext_opaque_prf_input_len;
                        }
                }
@@ -1877,7 +1880,8 @@ ssl_check_serverhello_tlsext(SSL *s)
                /* Anytime the server *has* sent an opaque PRF input, we need to check
                 * that we have a client opaque PRF input of the same size. */
                if (s->s3->client_opaque_prf_input == NULL ||
-                    s->s3->client_opaque_prf_input_len != s->s3->server_opaque_prf_input_len) {
+                    s->s3->client_opaque_prf_input_len !=
+                      s->s3->server_opaque_prf_input_len) {
                        ret = SSL_TLSEXT_ERR_ALERT_FATAL;
                        al = SSL_AD_ILLEGAL_PARAMETER;
                }
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index a18032b9c8..e46e2530e3 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1147,10 +1147,9 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
                        }
                        free(s->s3->client_opaque_prf_input);
+                        s->s3->client_opaque_prf_input = NULL;
-                        if (s->s3->client_opaque_prf_input_len == 0)
+                        if (s->s3->client_opaque_prf_input_len != 0) {
-                                s->s3->client_opaque_prf_input = NULL;
-                        else {
                                s->s3->client_opaque_prf_input =
                                    BUF_memdup(sdata,
                                      s->s3->client_opaque_prf_input_len);
@@ -1615,16 +1614,16 @@ ssl_prepare_clienthello_tlsext(SSL *s)
                int r = 1;
                if (s->ctx->tlsext_opaque_prf_input_callback != 0) {
-                        r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, s->ctx->tlsext_opaque_prf_input_callback_arg);
+                        r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0,
+                            s->ctx->tlsext_opaque_prf_input_callback_arg);
                        if (!r)
                                return -1;
                }
                if (s->tlsext_opaque_prf_input != NULL) {
                        free(s->s3->client_opaque_prf_input);
-                        if (s->tlsext_opaque_prf_input_len == 0)
+                        s->s3->client_opaque_prf_input = NULL;
-                                s->s3->client_opaque_prf_input = NULL;
+                        if (s->tlsext_opaque_prf_input_len != 0) {
-                        else {
                                s->s3->client_opaque_prf_input =
                                    BUF_memdup(s->tlsext_opaque_prf_input,
                                      s->tlsext_opaque_prf_input_len);
@@ -1634,7 +1633,8 @@ ssl_prepare_clienthello_tlsext(SSL *s)
                                        return -1;
                                }
                        }
-                        s->s3->client_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;
+                        s->s3->client_opaque_prf_input_len =
+                            s->tlsext_opaque_prf_input_len;
                }
                if (r == 2) {
@@ -1704,7 +1704,8 @@ ssl_check_clienthello_tlsext_early(SSL *s)
                int r = 1;
                if (s->ctx->tlsext_opaque_prf_input_callback != 0) {
-                        r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, s->ctx->tlsext_opaque_prf_input_callback_arg);
+                        r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0,
+                            s->ctx->tlsext_opaque_prf_input_callback_arg);
                        if (!r) {
                                ret = SSL_TLSEXT_ERR_ALERT_FATAL;
                                al = SSL_AD_INTERNAL_ERROR;
@@ -1717,13 +1718,14 @@ ssl_check_clienthello_tlsext_early(SSL *s)
                if (s->tlsext_opaque_prf_input != NULL) {
                        if (s->s3->client_opaque_prf_input != NULL &&
-                            s->s3->client_opaque_prf_input_len == s->tlsext_opaque_prf_input_len) {
+                            s->s3->client_opaque_prf_input_len ==
-                                /* can only use this extension if we have a server opaque PRF input
+                              s->tlsext_opaque_prf_input_len) {
-                                 * of the same length as the client opaque PRF input! */
+                                /*
+                                 * Can only use this extension if we have a
-                                if (s->tlsext_opaque_prf_input_len == 0)
+                                 * server opaque PRF input of the same length
-                                        s->s3->server_opaque_prf_input = NULL;
+                                 * as the client opaque PRF input!
-                                else {
+                                 */
+                                if (s->tlsext_opaque_prf_input_len != 0) {
                                        s->s3->server_opaque_prf_input =
                                            BUF_memdup(s->tlsext_opaque_prf_input,
                                              s->tlsext_opaque_prf_input_len);
@@ -1734,7 +1736,8 @@ ssl_check_clienthello_tlsext_early(SSL *s)
                                                goto err;
                                        }
                                }
-                                s->s3->server_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;
+                                s->s3->server_opaque_prf_input_len =
+                                    s->tlsext_opaque_prf_input_len;
                        }
                }
@@ -1877,7 +1880,8 @@ ssl_check_serverhello_tlsext(SSL *s)
                /* Anytime the server *has* sent an opaque PRF input, we need to check
                 * that we have a client opaque PRF input of the same size. */
                if (s->s3->client_opaque_prf_input == NULL ||
-                    s->s3->client_opaque_prf_input_len != s->s3->server_opaque_prf_input_len) {
+                    s->s3->client_opaque_prf_input_len !=
+                      s->s3->server_opaque_prf_input_len) {
                        ret = SSL_TLSEXT_ERR_ALERT_FATAL;
                        al = SSL_AD_ILLEGAL_PARAMETER;
                }
author	miod <>	2014-06-04 21:05:30 +0000
committer	miod <>	2014-06-04 21:05:30 +0000
commit	5e2731501137a3bdb1c9a5b0ef6a691daa72ad6d (patch)
tree	ceca9740dc0af30a4f552a6cbf0c0e2aedfc4f6f /src/lib
parent	98cd07cb773373d61f700f7305f402159b70ed45 (diff)
download	openbsd-5e2731501137a3bdb1c9a5b0ef6a691daa72ad6d.tar.gz openbsd-5e2731501137a3bdb1c9a5b0ef6a691daa72ad6d.tar.bz2 openbsd-5e2731501137a3bdb1c9a5b0ef6a691daa72ad6d.zip

diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c index a18032b9c8..e46e2530e3 100644 --- a/src/lib/libssl/src/ssl/t1_lib.c +++ b/src/lib/libssl/src/ssl/t1_lib.c
@@ -1147,10 +1147,9 @@ ssl_parse_clienthello_tlsext(SSL s, unsigned char p, unsigned char d,
1147	}	1147	}
1148		1148
1149	free(s->s3->client_opaque_prf_input);	1149	free(s->s3->client_opaque_prf_input);
		1150	s->s3->client_opaque_prf_input = NULL;
1150		1151
1151	if (s->s3->client_opaque_prf_input_len == 0)	1152	if (s->s3->client_opaque_prf_input_len != 0) {
1152	s->s3->client_opaque_prf_input = NULL;
1153	else {
1154	s->s3->client_opaque_prf_input =	1153	s->s3->client_opaque_prf_input =
1155	BUF_memdup(sdata,	1154	BUF_memdup(sdata,
1156	s->s3->client_opaque_prf_input_len);	1155	s->s3->client_opaque_prf_input_len);
@@ -1615,16 +1614,16 @@ ssl_prepare_clienthello_tlsext(SSL *s)
1615	int r = 1;	1614	int r = 1;
1616		1615
1617	if (s->ctx->tlsext_opaque_prf_input_callback != 0) {	1616	if (s->ctx->tlsext_opaque_prf_input_callback != 0) {
1618	r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, s->ctx->tlsext_opaque_prf_input_callback_arg);	1617	r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0,
		1618	s->ctx->tlsext_opaque_prf_input_callback_arg);
1619	if (!r)	1619	if (!r)
1620	return -1;	1620	return -1;
1621	}	1621	}
1622		1622
1623	if (s->tlsext_opaque_prf_input != NULL) {	1623	if (s->tlsext_opaque_prf_input != NULL) {
1624	free(s->s3->client_opaque_prf_input);	1624	free(s->s3->client_opaque_prf_input);
1625	if (s->tlsext_opaque_prf_input_len == 0)	1625	s->s3->client_opaque_prf_input = NULL;
1626	s->s3->client_opaque_prf_input = NULL;	1626	if (s->tlsext_opaque_prf_input_len != 0) {
1627	else {
1628	s->s3->client_opaque_prf_input =	1627	s->s3->client_opaque_prf_input =
1629	BUF_memdup(s->tlsext_opaque_prf_input,	1628	BUF_memdup(s->tlsext_opaque_prf_input,
1630	s->tlsext_opaque_prf_input_len);	1629	s->tlsext_opaque_prf_input_len);
@@ -1634,7 +1633,8 @@ ssl_prepare_clienthello_tlsext(SSL *s)
1634	return -1;	1633	return -1;
1635	}	1634	}
1636	}	1635	}
1637	s->s3->client_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;	1636	s->s3->client_opaque_prf_input_len =
		1637	s->tlsext_opaque_prf_input_len;
1638	}	1638	}
1639		1639
1640	if (r == 2) {	1640	if (r == 2) {
@@ -1704,7 +1704,8 @@ ssl_check_clienthello_tlsext_early(SSL *s)
1704	int r = 1;	1704	int r = 1;
1705		1705
1706	if (s->ctx->tlsext_opaque_prf_input_callback != 0) {	1706	if (s->ctx->tlsext_opaque_prf_input_callback != 0) {
1707	r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, s->ctx->tlsext_opaque_prf_input_callback_arg);	1707	r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0,
		1708	s->ctx->tlsext_opaque_prf_input_callback_arg);
1708	if (!r) {	1709	if (!r) {
1709	ret = SSL_TLSEXT_ERR_ALERT_FATAL;	1710	ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1710	al = SSL_AD_INTERNAL_ERROR;	1711	al = SSL_AD_INTERNAL_ERROR;
@@ -1717,13 +1718,14 @@ ssl_check_clienthello_tlsext_early(SSL *s)
1717		1718
1718	if (s->tlsext_opaque_prf_input != NULL) {	1719	if (s->tlsext_opaque_prf_input != NULL) {
1719	if (s->s3->client_opaque_prf_input != NULL &&	1720	if (s->s3->client_opaque_prf_input != NULL &&
1720	s->s3->client_opaque_prf_input_len == s->tlsext_opaque_prf_input_len) {	1721	s->s3->client_opaque_prf_input_len ==
1721	/* can only use this extension if we have a server opaque PRF input	1722	s->tlsext_opaque_prf_input_len) {
1722	* of the same length as the client opaque PRF input! */	1723	/*
1723		1724	* Can only use this extension if we have a
1724	if (s->tlsext_opaque_prf_input_len == 0)	1725	* server opaque PRF input of the same length
1725	s->s3->server_opaque_prf_input = NULL;	1726	* as the client opaque PRF input!
1726	else {	1727	*/
		1728	if (s->tlsext_opaque_prf_input_len != 0) {
1727	s->s3->server_opaque_prf_input =	1729	s->s3->server_opaque_prf_input =
1728	BUF_memdup(s->tlsext_opaque_prf_input,	1730	BUF_memdup(s->tlsext_opaque_prf_input,
1729	s->tlsext_opaque_prf_input_len);	1731	s->tlsext_opaque_prf_input_len);
@@ -1734,7 +1736,8 @@ ssl_check_clienthello_tlsext_early(SSL *s)
1734	goto err;	1736	goto err;
1735	}	1737	}
1736	}	1738	}
1737	s->s3->server_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;	1739	s->s3->server_opaque_prf_input_len =
		1740	s->tlsext_opaque_prf_input_len;
1738	}	1741	}
1739	}	1742	}
1740		1743
@@ -1877,7 +1880,8 @@ ssl_check_serverhello_tlsext(SSL *s)
1877	/* Anytime the server has sent an opaque PRF input, we need to check	1880	/* Anytime the server has sent an opaque PRF input, we need to check
1878	* that we have a client opaque PRF input of the same size. */	1881	* that we have a client opaque PRF input of the same size. */
1879	if (s->s3->client_opaque_prf_input == NULL \|\|	1882	if (s->s3->client_opaque_prf_input == NULL \|\|
1880	s->s3->client_opaque_prf_input_len != s->s3->server_opaque_prf_input_len) {	1883	s->s3->client_opaque_prf_input_len !=
		1884	s->s3->server_opaque_prf_input_len) {
1881	ret = SSL_TLSEXT_ERR_ALERT_FATAL;	1885	ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1882	al = SSL_AD_ILLEGAL_PARAMETER;	1886	al = SSL_AD_ILLEGAL_PARAMETER;
1883	}	1887	}


diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index a18032b9c8..e46e2530e3 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c
@@ -1147,10 +1147,9 @@ ssl_parse_clienthello_tlsext(SSL s, unsigned char p, unsigned char d,
1147	}	1147	}
1148		1148
1149	free(s->s3->client_opaque_prf_input);	1149	free(s->s3->client_opaque_prf_input);
		1150	s->s3->client_opaque_prf_input = NULL;
1150		1151
1151	if (s->s3->client_opaque_prf_input_len == 0)	1152	if (s->s3->client_opaque_prf_input_len != 0) {
1152	s->s3->client_opaque_prf_input = NULL;
1153	else {
1154	s->s3->client_opaque_prf_input =	1153	s->s3->client_opaque_prf_input =
1155	BUF_memdup(sdata,	1154	BUF_memdup(sdata,
1156	s->s3->client_opaque_prf_input_len);	1155	s->s3->client_opaque_prf_input_len);
@@ -1615,16 +1614,16 @@ ssl_prepare_clienthello_tlsext(SSL *s)
1615	int r = 1;	1614	int r = 1;
1616		1615
1617	if (s->ctx->tlsext_opaque_prf_input_callback != 0) {	1616	if (s->ctx->tlsext_opaque_prf_input_callback != 0) {
1618	r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, s->ctx->tlsext_opaque_prf_input_callback_arg);	1617	r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0,
		1618	s->ctx->tlsext_opaque_prf_input_callback_arg);
1619	if (!r)	1619	if (!r)
1620	return -1;	1620	return -1;
1621	}	1621	}
1622		1622
1623	if (s->tlsext_opaque_prf_input != NULL) {	1623	if (s->tlsext_opaque_prf_input != NULL) {
1624	free(s->s3->client_opaque_prf_input);	1624	free(s->s3->client_opaque_prf_input);
1625	if (s->tlsext_opaque_prf_input_len == 0)	1625	s->s3->client_opaque_prf_input = NULL;
1626	s->s3->client_opaque_prf_input = NULL;	1626	if (s->tlsext_opaque_prf_input_len != 0) {
1627	else {
1628	s->s3->client_opaque_prf_input =	1627	s->s3->client_opaque_prf_input =
1629	BUF_memdup(s->tlsext_opaque_prf_input,	1628	BUF_memdup(s->tlsext_opaque_prf_input,
1630	s->tlsext_opaque_prf_input_len);	1629	s->tlsext_opaque_prf_input_len);
@@ -1634,7 +1633,8 @@ ssl_prepare_clienthello_tlsext(SSL *s)
1634	return -1;	1633	return -1;
1635	}	1634	}
1636	}	1635	}
1637	s->s3->client_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;	1636	s->s3->client_opaque_prf_input_len =
		1637	s->tlsext_opaque_prf_input_len;
1638	}	1638	}
1639		1639
1640	if (r == 2) {	1640	if (r == 2) {
@@ -1704,7 +1704,8 @@ ssl_check_clienthello_tlsext_early(SSL *s)
1704	int r = 1;	1704	int r = 1;
1705		1705
1706	if (s->ctx->tlsext_opaque_prf_input_callback != 0) {	1706	if (s->ctx->tlsext_opaque_prf_input_callback != 0) {
1707	r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, s->ctx->tlsext_opaque_prf_input_callback_arg);	1707	r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0,
		1708	s->ctx->tlsext_opaque_prf_input_callback_arg);
1708	if (!r) {	1709	if (!r) {
1709	ret = SSL_TLSEXT_ERR_ALERT_FATAL;	1710	ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1710	al = SSL_AD_INTERNAL_ERROR;	1711	al = SSL_AD_INTERNAL_ERROR;
@@ -1717,13 +1718,14 @@ ssl_check_clienthello_tlsext_early(SSL *s)
1717		1718
1718	if (s->tlsext_opaque_prf_input != NULL) {	1719	if (s->tlsext_opaque_prf_input != NULL) {
1719	if (s->s3->client_opaque_prf_input != NULL &&	1720	if (s->s3->client_opaque_prf_input != NULL &&
1720	s->s3->client_opaque_prf_input_len == s->tlsext_opaque_prf_input_len) {	1721	s->s3->client_opaque_prf_input_len ==
1721	/* can only use this extension if we have a server opaque PRF input	1722	s->tlsext_opaque_prf_input_len) {
1722	* of the same length as the client opaque PRF input! */	1723	/*
1723		1724	* Can only use this extension if we have a
1724	if (s->tlsext_opaque_prf_input_len == 0)	1725	* server opaque PRF input of the same length
1725	s->s3->server_opaque_prf_input = NULL;	1726	* as the client opaque PRF input!
1726	else {	1727	*/
		1728	if (s->tlsext_opaque_prf_input_len != 0) {
1727	s->s3->server_opaque_prf_input =	1729	s->s3->server_opaque_prf_input =
1728	BUF_memdup(s->tlsext_opaque_prf_input,	1730	BUF_memdup(s->tlsext_opaque_prf_input,
1729	s->tlsext_opaque_prf_input_len);	1731	s->tlsext_opaque_prf_input_len);
@@ -1734,7 +1736,8 @@ ssl_check_clienthello_tlsext_early(SSL *s)
1734	goto err;	1736	goto err;
1735	}	1737	}
1736	}	1738	}
1737	s->s3->server_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;	1739	s->s3->server_opaque_prf_input_len =
		1740	s->tlsext_opaque_prf_input_len;
1738	}	1741	}
1739	}	1742	}
1740		1743
@@ -1877,7 +1880,8 @@ ssl_check_serverhello_tlsext(SSL *s)
1877	/* Anytime the server has sent an opaque PRF input, we need to check	1880	/* Anytime the server has sent an opaque PRF input, we need to check
1878	* that we have a client opaque PRF input of the same size. */	1881	* that we have a client opaque PRF input of the same size. */
1879	if (s->s3->client_opaque_prf_input == NULL \|\|	1882	if (s->s3->client_opaque_prf_input == NULL \|\|
1880	s->s3->client_opaque_prf_input_len != s->s3->server_opaque_prf_input_len) {	1883	s->s3->client_opaque_prf_input_len !=
		1884	s->s3->server_opaque_prf_input_len) {
1881	ret = SSL_TLSEXT_ERR_ALERT_FATAL;	1885	ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1882	al = SSL_AD_ILLEGAL_PARAMETER;	1886	al = SSL_AD_ILLEGAL_PARAMETER;
1883	}	1887	}