If the client challenge is less than 32 bytes, it is padded with leading - not trailing - zero bytes.
Reviewed-by: Matt Caswell <matt@openssl.org>
/* Load the client random */
i = (cl > SSL3_RANDOM_SIZE) ? SSL3_RANDOM_SIZE : cl;
memset(s->s3->client_random, 0, SSL3_RANDOM_SIZE);
/* Load the client random */
i = (cl > SSL3_RANDOM_SIZE) ? SSL3_RANDOM_SIZE : cl;
memset(s->s3->client_random, 0, SSL3_RANDOM_SIZE);
- if (!PACKET_peek_copy_bytes(&pkt, s->s3->client_random, i)
+ if (!PACKET_peek_copy_bytes(&pkt,
+ s->s3->client_random + SSL3_RANDOM_SIZE - i,
+ i)
|| !PACKET_forward(&pkt, cl)
|| PACKET_remaining(&pkt) != 0) {
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_RECORD_LENGTH_MISMATCH);
|| !PACKET_forward(&pkt, cl)
|| PACKET_remaining(&pkt) != 0) {
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_RECORD_LENGTH_MISMATCH);