Cypherpunks repositories - gostls13.git/commit

author	Tero Saarni <tero.saarni@gmail.com>
	Wed, 12 Apr 2023 10:07:07 +0000 (10:07 +0000)
committer	Gopher Robot <gobot@golang.org>
	Mon, 24 Apr 2023 18:25:14 +0000 (18:25 +0000)
commit	813a811d3308c82cfc5b739321a5eb973612a990
tree	05b9da3765c103c1d1b4d04c16561edd3a8c8b53	tree
parent	ee42d468f50e863f240a8b11e521feaf7f9114c9	commit \| diff

[release-branch.go1.20] crypto/tls: fix PSK binder calculation

When server and client have mismatch in curve preference, the server will
send HelloRetryRequest during TLSv1.3 PSK resumption. There was a bug
introduced by Go1.19.6 or later and Go1.20.1 or later, that makes the client
calculate the PSK binder hash incorrectly. Server will reject the TLS
handshake by sending alert: invalid PSK binder.

For #59424.
Fixes #59540.

Change-Id: I2ca8948474275740a36d991c057b62a13392dbb9
GitHub-Last-Rev: 1aad9bcf27f563449c1a7ed6d0dd1d247cc65713
GitHub-Pull-Request: golang/go#59425
Reviewed-on: https://go-review.googlesource.com/c/go/+/481955
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Roland Shoemaker <roland@golang.org>
(cherry picked from commit 2c70690451f1484607a9172a4c24f78ae832dcb0)
Reviewed-on: https://go-review.googlesource.com/c/go/+/488055
Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>

src/crypto/tls/handshake_client_test.go		diff \| blob \| history
src/crypto/tls/handshake_client_tls13.go		diff \| blob \| history