gnutls_prf_rfc5705: apply the context limits only under TLS1.2 or earlier

These limits do not exist under TLS1.3. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-11-27 11:07:40 +0100
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-11-27 12:04:41 +0100
commit: e307dbe411c16ab831cb10cb168d5b57c2293a7a (patch)
tree: bc299552c348f92e4787724ce47e91fb5846274e
parent: 9853dbb8f3e8921500e3d8bed0a1f9aca79258ec (diff)
download: gnutls-e307dbe411c16ab831cb10cb168d5b57c2293a7a.tar.gz
1 files changed, 5 insertions, 5 deletions
diff --git a/lib/prf.c b/lib/prf.c
index a249924351..ff5eda32b2 100644
--- a/lib/prf.c
+++ b/lib/prf.c
@@ -136,11 +136,6 @@ gnutls_prf_rfc5705(gnutls_session_t session,
 	const version_entry_st *vers = get_version(session);
 	int ret;
 
-	if (context != NULL && context_size > 65535)  {
-		gnutls_assert();
-		return GNUTLS_E_INVALID_REQUEST;
-	}
-
 	if (vers && vers->tls13_sem) {
 		uint8_t secret[MAX_HASH_SIZE];
 		uint8_t digest[MAX_HASH_SIZE];
@@ -169,6 +164,11 @@ gnutls_prf_rfc5705(gnutls_session_t session,
 	} else {
 		char *pctx = NULL;
 
+		if (context != NULL && context_size > 65535)  {
+			gnutls_assert();
+			return GNUTLS_E_INVALID_REQUEST;
+		}
+
 		if (context != NULL) {
 			pctx = gnutls_malloc(context_size+2);
 			if (!pctx) {
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-11-27 11:07:40 +0100
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-11-27 12:04:41 +0100
commit	e307dbe411c16ab831cb10cb168d5b57c2293a7a (patch)
tree	bc299552c348f92e4787724ce47e91fb5846274e
parent	9853dbb8f3e8921500e3d8bed0a1f9aca79258ec (diff)
download	gnutls-e307dbe411c16ab831cb10cb168d5b57c2293a7a.tar.gz