gnutls_prf_rfc5705: apply the context limits only under TLS1.2 or earlier

These limits do not exist under TLS1.3. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-11-27 11:07:40 +0100
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2018-01-27 16:09:53 +0100
commit: f324f46401be97c6bd21585ee97bc4140ccf0e16 (patch)
tree: d5403ef5434a893f7c26cff5dff56f1c69a1e36a
parent: a8edacbcaab5d37c0aa0ea2794c8ed0f7efe4bbd (diff)
download: gnutls-f324f46401be97c6bd21585ee97bc4140ccf0e16.tar.gz
1 files changed, 5 insertions, 5 deletions
diff --git a/lib/prf.c b/lib/prf.c
index a249924351..ff5eda32b2 100644
--- a/lib/prf.c
+++ b/lib/prf.c
@@ -136,11 +136,6 @@ gnutls_prf_rfc5705(gnutls_session_t session,
 	const version_entry_st *vers = get_version(session);
 	int ret;
 
-	if (context != NULL && context_size > 65535)  {
-		gnutls_assert();
-		return GNUTLS_E_INVALID_REQUEST;
-	}
-
 	if (vers && vers->tls13_sem) {
 		uint8_t secret[MAX_HASH_SIZE];
 		uint8_t digest[MAX_HASH_SIZE];
@@ -169,6 +164,11 @@ gnutls_prf_rfc5705(gnutls_session_t session,
 	} else {
 		char *pctx = NULL;
 
+		if (context != NULL && context_size > 65535)  {
+			gnutls_assert();
+			return GNUTLS_E_INVALID_REQUEST;
+		}
+
 		if (context != NULL) {
 			pctx = gnutls_malloc(context_size+2);
 			if (!pctx) {
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-11-27 11:07:40 +0100
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-01-27 16:09:53 +0100
commit	f324f46401be97c6bd21585ee97bc4140ccf0e16 (patch)
tree	d5403ef5434a893f7c26cff5dff56f1c69a1e36a
parent	a8edacbcaab5d37c0aa0ea2794c8ed0f7efe4bbd (diff)
download	gnutls-f324f46401be97c6bd21585ee97bc4140ccf0e16.tar.gz