[openssl-commits] [openssl] OpenSSL_1_0_1-stable update
Matt Caswell
matt at openssl.org
Fri Feb 27 22:56:14 UTC 2015
The branch OpenSSL_1_0_1-stable has been updated
via 5c921f14cb08044e40f03440c39c70d9fb321e92 (commit)
from d58a852fbd3c7ae2d71949c090a474235b69d693 (commit)
- Log -----------------------------------------------------------------
commit 5c921f14cb08044e40f03440c39c70d9fb321e92
Author: Matt Caswell <matt at openssl.org>
Date: Fri Feb 27 16:52:07 2015 +0000
Fix d2i_SSL_SESSION for DTLS1_BAD_VER
Some Cisco appliances use a pre-standard version number for DTLS. We support
this as DTLS1_BAD_VER within the code.
This change fixes d2i_SSL_SESSION for that DTLS version.
Based on an original patch by David Woodhouse <dwmw2 at infradead.org>
RT#3704
Reviewed-by: Tim Hudson <tjh at openssl.org>
Conflicts:
ssl/ssl_asn1.c
Conflicts:
ssl/dtls1.h
-----------------------------------------------------------------------
Summary of changes:
ssl/dtls1.h | 1 +
ssl/ssl_asn1.c | 4 +++-
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/ssl/dtls1.h b/ssl/dtls1.h
index 442167a..8deb299 100644
--- a/ssl/dtls1.h
+++ b/ssl/dtls1.h
@@ -85,6 +85,7 @@ extern "C" {
# define DTLS1_VERSION 0xFEFF
# define DTLS_MAX_VERSION DTLS1_VERSION
+# define DTLS1_VERSION_MAJOR 0xFE
# define DTLS1_BAD_VER 0x0100
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index f8c265c..39d48ea 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -421,7 +421,9 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
id = 0x02000000L |
((unsigned long)os.data[0] << 16L) |
((unsigned long)os.data[1] << 8L) | (unsigned long)os.data[2];
- } else if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) {
+ } else if ((ssl_version >> 8) == SSL3_VERSION_MAJOR
+ || (ssl_version >> 8) == DTLS1_VERSION_MAJOR
+ || ssl_version == DTLS1_BAD_VER) {
if (os.length != 2) {
c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH;
c.line = __LINE__;
More information about the openssl-commits
mailing list