[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
Matt Caswell
matt at openssl.org
Mon Mar 9 10:55:52 UTC 2015
The branch OpenSSL_1_0_2-stable has been updated
via ae3fcdf1e5865b709aed4e66924197bc6191fc5b (commit)
from d6ca1cee8b6efac5906ac66443d1ca67fe689ff8 (commit)
- Log -----------------------------------------------------------------
commit ae3fcdf1e5865b709aed4e66924197bc6191fc5b
Author: Matt Caswell <matt at openssl.org>
Date: Mon Mar 2 14:34:19 2015 +0000
Fix DTLS1_BAD_VER regression
Commit 9cf0f187 in HEAD, and 68039af3 in 1.0.2, removed a version check
from dtls1_buffer_message() which was needed to distinguish between DTLS
1.x and Cisco's pre-standard version of DTLS (DTLS1_BAD_VER).
Based on an original patch by David Woodhouse <dwmw2 at infradead.org>
RT#3703
Reviewed-by: Tim Hudson <tjh at openssl.org>
(cherry picked from commit 5178a16c4375471d25e1f5ef5de46febb62a5529)
-----------------------------------------------------------------------
Summary of changes:
ssl/d1_both.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 2553c3d..2104800 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -1108,8 +1108,10 @@ int dtls1_buffer_message(SSL *s, int is_ccs)
memcpy(frag->fragment, s->init_buf->data, s->init_num);
if (is_ccs) {
+ /* For DTLS1_BAD_VER the header length is non-standard */
OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
- DTLS1_CCS_HEADER_LENGTH == (unsigned int)s->init_num);
+ ((s->version==DTLS1_BAD_VER)?3:DTLS1_CCS_HEADER_LENGTH)
+ == (unsigned int)s->init_num);
} else {
OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num);
More information about the openssl-commits
mailing list