[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Matt Caswell matt at openssl.org
Tue Nov 10 18:49:52 UTC 2015

The branch OpenSSL_1_0_2-stable has been updated
       via  15a7164eb7d4d031608fcec2801d7f7b11b16923 (commit)
      from  822d265cedd98a0dbf48b123a3a24f8528bb5842 (commit)

- Log -----------------------------------------------------------------
commit 15a7164eb7d4d031608fcec2801d7f7b11b16923
Author: Matt Caswell <matt at openssl.org>
Date:   Tue Nov 3 15:49:08 2015 +0000

    Only call ssl3_init_finished_mac once for DTLS
    In DTLS if an IO retry occurs during writing of a fragmented ClientHello
    then we can end up reseting the finish mac variables on the retry, which
    causes a handshake failure. We should only reset on the first attempt not
    on retries.
    Thanks to BoringSSL for reporting this issue.
    Reviewed-by: Tim Hudson <tjh at openssl.org>


Summary of changes:
 ssl/d1_clnt.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
index 3a2038c..3ddfa7b 100644
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -317,13 +317,12 @@ int dtls1_connect(SSL *s)
         case SSL3_ST_CW_CLNT_HELLO_A:
-        case SSL3_ST_CW_CLNT_HELLO_B:
             s->shutdown = 0;
             /* every DTLS ClientHello resets Finished MAC */
+        case SSL3_ST_CW_CLNT_HELLO_B:
             ret = ssl3_client_hello(s);
             if (ret <= 0)

More information about the openssl-commits mailing list