[openssl-commits] [openssl] OpenSSL_1_0_1-stable update

Matt Caswell matt at openssl.org
Tue Nov 10 18:50:03 UTC 2015

The branch OpenSSL_1_0_1-stable has been updated
       via  e83009840af76d06a13192be69c2b273ac7e96a0 (commit)
      from  84d0c40f3fbcb9e3067cbbc2f01bd965e587c178 (commit)

- Log -----------------------------------------------------------------
commit e83009840af76d06a13192be69c2b273ac7e96a0
Author: Matt Caswell <matt at openssl.org>
Date:   Tue Nov 3 15:49:08 2015 +0000

    Only call ssl3_init_finished_mac once for DTLS
    In DTLS if an IO retry occurs during writing of a fragmented ClientHello
    then we can end up reseting the finish mac variables on the retry, which
    causes a handshake failure. We should only reset on the first attempt not
    on retries.
    Thanks to BoringSSL for reporting this issue.
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (cherry picked from commit 15a7164eb7d4d031608fcec2801d7f7b11b16923)


Summary of changes:
 ssl/d1_clnt.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
index 20ed02c..eb371a2 100644
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -299,13 +299,12 @@ int dtls1_connect(SSL *s)
         case SSL3_ST_CW_CLNT_HELLO_A:
-        case SSL3_ST_CW_CLNT_HELLO_B:
             s->shutdown = 0;
             /* every DTLS ClientHello resets Finished MAC */
+        case SSL3_ST_CW_CLNT_HELLO_B:
             ret = dtls1_client_hello(s);
             if (ret <= 0)

More information about the openssl-commits mailing list