[openssl-commits] [openssl] OpenSSL_1_0_1-stable update

Matt Caswell matt at openssl.org
Fri Aug 26 17:12:00 UTC 2016

The branch OpenSSL_1_0_1-stable has been updated
       via  515a0105652a1b84d712b4d162cf859c02bf5450 (commit)
      from  2b4029e68fd7002d2307e6c3cde0f3784eef9c83 (commit)

- Log -----------------------------------------------------------------
commit 515a0105652a1b84d712b4d162cf859c02bf5450
Author: David Woodhouse <David.Woodhouse at intel.com>
Date:   Fri Jul 8 20:46:07 2016 +0100

    Fix SSL_export_keying_material() for DTLS1_BAD_VER
    Commit d8e8590e ("Fix missing return value checks in SCTP") made the
    DTLS handshake fail, even for non-SCTP connections, if
    SSL_export_keying_material() fails. Which it does, for DTLS1_BAD_VER.
    Apply the trivial fix to make it succeed, since there's no real reason
    why it shouldn't even though we never need it.
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (cherry picked from commit c8a18468caef4d62778381be0acdadc8a88d6e51)


Summary of changes:
 ssl/ssl_lib.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 896b5a3..83ef233 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1662,7 +1662,7 @@ int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
                                const unsigned char *p, size_t plen,
                                int use_context)
-    if (s->version < TLS1_VERSION)
+    if (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER)
         return -1;
     return s->method->ssl3_enc->export_keying_material(s, out, olen, label,

More information about the openssl-commits mailing list