[openssl] OpenSSL_1_1_1-stable update

Matt Caswell matt at openssl.org
Tue Aug 6 10:17:27 UTC 2019 

The branch OpenSSL_1_1_1-stable has been updated
       via  bd1a74f8ee92d2b63d19308fd3dfee2936af9d17 (commit)
      from  f2bb79a78a1681f9a137d7560a17982f6e54333c (commit)


- Log -----------------------------------------------------------------
commit bd1a74f8ee92d2b63d19308fd3dfee2936af9d17
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Jul 22 11:02:46 2019 +0100

    Correct the Extended Master Secret string for EBCDIC
    
    The macro TLS_MD_MASTER_SECRET_CONST is supposed to hold the ascii string
    "extended master secret". On EBCDIC machines it actually contained the
    value "extecded master secret"
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/9430)
    
    (cherry picked from commit c1a3f16f735057b45df1803d58f40e4e17b233e5)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES                | 7 +++++++
 include/openssl/tls1.h | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index 5bc8ebd6c6..2cb84d4507 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,13 @@
 
  Changes between 1.1.1c and 1.1.1d [xx XXX xxxx]
 
+  *) Correct the extended master secret constant on EBCDIC systems. Without this
+     fix TLS connections between an EBCDIC system and a non-EBCDIC system that
+     negotiate EMS will fail. Unfortunately this also means that TLS connections
+     between EBCDIC systems with this fix, and EBCDIC systems without this
+     fix will fail if they negotiate EMS.
+     [Matt Caswell]
+
   *) Use Windows installation paths in the mingw builds
 
      Mingw isn't a POSIX environment per se, which means that Windows
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index e13b5dd4bc..8a6b6ee443 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -1222,7 +1222,7 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
 /*
  * extended master secret
  */
-#  define TLS_MD_EXTENDED_MASTER_SECRET_CONST    "\x65\x78\x74\x65\x63\x64\x65\x64\x20\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74"
+#  define TLS_MD_EXTENDED_MASTER_SECRET_CONST    "\x65\x78\x74\x65\x6e\x64\x65\x64\x20\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74"
 # endif
 
 /* TLS Session Ticket extension struct */

More information about the openssl-commits mailing list