This fix and and some other regression fixes, along with a test case, are lined up for HEAD/1.1 in Github PR #1296.
This one is also needed in 1.0.2. -- David Woodhouse Open Source Technology Centre david.woodho...@intel.com Intel Corporation -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4631 Please log in as guest with password guest if prompted
>From 6f4560482c6a942c57842518f80b92ef97167e75 Mon Sep 17 00:00:00 2001
From: David Woodhouse <david.woodho...@intel.com>
Date: Fri, 8 Jul 2016 20:46:07 +0100
Subject: [PATCH] Fix SSL_export_keying_material() for DTLS1_BAD_VER
Commit d8e8590e ("Fix missing return value checks in SCTP") made the
DTLS handshake fail, even for non-SCTP connections, if
SSL_export_keying_material() fails. Which it does, for DTLS1_BAD_VER.
Apply the trivial fix to make it succeed, since there's no real reason
why it shouldn't even though we never need it.
---
ssl/ssl_lib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index a707612..42b980a 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1828,7 +1828,7 @@ int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
const unsigned char *p, size_t plen,
int use_context)
{
- if (s->version < TLS1_VERSION)
+ if (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER)
return -1;
return s->method->ssl3_enc->export_keying_material(s, out, olen, label,
--
2.7.4
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
