diff options
| author | jca <> | 2014-02-27 21:04:57 +0000 |
|---|---|---|
| committer | jca <> | 2014-02-27 21:04:57 +0000 |
| commit | 2f599a95f29ebaa4869bf0dfe86551f934af1b7f (patch) | |
| tree | 40e788c732b30794928787a09a2b41e34c4772bb /src/lib/libssl/s3_lib.c | |
| parent | 4e4f0581648a8699ae532d5ccea19affc3ca144d (diff) | |
| download | openbsd-2f599a95f29ebaa4869bf0dfe86551f934af1b7f.tar.gz openbsd-2f599a95f29ebaa4869bf0dfe86551f934af1b7f.tar.bz2 openbsd-2f599a95f29ebaa4869bf0dfe86551f934af1b7f.zip | |
SECURITY fixes backported from openssl-1.0.1f. ok mikeb@
CVE-2013-4353 NULL pointer dereference with crafted Next Protocol
Negotiation record in TLS handshake.
Upstream: 197e0ea
CVE-2013-6449 Fix crash with crafted traffic from a TLS 1.2 client.
Upstream: ca98926, 0294b2b
CVE-2013-6450 Fix DTLS retransmission from previous session.
Upstream: 3462896
Diffstat (limited to 'src/lib/libssl/s3_lib.c')
| -rw-r--r-- | src/lib/libssl/s3_lib.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index fb60cde8ee..b73b5ac87f 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c | |||
| @@ -4274,7 +4274,7 @@ need to go to SSL_ST_ACCEPT. | |||
| 4274 | long ssl_get_algorithm2(SSL *s) | 4274 | long ssl_get_algorithm2(SSL *s) |
| 4275 | { | 4275 | { |
| 4276 | long alg2 = s->s3->tmp.new_cipher->algorithm2; | 4276 | long alg2 = s->s3->tmp.new_cipher->algorithm2; |
| 4277 | if (TLS1_get_version(s) >= TLS1_2_VERSION && | 4277 | if (s->method->version == TLS1_2_VERSION && |
| 4278 | alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) | 4278 | alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) |
| 4279 | return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; | 4279 | return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; |
| 4280 | return alg2; | 4280 | return alg2; |