SECURITY fixes backported from openssl-1.0.1f. ok mikeb@

CVE-2013-4353 NULL pointer dereference with crafted Next Protocol Negotiation record in TLS handshake. Upstream: 197e0ea CVE-2013-6449 Fix crash with crafted traffic from a TLS 1.2 client. Upstream: ca98926, 0294b2b CVE-2013-6450 Fix DTLS retransmission from previous session. Upstream: 3462896
author: jca <> 2014-02-27 21:04:57 +0000
committer: jca <> 2014-02-27 21:04:57 +0000
commit: 3b6d92e82b1421b811bcdec7f7fdfb31eeef18de (patch)
tree: 40e788c732b30794928787a09a2b41e34c4772bb /src/lib/libssl/s3_lib.c
parent: 76214748f84ef8bbc3833462e40ef29a1e84a02c (diff)
download: openbsd-3b6d92e82b1421b811bcdec7f7fdfb31eeef18de.tar.gz
openbsd-3b6d92e82b1421b811bcdec7f7fdfb31eeef18de.tar.bz2
openbsd-3b6d92e82b1421b811bcdec7f7fdfb31eeef18de.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index fb60cde8ee..b73b5ac87f 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -4274,7 +4274,7 @@ need to go to SSL_ST_ACCEPT.
 long ssl_get_algorithm2(SSL *s)
        {
        long alg2 = s->s3->tmp.new_cipher->algorithm2;
-        if (TLS1_get_version(s) >= TLS1_2_VERSION &&
+        if (s->method->version == TLS1_2_VERSION &&
            alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
                return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
        return alg2;
author	jca <>	2014-02-27 21:04:57 +0000
committer	jca <>	2014-02-27 21:04:57 +0000
commit	3b6d92e82b1421b811bcdec7f7fdfb31eeef18de (patch)
tree	40e788c732b30794928787a09a2b41e34c4772bb /src/lib/libssl/s3_lib.c
parent	76214748f84ef8bbc3833462e40ef29a1e84a02c (diff)
download	openbsd-3b6d92e82b1421b811bcdec7f7fdfb31eeef18de.tar.gz openbsd-3b6d92e82b1421b811bcdec7f7fdfb31eeef18de.tar.bz2 openbsd-3b6d92e82b1421b811bcdec7f7fdfb31eeef18de.zip

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index fb60cde8ee..b73b5ac87f 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c
@@ -4274,7 +4274,7 @@ need to go to SSL_ST_ACCEPT.
4274	long ssl_get_algorithm2(SSL *s)	4274	long ssl_get_algorithm2(SSL *s)
4275	{	4275	{
4276	long alg2 = s->s3->tmp.new_cipher->algorithm2;	4276	long alg2 = s->s3->tmp.new_cipher->algorithm2;
4277	if (TLS1_get_version(s) >= TLS1_2_VERSION &&	4277	if (s->method->version == TLS1_2_VERSION &&
4278	alg2 == (SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF))	4278	alg2 == (SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF))
4279	return SSL_HANDSHAKE_MAC_SHA256 \| TLS1_PRF_SHA256;	4279	return SSL_HANDSHAKE_MAC_SHA256 \| TLS1_PRF_SHA256;
4280	return alg2;	4280	return alg2;