diff options
| author |   jca <jca@openbsd.org> | 2014-02-27 21:04:57 +0000 |
|---|---|---|
| committer | jca <jca@openbsd.org> | 2014-02-27 21:04:57 +0000 |
| commit | 724b1063fe45f812c6c49b2bd4e01ffac44b5cf7 (patch) | |
| tree | c0d4574f0e1068cefda493f918eede5b1729afa5 /lib/libssl/src/ssl/s3_lib.c | |
| parent | some unlikely tape candidates (diff) | |
| download | wireguard-openbsd-724b1063fe45f812c6c49b2bd4e01ffac44b5cf7.tar.xz wireguard-openbsd-724b1063fe45f812c6c49b2bd4e01ffac44b5cf7.zip | |
SECURITY fixes backported from openssl-1.0.1f. ok mikeb@
CVE-2013-4353 NULL pointer dereference with crafted Next Protocol
Negotiation record in TLS handshake.
Upstream: 197e0ea
CVE-2013-6449 Fix crash with crafted traffic from a TLS 1.2 client.
Upstream: ca98926, 0294b2b
CVE-2013-6450 Fix DTLS retransmission from previous session.
Upstream: 3462896
Diffstat (limited to 'lib/libssl/src/ssl/s3_lib.c')
| -rw-r--r-- | lib/libssl/src/ssl/s3_lib.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/libssl/src/ssl/s3_lib.c b/lib/libssl/src/ssl/s3_lib.c index fb60cde8eed..b73b5ac87fc 100644 --- a/lib/libssl/src/ssl/s3_lib.c +++ b/lib/libssl/src/ssl/s3_lib.c @@ -4274,7 +4274,7 @@ need to go to SSL_ST_ACCEPT. long ssl_get_algorithm2(SSL *s) { long alg2 = s->s3->tmp.new_cipher->algorithm2; - if (TLS1_get_version(s) >= TLS1_2_VERSION && + if (s->method->version == TLS1_2_VERSION && alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; return alg2; |