wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix d2i_SSL_SESSION for DTLS1_BAD_VER

Browse source 
Some Cisco appliances use a pre-standard version number for DTLS. We support
this as DTLS1_BAD_VER within the code.

This change fixes d2i_SSL_SESSION for that DTLS version.

Based on an original patch by David Woodhouse <dwmw2@infradead.org>

RT#3704

Reviewed-by: Tim Hudson <tjh@openssl.org>
This commit is contained in:
Matt Caswell 2015-02-27 16:52:07 +00:00
parent eadf70d2c8
commit af674d4e20
2 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
ssl/dtls1.h
View file

@ -86,6 +86,7 @@ extern "C" {
# define DTLS1_VERSION 0xFEFF
# define DTLS1_2_VERSION 0xFEFD
# define DTLS_MAX_VERSION DTLS1_2_VERSION
# define DTLS1_VERSION_MAJOR 0xFE
# define DTLS1_BAD_VER 0x0100

4
ssl/ssl_asn1.c
View file

@ -410,7 +410,9 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
os.data = NULL;
os.length = 0;
M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING);
if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) {
if ((ssl_version >> 8) == SSL3_VERSION_MAJOR
|| (ssl_version >> 8) == DTLS1_VERSION_MAJOR
|| ssl_version == DTLS1_BAD_VER) {
if (os.length != 2) {
c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH;
c.line = __LINE__;