diff options
author | Michael Tuexen <tuexen@fh-muenster.de> | 2018-12-26 12:44:53 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-02-01 12:03:43 +0000 |
commit | 243ff51cc6757ab56cda4a7f69fbdcddf81141b6 (patch) | |
tree | 71177c7b975c9945d27c25356eb4edc0b0be2a8d /CHANGES | |
parent | 1b66fc87da7c3851d7229993219336afa587f325 (diff) |
Fix end-point shared secret for DTLS/SCTP
When computing the end-point shared secret, don't take the
terminating NULL character into account.
Please note that this fix breaks interoperability with older
versions of OpenSSL, which are not fixed.
Fixes #7956
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7957)
(cherry picked from commit 09d62b336d9e2a11b330d45d4f0f3f37cbb0d674)
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 7 |
1 files changed, 7 insertions, 0 deletions
@@ -9,6 +9,13 @@ Changes between 1.1.1a and 1.1.1b [xx XXX xxxx] + *) Fix a bug in the computation of the endpoint-pair shared secret used + by DTLS over SCTP. This breaks interoperability with older versions + of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2. There is a runtime + switch SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG (off by default) enabling + interoperability with such broken implementations. However, enabling + this switch breaks interoperability with correct implementations. + *) Move strictness check from EVP_PKEY_asn1_new() to EVP_PKEY_asn1_add0(). [Richard Levitte] |