Fix end-point shared secret for DTLS/SCTP

When computing the end-point shared secret, don't take the terminating NULL character into account. Please note that this fix breaks interoperability with older versions of OpenSSL, which are not fixed. Fixes #7956 Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7957) (cherry picked from commit 09d62b336d9e2a11b330d45d4f0f3f37cbb0d674)
author: Michael Tuexen <tuexen@fh-muenster.de> 2018-12-26 12:44:53 +0100
committer: Matt Caswell <matt@openssl.org> 2019-02-01 12:03:43 +0000
commit: 243ff51cc6757ab56cda4a7f69fbdcddf81141b6 (patch)
tree: 71177c7b975c9945d27c25356eb4edc0b0be2a8d /CHANGES
parent: 1b66fc87da7c3851d7229993219336afa587f325 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index d3ad3f6243..261299d44b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,13 @@
 
  Changes between 1.1.1a and 1.1.1b [xx XXX xxxx]
 
+  *) Fix a bug in the computation of the endpoint-pair shared secret used
+     by DTLS over SCTP. This breaks interoperability with older versions
+     of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2. There is a runtime
+     switch SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG (off by default) enabling
+     interoperability with such broken implementations. However, enabling
+     this switch breaks interoperability with correct implementations.
+
   *) Move strictness check from EVP_PKEY_asn1_new() to EVP_PKEY_asn1_add0().
      [Richard Levitte]
author	Michael Tuexen <tuexen@fh-muenster.de>	2018-12-26 12:44:53 +0100
committer	Matt Caswell <matt@openssl.org>	2019-02-01 12:03:43 +0000
commit	243ff51cc6757ab56cda4a7f69fbdcddf81141b6 (patch)
tree	71177c7b975c9945d27c25356eb4edc0b0be2a8d /CHANGES
parent	1b66fc87da7c3851d7229993219336afa587f325 (diff)