Google Git
Sign in
flutter/third_party/openssl/de1915e48c0be56fadf7c7f1987536e1522df275^!/./CHANGES
commit
de1915e48c0be56fadf7c7f1987536e1522df275
[log]
author
Bodo Möller <bodo@openssl.org>
Wed Aug 18 17:14:42 1999 +0000
committer
Bodo Möller <bodo@openssl.org>
Wed Aug 18 17:14:42 1999 +0000
tree
b6ee009a7e1ec756162cd5f4e50761ca1fe57e2d
parent
6e4a3b5529613d2d0f4ae246f4f8fd7d2b8aa536 [diff] [blame]
Fix horrible (and hard to track down) bug in ssl23_get_client_hello:
In case of a restart, v[0] and v[1] were incorrectly initialised.
This was interpreted by ssl3_get_client_key_exchange as an RSA decryption
failure (don't ask me why) and caused it to create a _random_ master key
instead (even weirder), which obviously led to incorrect input to
ssl3_generate_master_secret and thus caused "block cipher pad is
wrong" error messages from ssl3_enc for the client's Finished message.
Arrgh.

diff --git a/CHANGES b/CHANGES
index 93c314e..7b6970e 100644
--- a/CHANGES
+++ b/CHANGES

@@ -4,6 +4,12 @@
 
  Changes between 0.9.4 and 0.9.5  [xx XXX 1999]
 
+  *) Bugfix: ssl23_get_client_hello did not work properly when called in
+     state SSL23_ST_SR_CLNT_HELLO_B, i.e. when the first 7 bytes of
+     a SSLv2-compatible client hello for SSLv3 or TLSv1 could be read,
+     but a retry condition occured while trying to read the rest.
+     [Bodo Moeller]
+
   *) The PKCS7_ENC_CONTENT_new() function was setting the content type as
      NID_pkcs7_encrypted by default: this was wrong since this should almost
      always be NID_pkcs7_data. Also modified the PKCS7_set_type() to handle