openssl: update OpenSSL to 1.0.1e, fix Cisco DTLS.
[openwrt/staging/chunkeey.git] / package / libs / openssl / patches / 120-cisco-dtls-fix.patch
1 From 9fe4603b8245425a4c46986ed000fca054231253 Mon Sep 17 00:00:00 2001
2 From: David Woodhouse <dwmw2@infradead.org>
3 Date: Tue, 12 Feb 2013 14:55:32 +0000
4 Subject: [PATCH] Check DTLS_BAD_VER for version number.
5
6 The version check for DTLS1_VERSION was redundant as
7 DTLS1_VERSION > TLS1_1_VERSION, however we do need to
8 check for DTLS1_BAD_VER for compatibility.
9
10 PR:2984
11 (cherry picked from commit d980abb22e22661e98e5cee33d760ab0c7584ecc)
12 ---
13 ssl/s3_cbc.c | 2 +-
14 1 file changed, 1 insertion(+), 1 deletion(-)
15
16 diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
17 index 02edf3f..443a31e 100644
18 --- a/ssl/s3_cbc.c
19 +++ b/ssl/s3_cbc.c
20 @@ -148,7 +148,7 @@ int tls1_cbc_remove_padding(const SSL* s,
21 unsigned padding_length, good, to_check, i;
22 const unsigned overhead = 1 /* padding length byte */ + mac_size;
23 /* Check if version requires explicit IV */
24 - if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION)
25 + if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER)
26 {
27 /* These lengths are all public so we can test them in
28 * non-constant time.
29 --
30 1.8.1.2
31