From: David Woodhouse <David.Woodhouse@intel.com>
Date: Fri, 8 Jul 2016 19:46:07 +0000 (+0100)
Subject: Fix SSL_export_keying_material() for DTLS1_BAD_VER
X-Git-Tag: OpenSSL_1_0_1u~9
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=515a0105652a1b84d712b4d162cf859c02bf5450;p=oweals%2Fopenssl.git

Fix SSL_export_keying_material() for DTLS1_BAD_VER

Commit d8e8590e ("Fix missing return value checks in SCTP") made the
DTLS handshake fail, even for non-SCTP connections, if
SSL_export_keying_material() fails. Which it does, for DTLS1_BAD_VER.

Apply the trivial fix to make it succeed, since there's no real reason
why it shouldn't even though we never need it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit c8a18468caef4d62778381be0acdadc8a88d6e51)
---

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 896b5a35a2..83ef233b50 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1662,7 +1662,7 @@ int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
                                const unsigned char *p, size_t plen,
                                int use_context)
 {
-    if (s->version < TLS1_VERSION)
+    if (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER)
         return -1;
 
     return s->method->ssl3_enc->export_keying_material(s, out, olen, label,