From bd1a74f8ee92d2b63d19308fd3dfee2936af9d17 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 22 Jul 2019 11:02:46 +0100 Subject: [PATCH] Correct the Extended Master Secret string for EBCDIC The macro TLS_MD_MASTER_SECRET_CONST is supposed to hold the ascii string "extended master secret". On EBCDIC machines it actually contained the value "extecded master secret" Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9430) (cherry picked from commit c1a3f16f735057b45df1803d58f40e4e17b233e5) --- CHANGES | 7 +++++++ include/openssl/tls1.h | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 5bc8ebd6c6..2cb84d4507 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,13 @@ Changes between 1.1.1c and 1.1.1d [xx XXX xxxx] + *) Correct the extended master secret constant on EBCDIC systems. Without this + fix TLS connections between an EBCDIC system and a non-EBCDIC system that + negotiate EMS will fail. Unfortunately this also means that TLS connections + between EBCDIC systems with this fix, and EBCDIC systems without this + fix will fail if they negotiate EMS. + [Matt Caswell] + *) Use Windows installation paths in the mingw builds Mingw isn't a POSIX environment per se, which means that Windows diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index e13b5dd4bc..8a6b6ee443 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -1222,7 +1222,7 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain) /* * extended master secret */ -# define TLS_MD_EXTENDED_MASTER_SECRET_CONST "\x65\x78\x74\x65\x63\x64\x65\x64\x20\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" +# define TLS_MD_EXTENDED_MASTER_SECRET_CONST "\x65\x78\x74\x65\x6e\x64\x65\x64\x20\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" # endif /* TLS Session Ticket extension struct */ -- 2.25.1