Fix SSL_export_keying_material() for DTLS1_BAD_VER

Commit d8e8590e ("Fix missing return value checks in SCTP") made the DTLS handshake fail, even for non-SCTP connections, if SSL_export_keying_material() fails. Which it does, for DTLS1_BAD_VER. Apply the trivial fix to make it succeed, since there's no real reason why it shouldn't even though we never need it. Reviewed-by: N Rich Salz <rsalz@openssl.org> Reviewed-by: N Matt Caswell <matt@openssl.org>

Fix SSL_export_keying_material() for DTLS1_BAD_VER
Commit d8e8590e ("Fix missing return value checks in SCTP") made the DTLS handshake fail, even for non-SCTP connections, if SSL_export_keying_material() fails. Which it does, for DTLS1_BAD_VER. Apply the trivial fix to make it succeed, since there's no real reason why it shouldn't even though we never need it. Reviewed-by: N Rich Salz <rsalz@openssl.org> Reviewed-by: N Matt Caswell <matt@openssl.org>
c8a18468 · David Woodhouse · Matt Caswell · 715d69b0 · c8a18468
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

ssl/ssl_lib.c ssl/ssl_lib.c +1 -1

未找到文件。
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2300,7 +2300,7 @@ int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
                               const unsigned char *p, size_t plen,
                               int use_context)
 {
-    if (s->version < TLS1_VERSION)
+    if (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER)
        return -1;

    return s->method->ssl3_enc->export_keying_material(s, out, olen, label,