--- a/components/openssl/common/patches/052-CVE-2016-6302.patch Fri Sep 23 08:18:05 2016 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,30 +0,0 @@
-# The patch is based on the following commit from the upstream:
-# https://github.com/openssl/openssl/commit/baaabfd8fdcec04a691695fad9a664bea43202b6
-# The fix is patched until the new version becomes available
-# from the upstream.
---- a/ssl/t1_lib.c
-+++ b/ssl/t1_lib.c
-@@ -3401,9 +3401,7 @@
- HMAC_CTX hctx;
- EVP_CIPHER_CTX ctx;
- SSL_CTX *tctx = s->initial_ctx;
-- /* Need at least keyname + iv + some encrypted data */
-- if (eticklen < 48)
-- return 2;
-+
- /* Initialize session ticket encryption and HMAC contexts */
- HMAC_CTX_init(&hctx);
- EVP_CIPHER_CTX_init(&ctx);
-@@ -3437,6 +3435,12 @@
- if (mlen < 0) {
- goto err;
- }
-+ /* Sanity check ticket length: must exceed keyname + IV + HMAC */
-+ if (eticklen <= 16 + EVP_CIPHER_CTX_iv_length(&ctx) + mlen) {
-+ HMAC_CTX_cleanup(&hctx);
-+ EVP_CIPHER_CTX_cleanup(&ctx);
-+ return 2;
-+ }
- eticklen -= mlen;
- /* Check HMAC of encrypted ticket */
- if (HMAC_Update(&hctx, etick, eticklen) <= 0