generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

remove ancient SSLeay bug workaround

Browse Source 
Reviewed-by: Matt Caswell <matt@openssl.org>
This commit is contained in:
Dr. Stephen Henson 2015-12-12 18:39:38 +00:00
parent 3e166c136e
commit 7538cb82f9
2 changed files with 5 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
include/openssl/ssl.h
View File

@ -364,7 +364,8 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type,
# define SSL_OP_TLSEXT_PADDING 0x00000010U
# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020U
# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040U
# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080U
/* Ancient SSLeay version, retained for compatibility */
# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0
# define SSL_OP_TLS_D5_BUG 0x00000100U
/* Removed from OpenSSL 1.1.0 */
# define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0U

11
ssl/statem/statem_srvr.c
View File

@ -2421,14 +2421,9 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
i = 0;
}
if (PACKET_remaining(pkt) != i) {
if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) {
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
goto err;
} else {
*pkt = bookmark;
i = PACKET_remaining(pkt);
}
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
goto err;
}
if (alg_k & SSL_kDHr)
idx = SSL_PKEY_DH_RSA;