summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_pkt.c
diff options
context:
space:
mode:
authordoug <>2015-07-18 19:41:54 +0000
committerdoug <>2015-07-18 19:41:54 +0000
commit7f2d6dc6af99690299b2a423c25d0d7240957c6f (patch)
tree36796e4558d127f54a2ea8088a9f89274f442edc /src/lib/libssl/s3_pkt.c
parentcdc6d7e16d216fefca241ecf91490a6ca83d80b8 (diff)
downloadopenbsd-7f2d6dc6af99690299b2a423c25d0d7240957c6f.tar.gz
openbsd-7f2d6dc6af99690299b2a423c25d0d7240957c6f.tar.bz2
openbsd-7f2d6dc6af99690299b2a423c25d0d7240957c6f.zip
Remove SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER workaround.
This was a hack to work around problems on IE 6 with SSLv3. ok miod@ bcook@
Diffstat (limited to 'src/lib/libssl/s3_pkt.c')
-rw-r--r--src/lib/libssl/s3_pkt.c21
1 files changed, 4 insertions, 17 deletions
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
index 117e6ec2da..1e94bf437e 100644
--- a/src/lib/libssl/s3_pkt.c
+++ b/src/lib/libssl/s3_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_pkt.c,v 1.54 2014/12/14 21:49:29 bcook Exp $ */ 1/* $OpenBSD: s3_pkt.c,v 1.55 2015/07/18 19:41:54 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -284,23 +284,10 @@ ssl3_get_record(SSL *s)
284 unsigned char md[EVP_MAX_MD_SIZE]; 284 unsigned char md[EVP_MAX_MD_SIZE];
285 short version; 285 short version;
286 unsigned mac_size, orig_len; 286 unsigned mac_size, orig_len;
287 size_t extra;
288 287
289 rr = &(s->s3->rrec); 288 rr = &(s->s3->rrec);
290 sess = s->session; 289 sess = s->session;
291 290
292 if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
293 extra = SSL3_RT_MAX_EXTRA;
294 else
295 extra = 0;
296
297 if (extra && !s->s3->init_extra) {
298 /* An application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER
299 * set after ssl3_setup_buffers() was done */
300 SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR);
301 return -1;
302 }
303
304again: 291again:
305 /* check if we have the header */ 292 /* check if we have the header */
306 if ((s->rstate != SSL_ST_READ_BODY) || 293 if ((s->rstate != SSL_ST_READ_BODY) ||
@@ -379,7 +366,7 @@ again:
379 * rr->length bytes of encrypted compressed stuff. */ 366 * rr->length bytes of encrypted compressed stuff. */
380 367
381 /* check is not needed I believe */ 368 /* check is not needed I believe */
382 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH + extra) { 369 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
383 al = SSL_AD_RECORD_OVERFLOW; 370 al = SSL_AD_RECORD_OVERFLOW;
384 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); 371 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
385 goto f_err; 372 goto f_err;
@@ -449,7 +436,7 @@ again:
449 timingsafe_memcmp(md, mac, (size_t)mac_size) != 0) 436 timingsafe_memcmp(md, mac, (size_t)mac_size) != 0)
450 enc_err = -1; 437 enc_err = -1;
451 if (rr->length > 438 if (rr->length >
452 SSL3_RT_MAX_COMPRESSED_LENGTH + extra + mac_size) 439 SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
453 enc_err = -1; 440 enc_err = -1;
454 } 441 }
455 442
@@ -468,7 +455,7 @@ again:
468 goto f_err; 455 goto f_err;
469 } 456 }
470 457
471 if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH + extra) { 458 if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
472 al = SSL_AD_RECORD_OVERFLOW; 459 al = SSL_AD_RECORD_OVERFLOW;
473 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG); 460 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG);
474 goto f_err; 461 goto f_err;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-25 23:14:13 +0000