summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_locl.h
diff options
context:
space:
mode:
authorbeck <>2017-01-26 07:20:57 +0000
committerbeck <>2017-01-26 07:20:57 +0000
commit4da4912184d7585c1156f7bf674490329e917635 (patch)
tree7084b69c15aff2f1f2fea63626df9a5f51b4cb83 /src/lib/libssl/ssl_locl.h
parent658d10735b253d1c476eedc1f621c0865c0baa52 (diff)
downloadopenbsd-4da4912184d7585c1156f7bf674490329e917635.tar.gz
openbsd-4da4912184d7585c1156f7bf674490329e917635.tar.bz2
openbsd-4da4912184d7585c1156f7bf674490329e917635.zip
Limit the number of sequential empty records that we will process
before yielding, and fail if we exceed a maximum. loosely based on what boring and openssl are doing ok jsing@
Diffstat (limited to 'src/lib/libssl/ssl_locl.h')
-rw-r--r--src/lib/libssl/ssl_locl.h6
1 files changed, 5 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 6834592516..215d4ad0b0 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.170 2017/01/26 06:32:58 jsing Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.171 2017/01/26 07:20:57 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -352,6 +352,8 @@ __BEGIN_HIDDEN_DECLS
352#define SSL_PKEY_GOST01 6 352#define SSL_PKEY_GOST01 6
353#define SSL_PKEY_NUM 7 353#define SSL_PKEY_NUM 7
354 354
355#define SSL_MAX_EMPTY_RECORDS 32
356
355/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) | 357/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
356 * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN) 358 * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
357 * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN) 359 * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
@@ -770,6 +772,8 @@ typedef struct ssl_internal_st {
770 int rstate; /* where we are when reading */ 772 int rstate; /* where we are when reading */
771 773
772 int mac_packet; 774 int mac_packet;
775
776 int empty_record_count;
773} SSL_INTERNAL; 777} SSL_INTERNAL;
774 778
775typedef struct ssl3_state_internal_st { 779typedef struct ssl3_state_internal_st {