diff options
| author | miod <> | 2014-07-11 15:18:52 +0000 |
|---|---|---|
| committer | miod <> | 2014-07-11 15:18:52 +0000 |
| commit | fbfe45dd95392fba92a3cd5e266edd9fbe7159b5 (patch) | |
| tree | 6743c122e4f6df5bf0923d159126834c3aed6ec1 /src/lib | |
| parent | 2a759bcef04eb3a25abab6bcc94d245df93f8ce6 (diff) | |
| download | openbsd-fbfe45dd95392fba92a3cd5e266edd9fbe7159b5.tar.gz openbsd-fbfe45dd95392fba92a3cd5e266edd9fbe7159b5.tar.bz2 openbsd-fbfe45dd95392fba92a3cd5e266edd9fbe7159b5.zip | |
In ssl3_get_cert_verify(), allow for larger messages to accomodate keys
larger than 4096-bit RSA which the most paranoid of us are using; OpenSSL
PR #319 via OpenSSL trunk.
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libssl/s3_srvr.c | 5 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_srvr.c | 5 |
2 files changed, 4 insertions, 6 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index b0bfe493e8..66a4552237 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_srvr.c,v 1.73 2014/07/11 12:24:51 miod Exp $ */ | 1 | /* $OpenBSD: s3_srvr.c,v 1.74 2014/07/11 15:18:52 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -2270,9 +2270,8 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2270 | EVP_MD_CTX mctx; | 2270 | EVP_MD_CTX mctx; |
| 2271 | EVP_MD_CTX_init(&mctx); | 2271 | EVP_MD_CTX_init(&mctx); |
| 2272 | 2272 | ||
| 2273 | /* 516 maxlen is enough for 4096 bit RSA key with TLS v1.2 */ | ||
| 2274 | n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_VRFY_A, | 2273 | n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_VRFY_A, |
| 2275 | SSL3_ST_SR_CERT_VRFY_B, -1, 516, &ok); | 2274 | SSL3_ST_SR_CERT_VRFY_B, -1, SSL3_RT_MAX_PLAIN_LENGTH, &ok); |
| 2276 | if (!ok) | 2275 | if (!ok) |
| 2277 | return ((int)n); | 2276 | return ((int)n); |
| 2278 | 2277 | ||
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c index b0bfe493e8..66a4552237 100644 --- a/src/lib/libssl/src/ssl/s3_srvr.c +++ b/src/lib/libssl/src/ssl/s3_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_srvr.c,v 1.73 2014/07/11 12:24:51 miod Exp $ */ | 1 | /* $OpenBSD: s3_srvr.c,v 1.74 2014/07/11 15:18:52 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -2270,9 +2270,8 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2270 | EVP_MD_CTX mctx; | 2270 | EVP_MD_CTX mctx; |
| 2271 | EVP_MD_CTX_init(&mctx); | 2271 | EVP_MD_CTX_init(&mctx); |
| 2272 | 2272 | ||
| 2273 | /* 516 maxlen is enough for 4096 bit RSA key with TLS v1.2 */ | ||
| 2274 | n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_VRFY_A, | 2273 | n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_VRFY_A, |
| 2275 | SSL3_ST_SR_CERT_VRFY_B, -1, 516, &ok); | 2274 | SSL3_ST_SR_CERT_VRFY_B, -1, SSL3_RT_MAX_PLAIN_LENGTH, &ok); |
| 2276 | if (!ok) | 2275 | if (!ok) |
| 2277 | return ((int)n); | 2276 | return ((int)n); |
| 2278 | 2277 | ||