diff options
| author | doug <> | 2015-07-18 19:41:54 +0000 |
|---|---|---|
| committer | doug <> | 2015-07-18 19:41:54 +0000 |
| commit | 7f2d6dc6af99690299b2a423c25d0d7240957c6f (patch) | |
| tree | 36796e4558d127f54a2ea8088a9f89274f442edc /src | |
| parent | cdc6d7e16d216fefca241ecf91490a6ca83d80b8 (diff) | |
| download | openbsd-7f2d6dc6af99690299b2a423c25d0d7240957c6f.tar.gz openbsd-7f2d6dc6af99690299b2a423c25d0d7240957c6f.tar.bz2 openbsd-7f2d6dc6af99690299b2a423c25d0d7240957c6f.zip | |
Remove SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER workaround.
This was a hack to work around problems on IE 6 with SSLv3.
ok miod@ bcook@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/doc/SSL_CTX_set_options.3 | 6 | ||||
| -rw-r--r-- | src/lib/libssl/s3_both.c | 6 | ||||
| -rw-r--r-- | src/lib/libssl/s3_pkt.c | 21 | ||||
| -rw-r--r-- | src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3 | 6 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_both.c | 6 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_pkt.c | 21 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl.h | 5 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl3.h | 4 | ||||
| -rw-r--r-- | src/lib/libssl/ssl.h | 5 | ||||
| -rw-r--r-- | src/lib/libssl/ssl3.h | 4 |
10 files changed, 26 insertions, 58 deletions
diff --git a/src/lib/libssl/doc/SSL_CTX_set_options.3 b/src/lib/libssl/doc/SSL_CTX_set_options.3 index 0ffa025ce2..852553e97f 100644 --- a/src/lib/libssl/doc/SSL_CTX_set_options.3 +++ b/src/lib/libssl/doc/SSL_CTX_set_options.3 | |||
| @@ -1,5 +1,5 @@ | |||
| 1 | .\" | 1 | .\" |
| 2 | .\" $OpenBSD: SSL_CTX_set_options.3,v 1.9 2015/07/18 01:42:26 doug Exp $ | 2 | .\" $OpenBSD: SSL_CTX_set_options.3,v 1.10 2015/07/18 19:41:54 doug Exp $ |
| 3 | .\" | 3 | .\" |
| 4 | .Dd $Mdocdate: July 18 2015 $ | 4 | .Dd $Mdocdate: July 18 2015 $ |
| 5 | .Dt SSL_CTX_SET_OPTIONS 3 | 5 | .Dt SSL_CTX_SET_OPTIONS 3 |
| @@ -114,7 +114,9 @@ As of | |||
| 114 | .Ox 5.8 , | 114 | .Ox 5.8 , |
| 115 | this option has no effect. | 115 | this option has no effect. |
| 116 | .It Dv SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER | 116 | .It Dv SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER |
| 117 | \&... | 117 | As of |
| 118 | .Ox 5.8 , | ||
| 119 | this option has no effect. | ||
| 118 | .It Dv SSL_OP_SAFARI_ECDHE_ECDSA_BUG | 120 | .It Dv SSL_OP_SAFARI_ECDHE_ECDSA_BUG |
| 119 | As of | 121 | As of |
| 120 | .Ox 5.8 , | 122 | .Ox 5.8 , |
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c index a19ce74380..5a1d1e7443 100644 --- a/src/lib/libssl/s3_both.c +++ b/src/lib/libssl/s3_both.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_both.c,v 1.42 2015/07/15 21:52:02 beck Exp $ */ | 1 | /* $OpenBSD: s3_both.c,v 1.43 2015/07/18 19:41:54 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -647,10 +647,6 @@ ssl3_setup_read_buffer(SSL *s) | |||
| 647 | if (s->s3->rbuf.buf == NULL) { | 647 | if (s->s3->rbuf.buf == NULL) { |
| 648 | len = SSL3_RT_MAX_PLAIN_LENGTH + | 648 | len = SSL3_RT_MAX_PLAIN_LENGTH + |
| 649 | SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align; | 649 | SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align; |
| 650 | if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) { | ||
| 651 | s->s3->init_extra = 1; | ||
| 652 | len += SSL3_RT_MAX_EXTRA; | ||
| 653 | } | ||
| 654 | if ((p = malloc(len)) == NULL) | 650 | if ((p = malloc(len)) == NULL) |
| 655 | goto err; | 651 | goto err; |
| 656 | s->s3->rbuf.buf = p; | 652 | s->s3->rbuf.buf = p; |
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c index 117e6ec2da..1e94bf437e 100644 --- a/src/lib/libssl/s3_pkt.c +++ b/src/lib/libssl/s3_pkt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_pkt.c,v 1.54 2014/12/14 21:49:29 bcook Exp $ */ | 1 | /* $OpenBSD: s3_pkt.c,v 1.55 2015/07/18 19:41:54 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -284,23 +284,10 @@ ssl3_get_record(SSL *s) | |||
| 284 | unsigned char md[EVP_MAX_MD_SIZE]; | 284 | unsigned char md[EVP_MAX_MD_SIZE]; |
| 285 | short version; | 285 | short version; |
| 286 | unsigned mac_size, orig_len; | 286 | unsigned mac_size, orig_len; |
| 287 | size_t extra; | ||
| 288 | 287 | ||
| 289 | rr = &(s->s3->rrec); | 288 | rr = &(s->s3->rrec); |
| 290 | sess = s->session; | 289 | sess = s->session; |
| 291 | 290 | ||
| 292 | if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) | ||
| 293 | extra = SSL3_RT_MAX_EXTRA; | ||
| 294 | else | ||
| 295 | extra = 0; | ||
| 296 | |||
| 297 | if (extra && !s->s3->init_extra) { | ||
| 298 | /* An application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER | ||
| 299 | * set after ssl3_setup_buffers() was done */ | ||
| 300 | SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR); | ||
| 301 | return -1; | ||
| 302 | } | ||
| 303 | |||
| 304 | again: | 291 | again: |
| 305 | /* check if we have the header */ | 292 | /* check if we have the header */ |
| 306 | if ((s->rstate != SSL_ST_READ_BODY) || | 293 | if ((s->rstate != SSL_ST_READ_BODY) || |
| @@ -379,7 +366,7 @@ again: | |||
| 379 | * rr->length bytes of encrypted compressed stuff. */ | 366 | * rr->length bytes of encrypted compressed stuff. */ |
| 380 | 367 | ||
| 381 | /* check is not needed I believe */ | 368 | /* check is not needed I believe */ |
| 382 | if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH + extra) { | 369 | if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) { |
| 383 | al = SSL_AD_RECORD_OVERFLOW; | 370 | al = SSL_AD_RECORD_OVERFLOW; |
| 384 | SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); | 371 | SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); |
| 385 | goto f_err; | 372 | goto f_err; |
| @@ -449,7 +436,7 @@ again: | |||
| 449 | timingsafe_memcmp(md, mac, (size_t)mac_size) != 0) | 436 | timingsafe_memcmp(md, mac, (size_t)mac_size) != 0) |
| 450 | enc_err = -1; | 437 | enc_err = -1; |
| 451 | if (rr->length > | 438 | if (rr->length > |
| 452 | SSL3_RT_MAX_COMPRESSED_LENGTH + extra + mac_size) | 439 | SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size) |
| 453 | enc_err = -1; | 440 | enc_err = -1; |
| 454 | } | 441 | } |
| 455 | 442 | ||
| @@ -468,7 +455,7 @@ again: | |||
| 468 | goto f_err; | 455 | goto f_err; |
| 469 | } | 456 | } |
| 470 | 457 | ||
| 471 | if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH + extra) { | 458 | if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) { |
| 472 | al = SSL_AD_RECORD_OVERFLOW; | 459 | al = SSL_AD_RECORD_OVERFLOW; |
| 473 | SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG); | 460 | SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG); |
| 474 | goto f_err; | 461 | goto f_err; |
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3 b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3 index 0ffa025ce2..852553e97f 100644 --- a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3 +++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3 | |||
| @@ -1,5 +1,5 @@ | |||
| 1 | .\" | 1 | .\" |
| 2 | .\" $OpenBSD: SSL_CTX_set_options.3,v 1.9 2015/07/18 01:42:26 doug Exp $ | 2 | .\" $OpenBSD: SSL_CTX_set_options.3,v 1.10 2015/07/18 19:41:54 doug Exp $ |
| 3 | .\" | 3 | .\" |
| 4 | .Dd $Mdocdate: July 18 2015 $ | 4 | .Dd $Mdocdate: July 18 2015 $ |
| 5 | .Dt SSL_CTX_SET_OPTIONS 3 | 5 | .Dt SSL_CTX_SET_OPTIONS 3 |
| @@ -114,7 +114,9 @@ As of | |||
| 114 | .Ox 5.8 , | 114 | .Ox 5.8 , |
| 115 | this option has no effect. | 115 | this option has no effect. |
| 116 | .It Dv SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER | 116 | .It Dv SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER |
| 117 | \&... | 117 | As of |
| 118 | .Ox 5.8 , | ||
| 119 | this option has no effect. | ||
| 118 | .It Dv SSL_OP_SAFARI_ECDHE_ECDSA_BUG | 120 | .It Dv SSL_OP_SAFARI_ECDHE_ECDSA_BUG |
| 119 | As of | 121 | As of |
| 120 | .Ox 5.8 , | 122 | .Ox 5.8 , |
diff --git a/src/lib/libssl/src/ssl/s3_both.c b/src/lib/libssl/src/ssl/s3_both.c index a19ce74380..5a1d1e7443 100644 --- a/src/lib/libssl/src/ssl/s3_both.c +++ b/src/lib/libssl/src/ssl/s3_both.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_both.c,v 1.42 2015/07/15 21:52:02 beck Exp $ */ | 1 | /* $OpenBSD: s3_both.c,v 1.43 2015/07/18 19:41:54 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -647,10 +647,6 @@ ssl3_setup_read_buffer(SSL *s) | |||
| 647 | if (s->s3->rbuf.buf == NULL) { | 647 | if (s->s3->rbuf.buf == NULL) { |
| 648 | len = SSL3_RT_MAX_PLAIN_LENGTH + | 648 | len = SSL3_RT_MAX_PLAIN_LENGTH + |
| 649 | SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align; | 649 | SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align; |
| 650 | if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) { | ||
| 651 | s->s3->init_extra = 1; | ||
| 652 | len += SSL3_RT_MAX_EXTRA; | ||
| 653 | } | ||
| 654 | if ((p = malloc(len)) == NULL) | 650 | if ((p = malloc(len)) == NULL) |
| 655 | goto err; | 651 | goto err; |
| 656 | s->s3->rbuf.buf = p; | 652 | s->s3->rbuf.buf = p; |
diff --git a/src/lib/libssl/src/ssl/s3_pkt.c b/src/lib/libssl/src/ssl/s3_pkt.c index 117e6ec2da..1e94bf437e 100644 --- a/src/lib/libssl/src/ssl/s3_pkt.c +++ b/src/lib/libssl/src/ssl/s3_pkt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_pkt.c,v 1.54 2014/12/14 21:49:29 bcook Exp $ */ | 1 | /* $OpenBSD: s3_pkt.c,v 1.55 2015/07/18 19:41:54 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -284,23 +284,10 @@ ssl3_get_record(SSL *s) | |||
| 284 | unsigned char md[EVP_MAX_MD_SIZE]; | 284 | unsigned char md[EVP_MAX_MD_SIZE]; |
| 285 | short version; | 285 | short version; |
| 286 | unsigned mac_size, orig_len; | 286 | unsigned mac_size, orig_len; |
| 287 | size_t extra; | ||
| 288 | 287 | ||
| 289 | rr = &(s->s3->rrec); | 288 | rr = &(s->s3->rrec); |
| 290 | sess = s->session; | 289 | sess = s->session; |
| 291 | 290 | ||
| 292 | if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) | ||
| 293 | extra = SSL3_RT_MAX_EXTRA; | ||
| 294 | else | ||
| 295 | extra = 0; | ||
| 296 | |||
| 297 | if (extra && !s->s3->init_extra) { | ||
| 298 | /* An application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER | ||
| 299 | * set after ssl3_setup_buffers() was done */ | ||
| 300 | SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR); | ||
| 301 | return -1; | ||
| 302 | } | ||
| 303 | |||
| 304 | again: | 291 | again: |
| 305 | /* check if we have the header */ | 292 | /* check if we have the header */ |
| 306 | if ((s->rstate != SSL_ST_READ_BODY) || | 293 | if ((s->rstate != SSL_ST_READ_BODY) || |
| @@ -379,7 +366,7 @@ again: | |||
| 379 | * rr->length bytes of encrypted compressed stuff. */ | 366 | * rr->length bytes of encrypted compressed stuff. */ |
| 380 | 367 | ||
| 381 | /* check is not needed I believe */ | 368 | /* check is not needed I believe */ |
| 382 | if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH + extra) { | 369 | if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) { |
| 383 | al = SSL_AD_RECORD_OVERFLOW; | 370 | al = SSL_AD_RECORD_OVERFLOW; |
| 384 | SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); | 371 | SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); |
| 385 | goto f_err; | 372 | goto f_err; |
| @@ -449,7 +436,7 @@ again: | |||
| 449 | timingsafe_memcmp(md, mac, (size_t)mac_size) != 0) | 436 | timingsafe_memcmp(md, mac, (size_t)mac_size) != 0) |
| 450 | enc_err = -1; | 437 | enc_err = -1; |
| 451 | if (rr->length > | 438 | if (rr->length > |
| 452 | SSL3_RT_MAX_COMPRESSED_LENGTH + extra + mac_size) | 439 | SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size) |
| 453 | enc_err = -1; | 440 | enc_err = -1; |
| 454 | } | 441 | } |
| 455 | 442 | ||
| @@ -468,7 +455,7 @@ again: | |||
| 468 | goto f_err; | 455 | goto f_err; |
| 469 | } | 456 | } |
| 470 | 457 | ||
| 471 | if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH + extra) { | 458 | if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) { |
| 472 | al = SSL_AD_RECORD_OVERFLOW; | 459 | al = SSL_AD_RECORD_OVERFLOW; |
| 473 | SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG); | 460 | SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG); |
| 474 | goto f_err; | 461 | goto f_err; |
diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h index 7d3e3c8171..0a0a711a20 100644 --- a/src/lib/libssl/src/ssl/ssl.h +++ b/src/lib/libssl/src/ssl/ssl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl.h,v 1.90 2015/07/18 01:42:26 doug Exp $ */ | 1 | /* $OpenBSD: ssl.h,v 1.91 2015/07/18 19:41:54 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -519,7 +519,6 @@ struct ssl_session_st { | |||
| 519 | /* Allow initial connection to servers that don't support RI */ | 519 | /* Allow initial connection to servers that don't support RI */ |
| 520 | #define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L | 520 | #define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L |
| 521 | #define SSL_OP_TLSEXT_PADDING 0x00000010L | 521 | #define SSL_OP_TLSEXT_PADDING 0x00000010L |
| 522 | #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L | ||
| 523 | 522 | ||
| 524 | /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added | 523 | /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added |
| 525 | * in OpenSSL 0.9.6d. Usually (depending on the application protocol) | 524 | * in OpenSSL 0.9.6d. Usually (depending on the application protocol) |
| @@ -572,7 +571,6 @@ struct ssl_session_st { | |||
| 572 | #define SSL_OP_ALL \ | 571 | #define SSL_OP_ALL \ |
| 573 | (SSL_OP_LEGACY_SERVER_CONNECT | \ | 572 | (SSL_OP_LEGACY_SERVER_CONNECT | \ |
| 574 | SSL_OP_TLSEXT_PADDING | \ | 573 | SSL_OP_TLSEXT_PADDING | \ |
| 575 | SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER | \ | ||
| 576 | SSL_OP_CRYPTOPRO_TLSEXT_BUG) | 574 | SSL_OP_CRYPTOPRO_TLSEXT_BUG) |
| 577 | 575 | ||
| 578 | /* Obsolete flags kept for compatibility. No sane code should use them. */ | 576 | /* Obsolete flags kept for compatibility. No sane code should use them. */ |
| @@ -591,6 +589,7 @@ struct ssl_session_st { | |||
| 591 | #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 | 589 | #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 |
| 592 | #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0 | 590 | #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0 |
| 593 | #define SSL_OP_TLS_D5_BUG 0x0 | 591 | #define SSL_OP_TLS_D5_BUG 0x0 |
| 592 | #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x0 | ||
| 594 | 593 | ||
| 595 | /* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success | 594 | /* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success |
| 596 | * when just a single record has been written): */ | 595 | * when just a single record has been written): */ |
diff --git a/src/lib/libssl/src/ssl/ssl3.h b/src/lib/libssl/src/ssl/ssl3.h index 4de50428a8..4cb27e1634 100644 --- a/src/lib/libssl/src/ssl/ssl3.h +++ b/src/lib/libssl/src/ssl/ssl3.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl3.h,v 1.39 2015/07/17 15:50:37 doug Exp $ */ | 1 | /* $OpenBSD: ssl3.h,v 1.40 2015/07/18 19:41:54 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -376,7 +376,7 @@ typedef struct ssl3_state_st { | |||
| 376 | int need_empty_fragments; | 376 | int need_empty_fragments; |
| 377 | int empty_fragment_done; | 377 | int empty_fragment_done; |
| 378 | 378 | ||
| 379 | /* The value of 'extra' when the buffers were initialized */ | 379 | /* XXX delete on next major bump. */ |
| 380 | int init_extra; | 380 | int init_extra; |
| 381 | 381 | ||
| 382 | SSL3_BUFFER rbuf; /* read IO goes into here */ | 382 | SSL3_BUFFER rbuf; /* read IO goes into here */ |
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index 7d3e3c8171..0a0a711a20 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl.h,v 1.90 2015/07/18 01:42:26 doug Exp $ */ | 1 | /* $OpenBSD: ssl.h,v 1.91 2015/07/18 19:41:54 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -519,7 +519,6 @@ struct ssl_session_st { | |||
| 519 | /* Allow initial connection to servers that don't support RI */ | 519 | /* Allow initial connection to servers that don't support RI */ |
| 520 | #define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L | 520 | #define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L |
| 521 | #define SSL_OP_TLSEXT_PADDING 0x00000010L | 521 | #define SSL_OP_TLSEXT_PADDING 0x00000010L |
| 522 | #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L | ||
| 523 | 522 | ||
| 524 | /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added | 523 | /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added |
| 525 | * in OpenSSL 0.9.6d. Usually (depending on the application protocol) | 524 | * in OpenSSL 0.9.6d. Usually (depending on the application protocol) |
| @@ -572,7 +571,6 @@ struct ssl_session_st { | |||
| 572 | #define SSL_OP_ALL \ | 571 | #define SSL_OP_ALL \ |
| 573 | (SSL_OP_LEGACY_SERVER_CONNECT | \ | 572 | (SSL_OP_LEGACY_SERVER_CONNECT | \ |
| 574 | SSL_OP_TLSEXT_PADDING | \ | 573 | SSL_OP_TLSEXT_PADDING | \ |
| 575 | SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER | \ | ||
| 576 | SSL_OP_CRYPTOPRO_TLSEXT_BUG) | 574 | SSL_OP_CRYPTOPRO_TLSEXT_BUG) |
| 577 | 575 | ||
| 578 | /* Obsolete flags kept for compatibility. No sane code should use them. */ | 576 | /* Obsolete flags kept for compatibility. No sane code should use them. */ |
| @@ -591,6 +589,7 @@ struct ssl_session_st { | |||
| 591 | #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 | 589 | #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 |
| 592 | #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0 | 590 | #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0 |
| 593 | #define SSL_OP_TLS_D5_BUG 0x0 | 591 | #define SSL_OP_TLS_D5_BUG 0x0 |
| 592 | #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x0 | ||
| 594 | 593 | ||
| 595 | /* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success | 594 | /* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success |
| 596 | * when just a single record has been written): */ | 595 | * when just a single record has been written): */ |
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h index 4de50428a8..4cb27e1634 100644 --- a/src/lib/libssl/ssl3.h +++ b/src/lib/libssl/ssl3.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl3.h,v 1.39 2015/07/17 15:50:37 doug Exp $ */ | 1 | /* $OpenBSD: ssl3.h,v 1.40 2015/07/18 19:41:54 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -376,7 +376,7 @@ typedef struct ssl3_state_st { | |||
| 376 | int need_empty_fragments; | 376 | int need_empty_fragments; |
| 377 | int empty_fragment_done; | 377 | int empty_fragment_done; |
| 378 | 378 | ||
| 379 | /* The value of 'extra' when the buffers were initialized */ | 379 | /* XXX delete on next major bump. */ |
| 380 | int init_extra; | 380 | int init_extra; |
| 381 | 381 | ||
| 382 | SSL3_BUFFER rbuf; /* read IO goes into here */ | 382 | SSL3_BUFFER rbuf; /* read IO goes into here */ |