summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_options.38
-rw-r--r--src/lib/libssl/s3_srvr.c12
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.38
-rw-r--r--src/lib/libssl/src/ssl/s3_srvr.c12
-rw-r--r--src/lib/libssl/src/ssl/ssl.h5
-rw-r--r--src/lib/libssl/ssl.h5
6 files changed, 22 insertions, 28 deletions
diff --git a/src/lib/libssl/doc/SSL_CTX_set_options.3 b/src/lib/libssl/doc/SSL_CTX_set_options.3
index 91a1c9ad92..0ffa025ce2 100644
--- a/src/lib/libssl/doc/SSL_CTX_set_options.3
+++ b/src/lib/libssl/doc/SSL_CTX_set_options.3
@@ -1,7 +1,7 @@
1.\" 1.\"
2.\" $OpenBSD: SSL_CTX_set_options.3,v 1.8 2015/07/17 15:50:37 doug Exp $ 2.\" $OpenBSD: SSL_CTX_set_options.3,v 1.9 2015/07/18 01:42:26 doug Exp $
3.\" 3.\"
4.Dd $Mdocdate: July 17 2015 $ 4.Dd $Mdocdate: July 18 2015 $
5.Dt SSL_CTX_SET_OPTIONS 3 5.Dt SSL_CTX_SET_OPTIONS 3
6.Os 6.Os
7.Sh NAME 7.Sh NAME
@@ -124,7 +124,9 @@ As of
124.Ox 5.8 , 124.Ox 5.8 ,
125this option has no effect. 125this option has no effect.
126.It Dv SSL_OP_TLS_D5_BUG 126.It Dv SSL_OP_TLS_D5_BUG
127\&... 127As of
128.Ox 5.8 ,
129this option has no effect.
128.It Dv SSL_OP_TLS_BLOCK_PADDING_BUG 130.It Dv SSL_OP_TLS_BLOCK_PADDING_BUG
129As of 131As of
130.Ox 5.8 , 132.Ox 5.8 ,
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index e70f8af440..cd5bc2a6cb 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_srvr.c,v 1.110 2015/07/14 05:16:47 doug Exp $ */ 1/* $OpenBSD: s3_srvr.c,v 1.111 2015/07/18 01:42:26 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1708,13 +1708,9 @@ ssl3_get_client_key_exchange(SSL *s)
1708 goto truncated; 1708 goto truncated;
1709 n2s(p, i); 1709 n2s(p, i);
1710 if (n != i + 2) { 1710 if (n != i + 2) {
1711 if (!(s->options & SSL_OP_TLS_D5_BUG)) { 1711 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1712 SSLerr( 1712 SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
1713 SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 1713 goto err;
1714 SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
1715 goto err;
1716 } else
1717 p -= 2;
1718 } else 1714 } else
1719 n = i; 1715 n = i;
1720 } 1716 }
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3 b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3
index 91a1c9ad92..0ffa025ce2 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3
@@ -1,7 +1,7 @@
1.\" 1.\"
2.\" $OpenBSD: SSL_CTX_set_options.3,v 1.8 2015/07/17 15:50:37 doug Exp $ 2.\" $OpenBSD: SSL_CTX_set_options.3,v 1.9 2015/07/18 01:42:26 doug Exp $
3.\" 3.\"
4.Dd $Mdocdate: July 17 2015 $ 4.Dd $Mdocdate: July 18 2015 $
5.Dt SSL_CTX_SET_OPTIONS 3 5.Dt SSL_CTX_SET_OPTIONS 3
6.Os 6.Os
7.Sh NAME 7.Sh NAME
@@ -124,7 +124,9 @@ As of
124.Ox 5.8 , 124.Ox 5.8 ,
125this option has no effect. 125this option has no effect.
126.It Dv SSL_OP_TLS_D5_BUG 126.It Dv SSL_OP_TLS_D5_BUG
127\&... 127As of
128.Ox 5.8 ,
129this option has no effect.
128.It Dv SSL_OP_TLS_BLOCK_PADDING_BUG 130.It Dv SSL_OP_TLS_BLOCK_PADDING_BUG
129As of 131As of
130.Ox 5.8 , 132.Ox 5.8 ,
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index e70f8af440..cd5bc2a6cb 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_srvr.c,v 1.110 2015/07/14 05:16:47 doug Exp $ */ 1/* $OpenBSD: s3_srvr.c,v 1.111 2015/07/18 01:42:26 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1708,13 +1708,9 @@ ssl3_get_client_key_exchange(SSL *s)
1708 goto truncated; 1708 goto truncated;
1709 n2s(p, i); 1709 n2s(p, i);
1710 if (n != i + 2) { 1710 if (n != i + 2) {
1711 if (!(s->options & SSL_OP_TLS_D5_BUG)) { 1711 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1712 SSLerr( 1712 SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
1713 SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 1713 goto err;
1714 SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
1715 goto err;
1716 } else
1717 p -= 2;
1718 } else 1714 } else
1719 n = i; 1715 n = i;
1720 } 1716 }
diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h
index 33aaadcd20..7d3e3c8171 100644
--- a/src/lib/libssl/src/ssl/ssl.h
+++ b/src/lib/libssl/src/ssl/ssl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl.h,v 1.89 2015/07/17 15:50:37 doug Exp $ */ 1/* $OpenBSD: ssl.h,v 1.90 2015/07/18 01:42:26 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -520,7 +520,6 @@ struct ssl_session_st {
520#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L 520#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
521#define SSL_OP_TLSEXT_PADDING 0x00000010L 521#define SSL_OP_TLSEXT_PADDING 0x00000010L
522#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L 522#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
523#define SSL_OP_TLS_D5_BUG 0x00000100L
524 523
525/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added 524/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
526 * in OpenSSL 0.9.6d. Usually (depending on the application protocol) 525 * in OpenSSL 0.9.6d. Usually (depending on the application protocol)
@@ -574,7 +573,6 @@ struct ssl_session_st {
574 (SSL_OP_LEGACY_SERVER_CONNECT | \ 573 (SSL_OP_LEGACY_SERVER_CONNECT | \
575 SSL_OP_TLSEXT_PADDING | \ 574 SSL_OP_TLSEXT_PADDING | \
576 SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER | \ 575 SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER | \
577 SSL_OP_TLS_D5_BUG | \
578 SSL_OP_CRYPTOPRO_TLSEXT_BUG) 576 SSL_OP_CRYPTOPRO_TLSEXT_BUG)
579 577
580/* Obsolete flags kept for compatibility. No sane code should use them. */ 578/* Obsolete flags kept for compatibility. No sane code should use them. */
@@ -592,6 +590,7 @@ struct ssl_session_st {
592#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0 590#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0
593#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 591#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0
594#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0 592#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0
593#define SSL_OP_TLS_D5_BUG 0x0
595 594
596/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success 595/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
597 * when just a single record has been written): */ 596 * when just a single record has been written): */
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 33aaadcd20..7d3e3c8171 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl.h,v 1.89 2015/07/17 15:50:37 doug Exp $ */ 1/* $OpenBSD: ssl.h,v 1.90 2015/07/18 01:42:26 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -520,7 +520,6 @@ struct ssl_session_st {
520#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L 520#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
521#define SSL_OP_TLSEXT_PADDING 0x00000010L 521#define SSL_OP_TLSEXT_PADDING 0x00000010L
522#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L 522#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
523#define SSL_OP_TLS_D5_BUG 0x00000100L
524 523
525/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added 524/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
526 * in OpenSSL 0.9.6d. Usually (depending on the application protocol) 525 * in OpenSSL 0.9.6d. Usually (depending on the application protocol)
@@ -574,7 +573,6 @@ struct ssl_session_st {
574 (SSL_OP_LEGACY_SERVER_CONNECT | \ 573 (SSL_OP_LEGACY_SERVER_CONNECT | \
575 SSL_OP_TLSEXT_PADDING | \ 574 SSL_OP_TLSEXT_PADDING | \
576 SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER | \ 575 SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER | \
577 SSL_OP_TLS_D5_BUG | \
578 SSL_OP_CRYPTOPRO_TLSEXT_BUG) 576 SSL_OP_CRYPTOPRO_TLSEXT_BUG)
579 577
580/* Obsolete flags kept for compatibility. No sane code should use them. */ 578/* Obsolete flags kept for compatibility. No sane code should use them. */
@@ -592,6 +590,7 @@ struct ssl_session_st {
592#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0 590#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0
593#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 591#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0
594#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0 592#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0
593#define SSL_OP_TLS_D5_BUG 0x0
595 594
596/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success 595/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
597 * when just a single record has been written): */ 596 * when just a single record has been written): */
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-30 05:14:44 +0000