summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/ssl.h12
-rw-r--r--src/lib/libssl/t1_lib.c19
2 files changed, 4 insertions, 27 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index e816dec83c..1a6f28911b 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl.h,v 1.130 2017/08/10 17:18:38 jsing Exp $ */ 1/* $OpenBSD: ssl.h,v 1.131 2017/08/13 16:25:19 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -518,21 +518,15 @@ struct ssl_session_st {
518#define SSL_OP_NO_TLSv1_2 0x08000000L 518#define SSL_OP_NO_TLSv1_2 0x08000000L
519#define SSL_OP_NO_TLSv1_1 0x10000000L 519#define SSL_OP_NO_TLSv1_1 0x10000000L
520 520
521/* Make server add server-hello extension from early version of
522 * cryptopro draft, when GOST ciphersuite is negotiated.
523 * Required for interoperability with CryptoPro CSP 3.x
524 */
525#define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000L
526
527/* SSL_OP_ALL: various bug workarounds that should be rather harmless. */ 521/* SSL_OP_ALL: various bug workarounds that should be rather harmless. */
528#define SSL_OP_ALL \ 522#define SSL_OP_ALL \
529 (SSL_OP_LEGACY_SERVER_CONNECT | \ 523 (SSL_OP_LEGACY_SERVER_CONNECT | \
530 SSL_OP_TLSEXT_PADDING | \ 524 SSL_OP_TLSEXT_PADDING)
531 SSL_OP_CRYPTOPRO_TLSEXT_BUG)
532 525
533/* Obsolete flags kept for compatibility. No sane code should use them. */ 526/* Obsolete flags kept for compatibility. No sane code should use them. */
534#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x0 527#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x0
535#define SSL_OP_CISCO_ANYCONNECT 0x0 528#define SSL_OP_CISCO_ANYCONNECT 0x0
529#define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x0
536#define SSL_OP_EPHEMERAL_RSA 0x0 530#define SSL_OP_EPHEMERAL_RSA 0x0
537#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x0 531#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x0
538#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x0 532#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x0
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 405f08ed33..b8b54484ed 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_lib.c,v 1.131 2017/08/12 23:38:12 beck Exp $ */ 1/* $OpenBSD: t1_lib.c,v 1.132 2017/08/13 16:25:19 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -812,23 +812,6 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
812 } 812 }
813#endif 813#endif
814 814
815 if (((S3I(s)->hs.new_cipher->id & 0xFFFF) == 0x80 ||
816 (S3I(s)->hs.new_cipher->id & 0xFFFF) == 0x81) &&
817 (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG)) {
818 static const unsigned char cryptopro_ext[36] = {
819 0xfd, 0xe8, /*65000*/
820 0x00, 0x20, /*32 bytes length*/
821 0x30, 0x1e, 0x30, 0x08, 0x06, 0x06, 0x2a, 0x85,
822 0x03, 0x02, 0x02, 0x09, 0x30, 0x08, 0x06, 0x06,
823 0x2a, 0x85, 0x03, 0x02, 0x02, 0x16, 0x30, 0x08,
824 0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17
825 };
826 if ((size_t)(limit - ret) < sizeof(cryptopro_ext))
827 return NULL;
828 memcpy(ret, cryptopro_ext, sizeof(cryptopro_ext));
829 ret += sizeof(cryptopro_ext);
830 }
831
832 if (S3I(s)->alpn_selected != NULL) { 815 if (S3I(s)->alpn_selected != NULL) {
833 const unsigned char *selected = S3I(s)->alpn_selected; 816 const unsigned char *selected = S3I(s)->alpn_selected;
834 unsigned int len = S3I(s)->alpn_selected_len; 817 unsigned int len = S3I(s)->alpn_selected_len;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-01 16:42:22 +0000