diff options
Diffstat (limited to 'lib/libssl/src')
| -rw-r--r-- | lib/libssl/src/doc/ssl/SSL_CTX_set_options.3 | 6 | ||||
| -rw-r--r-- | lib/libssl/src/ssl/s3_both.c | 6 | ||||
| -rw-r--r-- | lib/libssl/src/ssl/s3_pkt.c | 21 | ||||
| -rw-r--r-- | lib/libssl/src/ssl/ssl.h | 5 | ||||
| -rw-r--r-- | lib/libssl/src/ssl/ssl3.h | 4 |
5 files changed, 13 insertions, 29 deletions
diff --git a/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3 b/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3 index 0ffa025ce20..852553e97fa 100644 --- a/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3 +++ b/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3 @@ -1,5 +1,5 @@ .\" -.\" $OpenBSD: SSL_CTX_set_options.3,v 1.9 2015/07/18 01:42:26 doug Exp $ +.\" $OpenBSD: SSL_CTX_set_options.3,v 1.10 2015/07/18 19:41:54 doug Exp $ .\" .Dd $Mdocdate: July 18 2015 $ .Dt SSL_CTX_SET_OPTIONS 3 @@ -114,7 +114,9 @@ As of .Ox 5.8 , this option has no effect. .It Dv SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER -\&... +As of +.Ox 5.8 , +this option has no effect. .It Dv SSL_OP_SAFARI_ECDHE_ECDSA_BUG As of .Ox 5.8 , diff --git a/lib/libssl/src/ssl/s3_both.c b/lib/libssl/src/ssl/s3_both.c index a19ce743808..5a1d1e74433 100644 --- a/lib/libssl/src/ssl/s3_both.c +++ b/lib/libssl/src/ssl/s3_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_both.c,v 1.42 2015/07/15 21:52:02 beck Exp $ */ +/* $OpenBSD: s3_both.c,v 1.43 2015/07/18 19:41:54 doug Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -647,10 +647,6 @@ ssl3_setup_read_buffer(SSL *s) if (s->s3->rbuf.buf == NULL) { len = SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align; - if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) { - s->s3->init_extra = 1; - len += SSL3_RT_MAX_EXTRA; - } if ((p = malloc(len)) == NULL) goto err; s->s3->rbuf.buf = p; diff --git a/lib/libssl/src/ssl/s3_pkt.c b/lib/libssl/src/ssl/s3_pkt.c index 117e6ec2daf..1e94bf437ed 100644 --- a/lib/libssl/src/ssl/s3_pkt.c +++ b/lib/libssl/src/ssl/s3_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_pkt.c,v 1.54 2014/12/14 21:49:29 bcook Exp $ */ +/* $OpenBSD: s3_pkt.c,v 1.55 2015/07/18 19:41:54 doug Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -284,23 +284,10 @@ ssl3_get_record(SSL *s) unsigned char md[EVP_MAX_MD_SIZE]; short version; unsigned mac_size, orig_len; - size_t extra; rr = &(s->s3->rrec); sess = s->session; - if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) - extra = SSL3_RT_MAX_EXTRA; - else - extra = 0; - - if (extra && !s->s3->init_extra) { - /* An application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER - * set after ssl3_setup_buffers() was done */ - SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR); - return -1; - } - again: /* check if we have the header */ if ((s->rstate != SSL_ST_READ_BODY) || @@ -379,7 +366,7 @@ again: * rr->length bytes of encrypted compressed stuff. */ /* check is not needed I believe */ - if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH + extra) { + if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) { al = SSL_AD_RECORD_OVERFLOW; SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); goto f_err; @@ -449,7 +436,7 @@ again: timingsafe_memcmp(md, mac, (size_t)mac_size) != 0) enc_err = -1; if (rr->length > - SSL3_RT_MAX_COMPRESSED_LENGTH + extra + mac_size) + SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size) enc_err = -1; } @@ -468,7 +455,7 @@ again: goto f_err; } - if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH + extra) { + if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) { al = SSL_AD_RECORD_OVERFLOW; SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG); goto f_err; diff --git a/lib/libssl/src/ssl/ssl.h b/lib/libssl/src/ssl/ssl.h index 7d3e3c8171c..0a0a711a201 100644 --- a/lib/libssl/src/ssl/ssl.h +++ b/lib/libssl/src/ssl/ssl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.h,v 1.90 2015/07/18 01:42:26 doug Exp $ */ +/* $OpenBSD: ssl.h,v 1.91 2015/07/18 19:41:54 doug Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -519,7 +519,6 @@ struct ssl_session_st { /* Allow initial connection to servers that don't support RI */ #define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L #define SSL_OP_TLSEXT_PADDING 0x00000010L -#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added * in OpenSSL 0.9.6d. Usually (depending on the application protocol) @@ -572,7 +571,6 @@ struct ssl_session_st { #define SSL_OP_ALL \ (SSL_OP_LEGACY_SERVER_CONNECT | \ SSL_OP_TLSEXT_PADDING | \ - SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER | \ SSL_OP_CRYPTOPRO_TLSEXT_BUG) /* Obsolete flags kept for compatibility. No sane code should use them. */ @@ -591,6 +589,7 @@ struct ssl_session_st { #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0 #define SSL_OP_TLS_D5_BUG 0x0 +#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x0 /* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success * when just a single record has been written): */ diff --git a/lib/libssl/src/ssl/ssl3.h b/lib/libssl/src/ssl/ssl3.h index 4de50428a8b..4cb27e1634f 100644 --- a/lib/libssl/src/ssl/ssl3.h +++ b/lib/libssl/src/ssl/ssl3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl3.h,v 1.39 2015/07/17 15:50:37 doug Exp $ */ +/* $OpenBSD: ssl3.h,v 1.40 2015/07/18 19:41:54 doug Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -376,7 +376,7 @@ typedef struct ssl3_state_st { int need_empty_fragments; int empty_fragment_done; - /* The value of 'extra' when the buffers were initialized */ + /* XXX delete on next major bump. */ int init_extra; SSL3_BUFFER rbuf; /* read IO goes into here */ |