[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Sun Dec 13 00:43:54 UTC 2015
The branch master has been updated
via 7538cb82f941ecede9575aa04d401ffbe1dfb790 (commit)
from 3e166c136ed161cd0edb83ba15121582c6913692 (commit)
- Log -----------------------------------------------------------------
commit 7538cb82f941ecede9575aa04d401ffbe1dfb790
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sat Dec 12 18:39:38 2015 +0000
remove ancient SSLeay bug workaround
Reviewed-by: Matt Caswell <matt at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
include/openssl/ssl.h | 3 ++-
ssl/statem/statem_srvr.c | 11 +++--------
2 files changed, 5 insertions(+), 9 deletions(-)
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 81a3ed7..04ce444 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -364,7 +364,8 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type,
# define SSL_OP_TLSEXT_PADDING 0x00000010U
# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020U
# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040U
-# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080U
+/* Ancient SSLeay version, retained for compatibility */
+# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0
# define SSL_OP_TLS_D5_BUG 0x00000100U
/* Removed from OpenSSL 1.1.0 */
# define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0U
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 51dcc9e..6c6e41d 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2421,14 +2421,9 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
i = 0;
}
if (PACKET_remaining(pkt) != i) {
- if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) {
- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
- SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
- goto err;
- } else {
- *pkt = bookmark;
- i = PACKET_remaining(pkt);
- }
+ SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
+ SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
+ goto err;
}
if (alg_k & SSL_kDHr)
idx = SSL_PKEY_DH_RSA;
More information about the openssl-commits
mailing list