[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Wed Mar 8 11:07:15 UTC 2017
The branch master has been updated
via 4f7b76bf0f255c0a04eb3e47361a00b19f16120d (commit)
from 75e314f2d573d4f984ff6a371be7a4966bf5f4c5 (commit)
- Log -----------------------------------------------------------------
commit 4f7b76bf0f255c0a04eb3e47361a00b19f16120d
Author: Matt Caswell <matt at openssl.org>
Date: Tue Mar 7 09:58:27 2017 +0000
Fix no-comp
The value of SSL3_RT_MAX_ENCRYPTED_LENGTH normally includes the compression
overhead (even if no compression is negotiated for a connection). Except in
a build where no-comp is used the value of SSL3_RT_MAX_ENCRYPTED_LENGTH does
not include the compression overhead.
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2872)
-----------------------------------------------------------------------
Summary of changes:
ssl/record/ssl3_record.c | 6 ++++++
test/recordlentest.c | 9 ++++++---
2 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index 1e281fc..211de55 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -349,8 +349,14 @@ int ssl3_get_record(SSL *s)
} else {
size_t len = SSL3_RT_MAX_ENCRYPTED_LENGTH;
+#ifndef OPENSSL_NO_COMP
+ /*
+ * If OPENSSL_NO_COMP is defined then SSL3_RT_MAX_ENCRYPTED_LENGTH
+ * does not include the compression overhead anyway.
+ */
if (s->expand == NULL)
len -= SSL3_RT_MAX_COMPRESSED_OVERHEAD;
+#endif
if (thisrr->length > len) {
al = SSL_AD_RECORD_OVERFLOW;
diff --git a/test/recordlentest.c b/test/recordlentest.c
index 6bb1db4..82ababe 100644
--- a/test/recordlentest.c
+++ b/test/recordlentest.c
@@ -78,7 +78,7 @@ static int fail_due_to_record_overflow(int enc)
return 0;
}
-static int test_record_plain_overflow(int idx)
+static int test_record_overflow(int idx)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
@@ -111,7 +111,10 @@ static int test_record_plain_overflow(int idx)
if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK
|| idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK) {
- len = SSL3_RT_MAX_ENCRYPTED_LENGTH - SSL3_RT_MAX_COMPRESSED_OVERHEAD;
+ len = SSL3_RT_MAX_ENCRYPTED_LENGTH;
+#ifndef OPENSSL_NO_COMP
+ len -= SSL3_RT_MAX_COMPRESSED_OVERHEAD;
+#endif
SSL_CTX_set_max_proto_version(sctx, TLS1_2_VERSION);
} else if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK
|| idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK) {
@@ -211,7 +214,7 @@ int test_main(int argc, char *argv[])
cert = argv[1];
privkey = argv[2];
- ADD_ALL_TESTS(test_record_plain_overflow, TOTAL_RECORD_OVERFLOW_TESTS);
+ ADD_ALL_TESTS(test_record_overflow, TOTAL_RECORD_OVERFLOW_TESTS);
testresult = run_tests(argv[0]);
More information about the openssl-commits
mailing list