From 7538cb82f941ecede9575aa04d401ffbe1dfb790 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 12 Dec 2015 18:39:38 +0000 Subject: [PATCH] remove ancient SSLeay bug workaround Reviewed-by: Matt Caswell --- include/openssl/ssl.h | 3 ++- ssl/statem/statem_srvr.c | 11 +++-------- 2 files changed, 5 insertions(+), 9 deletions(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 81a3ed7044..04ce44499a 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -364,7 +364,8 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, # define SSL_OP_TLSEXT_PADDING 0x00000010U # define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020U # define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040U -# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080U +/* Ancient SSLeay version, retained for compatibility */ +# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0 # define SSL_OP_TLS_D5_BUG 0x00000100U /* Removed from OpenSSL 1.1.0 */ # define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0U diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 51dcc9eee8..6c6e41dcb3 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2421,14 +2421,9 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) i = 0; } if (PACKET_remaining(pkt) != i) { - if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) { - SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, - SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG); - goto err; - } else { - *pkt = bookmark; - i = PACKET_remaining(pkt); - } + SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, + SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG); + goto err; } if (alg_k & SSL_kDHr) idx = SSL_PKEY_DH_RSA; -- 2.34.1