remove ancient SSLeay bug workaround
authorDr. Stephen Henson <steve@openssl.org>
Sat, 12 Dec 2015 18:39:38 +0000 (18:39 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Sun, 13 Dec 2015 00:43:43 +0000 (00:43 +0000)
Reviewed-by: Matt Caswell <matt@openssl.org>
include/openssl/ssl.h
ssl/statem/statem_srvr.c

index 81a3ed7..04ce444 100644 (file)
@@ -364,7 +364,8 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type,
 # define SSL_OP_TLSEXT_PADDING                           0x00000010U
 # define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER               0x00000020U
 # define SSL_OP_SAFARI_ECDHE_ECDSA_BUG                   0x00000040U
-# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG                 0x00000080U
+/* Ancient SSLeay version, retained for compatibility */
+# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG                 0x0
 # define SSL_OP_TLS_D5_BUG                               0x00000100U
 /* Removed from OpenSSL 1.1.0 */
 # define SSL_OP_TLS_BLOCK_PADDING_BUG                    0x0U
index 51dcc9e..6c6e41d 100644 (file)
@@ -2421,14 +2421,9 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
             i = 0;
         }
         if (PACKET_remaining(pkt) != i) {
-            if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) {
-                SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
-                       SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
-                goto err;
-            } else {
-                *pkt = bookmark;
-                i = PACKET_remaining(pkt);
-            }
+            SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
+                   SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
+            goto err;
         }
         if (alg_k & SSL_kDHr)
             idx = SSL_PKEY_DH_RSA;