Commit 7538cb82 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

remove ancient SSLeay bug workaround 



Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
parent 3e166c13

include/openssl/ssl.h

+2 −1
Original line number Diff line number Diff line
@@ -364,7 +364,8 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, 
# define SSL_OP_TLSEXT_PADDING                           0x00000010U

# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER               0x00000020U

# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG                   0x00000040U

# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG                 0x00000080U

/* Ancient SSLeay version, retained for compatibility */

# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG                 0x0

# define SSL_OP_TLS_D5_BUG                               0x00000100U

/* Removed from OpenSSL 1.1.0 */

# define SSL_OP_TLS_BLOCK_PADDING_BUG                    0x0U

ssl/statem/statem_srvr.c

+3 −8
Original line number Diff line number Diff line
@@ -2421,14 +2421,9 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) 
            i = 0;

        }

        if (PACKET_remaining(pkt) != i) {

            if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) {

            SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,

                   SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);

            goto err;

            } else {

                *pkt = bookmark;

                i = PACKET_remaining(pkt);

            }

        }

        if (alg_k & SSL_kDHr)

            idx = SSL_PKEY_DH_RSA;