wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix no-comp

Browse source 
The value of SSL3_RT_MAX_ENCRYPTED_LENGTH normally includes the compression
overhead (even if no compression is negotiated for a connection). Except in
a build where no-comp is used the value of SSL3_RT_MAX_ENCRYPTED_LENGTH does
not include the compression overhead.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2872)
This commit is contained in:
Matt Caswell 2017-03-07 09:58:27 +00:00
parent 75e314f2d5
commit 4f7b76bf0f
2 changed files with 12 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
ssl/record/ssl3_record.c
View file

@ -349,8 +349,14 @@ int ssl3_get_record(SSL *s)
} else { } else {
size_t len = SSL3_RT_MAX_ENCRYPTED_LENGTH; size_t len = SSL3_RT_MAX_ENCRYPTED_LENGTH;
#ifndef OPENSSL_NO_COMP
/*
* If OPENSSL_NO_COMP is defined then SSL3_RT_MAX_ENCRYPTED_LENGTH
* does not include the compression overhead anyway.
*/
if (s->expand == NULL) if (s->expand == NULL)
len -= SSL3_RT_MAX_COMPRESSED_OVERHEAD; len -= SSL3_RT_MAX_COMPRESSED_OVERHEAD;
#endif
if (thisrr->length > len) { if (thisrr->length > len) {
al = SSL_AD_RECORD_OVERFLOW; al = SSL_AD_RECORD_OVERFLOW;

9
test/recordlentest.c
View file

@ -78,7 +78,7 @@ static int fail_due_to_record_overflow(int enc)
return 0; return 0;
} }
static int test_record_plain_overflow(int idx) static int test_record_overflow(int idx)
{ {
SSL_CTX *cctx = NULL, *sctx = NULL; SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL; SSL *clientssl = NULL, *serverssl = NULL;
@ -111,7 +111,10 @@ static int test_record_plain_overflow(int idx)
if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK
|| idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK) { || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK) {
len = SSL3_RT_MAX_ENCRYPTED_LENGTH - SSL3_RT_MAX_COMPRESSED_OVERHEAD; len = SSL3_RT_MAX_ENCRYPTED_LENGTH;
#ifndef OPENSSL_NO_COMP
len -= SSL3_RT_MAX_COMPRESSED_OVERHEAD;
#endif
SSL_CTX_set_max_proto_version(sctx, TLS1_2_VERSION); SSL_CTX_set_max_proto_version(sctx, TLS1_2_VERSION);
} else if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK } else if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK
|| idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK) { || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK) {
@ -211,7 +214,7 @@ int test_main(int argc, char *argv[])
cert = argv[1]; cert = argv[1];
privkey = argv[2]; privkey = argv[2];
ADD_ALL_TESTS(test_record_plain_overflow, TOTAL_RECORD_OVERFLOW_TESTS); ADD_ALL_TESTS(test_record_overflow, TOTAL_RECORD_OVERFLOW_TESTS);
testresult = run_tests(argv[0]); testresult = run_tests(argv[0]);