sync code with last fixes and improvements from OpenBSD
This commit is contained in:
parent
f57be82572
commit
58b04bcee7
GPG key ID:
F42C07F07E2E35B7
468 changed files with 9958 additions and 7882 deletions
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: bio_ssl.c,v 1.39 2023/07/08 16:40:13 beck Exp $ */
|
||||
/* $OpenBSD: bio_ssl.c,v 1.40 2023/07/19 13:34:33 tb Exp $ */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
|
|
@ -577,7 +577,7 @@ BIO_ssl_copy_session_id(BIO *t, BIO *f)
|
|||
return (0);
|
||||
return (1);
|
||||
}
|
||||
LSSL_ALIAS(BIO_new_ssl_connect);
|
||||
LSSL_ALIAS(BIO_ssl_copy_session_id);
|
||||
|
||||
void
|
||||
BIO_ssl_shutdown(BIO *b)
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssl_lib.c,v 1.311 2023/07/08 16:40:13 beck Exp $ */
|
||||
/* $OpenBSD: ssl_lib.c,v 1.312 2023/07/19 13:34:33 tb Exp $ */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
|
|
@ -3313,6 +3313,7 @@ void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val)
|
|||
{
|
||||
return (ssl->info_callback);
|
||||
}
|
||||
LSSL_ALIAS(SSL_get_info_callback);
|
||||
|
||||
int
|
||||
SSL_state(const SSL *ssl)
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssl_pkt.c,v 1.65 2022/11/26 16:08:56 tb Exp $ */
|
||||
/* $OpenBSD: ssl_pkt.c,v 1.66 2023/07/11 17:02:47 tb Exp $ */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
|
|
@ -536,7 +536,6 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
|
|||
SSL_SESSION *sess = s->session;
|
||||
int need_empty_fragment = 0;
|
||||
size_t align, out_len;
|
||||
uint16_t version;
|
||||
CBB cbb;
|
||||
int ret;
|
||||
|
||||
|
|
@ -568,16 +567,6 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
|
|||
if (len == 0)
|
||||
return 0;
|
||||
|
||||
/*
|
||||
* Some servers hang if initial client hello is larger than 256
|
||||
* bytes and record version number > TLS 1.0.
|
||||
*/
|
||||
version = s->version;
|
||||
if (s->s3->hs.state == SSL3_ST_CW_CLNT_HELLO_B &&
|
||||
!s->renegotiate &&
|
||||
s->s3->hs.our_max_tls_version > TLS1_VERSION)
|
||||
version = TLS1_VERSION;
|
||||
|
||||
/*
|
||||
* Countermeasure against known-IV weakness in CBC ciphersuites
|
||||
* (see http://www.openssl.org/~bodo/tls-cbc.txt). Note that this
|
||||
|
|
@ -604,7 +593,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
|
|||
if (!CBB_init_fixed(&cbb, wb->buf + align, wb->len - align))
|
||||
goto err;
|
||||
|
||||
tls12_record_layer_set_version(s->rl, version);
|
||||
tls12_record_layer_set_version(s->rl, s->version);
|
||||
|
||||
if (need_empty_fragment) {
|
||||
if (!tls12_record_layer_seal_record(s->rl, type,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue