Remove SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER and SSL_OP_TLS_D5_BUG support.

Suggested by David Benjamin Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Viktor Dukhovni <openssl-users@dukhovni.org> MR: #1520
author: Kurt Roeckx <kurt@roeckx.be> 2015-12-22 13:48:01 +0100
committer: Kurt Roeckx <kurt@roeckx.be> 2015-12-23 20:40:54 +0100
commit: 1c9ed1d8a715e70c5e0d8c08f3a47e1a6fa9fd89 (patch)
tree: 2b2944b088117f8a84898b68f42e91cc17dd5ff1 /ssl/record
parent: 933d10851640014142db0f3b02c2b740c2f0935f (diff)
2 files changed, 4 insertions, 22 deletions
diff --git a/ssl/record/ssl3_buffer.c b/ssl/record/ssl3_buffer.c
index 7685e69262..17719c2d7a 100644
--- a/ssl/record/ssl3_buffer.c
+++ b/ssl/record/ssl3_buffer.c
@@ -159,10 +159,6 @@ int ssl3_setup_read_buffer(SSL *s)
     if (b->buf == NULL) {
         len = SSL3_RT_MAX_PLAIN_LENGTH
             + SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
-        if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) {
-            s->s3->init_extra = 1;
-            len += SSL3_RT_MAX_EXTRA;
-        }
 #ifndef OPENSSL_NO_COMP
         if (ssl_allow_compression(s))
             len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index 99c655e65b..fd982132c2 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -193,25 +193,11 @@ int ssl3_get_record(SSL *s)
     unsigned char md[EVP_MAX_MD_SIZE];
     short version;
     unsigned mac_size;
-    size_t extra;
     unsigned empty_record_count = 0;
 
     rr = RECORD_LAYER_get_rrec(&s->rlayer);
     sess = s->session;
 
-    if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
-        extra = SSL3_RT_MAX_EXTRA;
-    else
-        extra = 0;
-    if (extra && !s->s3->init_extra) {
-        /*
-         * An application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER set after
-         * ssl3_setup_buffers() was done
-         */
-        SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR);
-        return -1;
-    }
-
  again:
     /* check if we have the header */
     if ((RECORD_LAYER_get_rstate(&s->rlayer) != SSL_ST_READ_BODY) ||
@@ -349,7 +335,7 @@ int ssl3_get_record(SSL *s)
      */
 
     /* check is not needed I believe */
-    if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH + extra) {
+    if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
         al = SSL_AD_RECORD_OVERFLOW;
         SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
         goto f_err;
@@ -453,7 +439,7 @@ int ssl3_get_record(SSL *s)
         if (i < 0 || mac == NULL
             || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
             enc_err = -1;
-        if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + extra + mac_size)
+        if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
             enc_err = -1;
     }
 
@@ -473,7 +459,7 @@ int ssl3_get_record(SSL *s)
 
     /* r->length is now just compressed */
     if (s->expand != NULL) {
-        if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + extra) {
+        if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) {
             al = SSL_AD_RECORD_OVERFLOW;
             SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_COMPRESSED_LENGTH_TOO_LONG);
             goto f_err;
@@ -485,7 +471,7 @@ int ssl3_get_record(SSL *s)
         }
     }
 
-    if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH + extra) {
+    if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
         al = SSL_AD_RECORD_OVERFLOW;
         SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG);
         goto f_err;
author	Kurt Roeckx <kurt@roeckx.be>	2015-12-22 13:48:01 +0100
committer	Kurt Roeckx <kurt@roeckx.be>	2015-12-23 20:40:54 +0100
commit	1c9ed1d8a715e70c5e0d8c08f3a47e1a6fa9fd89 (patch)
tree	2b2944b088117f8a84898b68f42e91cc17dd5ff1 /ssl/record
parent	933d10851640014142db0f3b02c2b740c2f0935f (diff)