diff options
| -rw-r--r-- | ssl/record/ssl3_record.c | 6 | ||||
| -rw-r--r-- | test/recordlentest.c | 9 |
2 files changed, 12 insertions, 3 deletions
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 1e281fc19f..211de55e09 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -349,8 +349,14 @@ int ssl3_get_record(SSL *s) } else { size_t len = SSL3_RT_MAX_ENCRYPTED_LENGTH; +#ifndef OPENSSL_NO_COMP + /* + * If OPENSSL_NO_COMP is defined then SSL3_RT_MAX_ENCRYPTED_LENGTH + * does not include the compression overhead anyway. + */ if (s->expand == NULL) len -= SSL3_RT_MAX_COMPRESSED_OVERHEAD; +#endif if (thisrr->length > len) { al = SSL_AD_RECORD_OVERFLOW; diff --git a/test/recordlentest.c b/test/recordlentest.c index 6bb1db4053..82ababea3b 100644 --- a/test/recordlentest.c +++ b/test/recordlentest.c @@ -78,7 +78,7 @@ static int fail_due_to_record_overflow(int enc) return 0; } -static int test_record_plain_overflow(int idx) +static int test_record_overflow(int idx) { SSL_CTX *cctx = NULL, *sctx = NULL; SSL *clientssl = NULL, *serverssl = NULL; @@ -111,7 +111,10 @@ static int test_record_plain_overflow(int idx) if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK) { - len = SSL3_RT_MAX_ENCRYPTED_LENGTH - SSL3_RT_MAX_COMPRESSED_OVERHEAD; + len = SSL3_RT_MAX_ENCRYPTED_LENGTH; +#ifndef OPENSSL_NO_COMP + len -= SSL3_RT_MAX_COMPRESSED_OVERHEAD; +#endif SSL_CTX_set_max_proto_version(sctx, TLS1_2_VERSION); } else if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK) { @@ -211,7 +214,7 @@ int test_main(int argc, char *argv[]) cert = argv[1]; privkey = argv[2]; - ADD_ALL_TESTS(test_record_plain_overflow, TOTAL_RECORD_OVERFLOW_TESTS); + ADD_ALL_TESTS(test_record_overflow, TOTAL_RECORD_OVERFLOW_TESTS); testresult = run_tests(argv[0]); |