Fix ossl_statem_client_max_message_size() for DTLS1_BAD_VER

The Change Cipher Spec message in this ancient pre-standard version of DTLS that Cisco are unfortunately still using in their products, is 3 bytes. Allow it. Reviewed-by: N Rich Salz <rsalz@openssl.org> Reviewed-by: N Matt Caswell <matt@openssl.org>

Fix ossl_statem_client_max_message_size() for DTLS1_BAD_VER
The Change Cipher Spec message in this ancient pre-standard version of DTLS that Cisco are unfortunately still using in their products, is 3 bytes. Allow it. Reviewed-by: N Rich Salz <rsalz@openssl.org> Reviewed-by: N Matt Caswell <matt@openssl.org>
e6027420 · David Woodhouse · Matt Caswell · c8a18468 · e6027420
隐藏空白更改
内联并排

Showing with 2 addition and 0 deletion

ssl/statem/statem_clnt.c ssl/statem/statem_clnt.c +2 -0

未找到文件。
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -589,6 +589,8 @@ unsigned long ossl_statem_client_max_message_size(SSL *s)
            return SERVER_HELLO_DONE_MAX_LENGTH;

        case TLS_ST_CR_CHANGE:
+            if (s->version == DTLS1_BAD_VER)
+                return 3;
            return CCS_MAX_LENGTH;

        case TLS_ST_CR_SESSION_TICKET: