summaryrefslogtreecommitdiff
path: root/lib/libssl/s3_srvr.c
diff options
context:
space:
mode:
authorMiod Vallat <miod@cvs.openbsd.org>2014-07-11 15:18:53 +0000
committerMiod Vallat <miod@cvs.openbsd.org>2014-07-11 15:18:53 +0000
commit720e3c72e4347b42623eb96ed5183928625babf7 (patch)
tree4078c5e60ac137fe62be0e1574b26a57acf5eeaf /lib/libssl/s3_srvr.c
parentfbaa8d5bf8616dd8dffd5f38db77885c005773a9 (diff)
In ssl3_get_cert_verify(), allow for larger messages to accomodate keys
larger than 4096-bit RSA which the most paranoid of us are using; OpenSSL PR #319 via OpenSSL trunk.
Diffstat (limited to 'lib/libssl/s3_srvr.c')
-rw-r--r--lib/libssl/s3_srvr.c5
1 files changed, 2 insertions, 3 deletions
diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c
index b0bfe493e81..66a4552237d 100644
--- a/lib/libssl/s3_srvr.c
+++ b/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.73 2014/07/11 12:24:51 miod Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.74 2014/07/11 15:18:52 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -2270,9 +2270,8 @@ ssl3_get_cert_verify(SSL *s)
EVP_MD_CTX mctx;
EVP_MD_CTX_init(&mctx);
- /* 516 maxlen is enough for 4096 bit RSA key with TLS v1.2 */
n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_VRFY_A,
- SSL3_ST_SR_CERT_VRFY_B, -1, 516, &ok);
+ SSL3_ST_SR_CERT_VRFY_B, -1, SSL3_RT_MAX_PLAIN_LENGTH, &ok);
if (!ok)
return ((int)n);
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-26 15:58:35 +0000