Blame SOURCES/openssl-1.0.2k-long-hello.patch

cfec1a
diff -up openssl-1.0.2k/ssl/s3_srvr.c.long-hello openssl-1.0.2k/ssl/s3_srvr.c
cfec1a
--- openssl-1.0.2k/ssl/s3_srvr.c.long-hello	2017-03-09 17:59:26.000000000 +0100
cfec1a
+++ openssl-1.0.2k/ssl/s3_srvr.c	2017-03-30 09:11:35.639338753 +0200
cfec1a
@@ -899,6 +899,23 @@ int ssl3_send_hello_request(SSL *s)
cfec1a
     return ssl_do_write(s);
cfec1a
 }
cfec1a
 
cfec1a
+/*
cfec1a
+ * Maximum size (excluding the Handshake header) of a ClientHello message,
cfec1a
+ * calculated as follows:
cfec1a
+ *
cfec1a
+ *  2 + # client_version
cfec1a
+ *  32 + # only valid length for random
cfec1a
+ *  1 + # length of session_id
cfec1a
+ *  32 + # maximum size for session_id
cfec1a
+ *  2 + # length of cipher suites
cfec1a
+ *  2^16-2 + # maximum length of cipher suites array
cfec1a
+ *  1 + # length of compression_methods
cfec1a
+ *  2^8-1 + # maximum length of compression methods
cfec1a
+ *  2 + # length of extensions
cfec1a
+ *  2^16-1 # maximum length of extensions
cfec1a
+ */
cfec1a
+#define CLIENT_HELLO_MAX_LENGTH         131396
cfec1a
+
cfec1a
 int ssl3_get_client_hello(SSL *s)
cfec1a
 {
cfec1a
     int i, j, ok, al = SSL_AD_INTERNAL_ERROR, ret = -1, cookie_valid = 0;
cfec1a
@@ -930,7 +947,7 @@ int ssl3_get_client_hello(SSL *s)
cfec1a
                                    SSL3_ST_SR_CLNT_HELLO_B,
cfec1a
                                    SSL3_ST_SR_CLNT_HELLO_C,
cfec1a
                                    SSL3_MT_CLIENT_HELLO,
cfec1a
-                                   SSL3_RT_MAX_PLAIN_LENGTH, &ok;;
cfec1a
+                                   CLIENT_HELLO_MAX_LENGTH, &ok;;
cfec1a
 
cfec1a
     if (!ok)
cfec1a
         return ((int)n);