From 4f7b76bf0f255c0a04eb3e47361a00b19f16120d Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Tue, 7 Mar 2017 09:58:27 +0000
Subject: [PATCH] Fix no-comp

The value of SSL3_RT_MAX_ENCRYPTED_LENGTH normally includes the compression
overhead (even if no compression is negotiated for a connection). Except in
a build where no-comp is used the value of SSL3_RT_MAX_ENCRYPTED_LENGTH does
not include the compression overhead.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2872)
---
 ssl/record/ssl3_record.c | 6 ++++++
 test/recordlentest.c     | 9 ++++++---
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index 1e281fc19f..211de55e09 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -349,8 +349,14 @@ int ssl3_get_record(SSL *s)
         } else {
             size_t len = SSL3_RT_MAX_ENCRYPTED_LENGTH;
 
+#ifndef OPENSSL_NO_COMP
+            /*
+             * If OPENSSL_NO_COMP is defined then SSL3_RT_MAX_ENCRYPTED_LENGTH
+             * does not include the compression overhead anyway.
+             */
             if (s->expand == NULL)
                 len -= SSL3_RT_MAX_COMPRESSED_OVERHEAD;
+#endif
 
             if (thisrr->length > len) {
                 al = SSL_AD_RECORD_OVERFLOW;
diff --git a/test/recordlentest.c b/test/recordlentest.c
index 6bb1db4053..82ababea3b 100644
--- a/test/recordlentest.c
+++ b/test/recordlentest.c
@@ -78,7 +78,7 @@ static int fail_due_to_record_overflow(int enc)
     return 0;
 }
 
-static int test_record_plain_overflow(int idx)
+static int test_record_overflow(int idx)
 {
     SSL_CTX *cctx = NULL, *sctx = NULL;
     SSL *clientssl = NULL, *serverssl = NULL;
@@ -111,7 +111,10 @@ static int test_record_plain_overflow(int idx)
 
     if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK
             || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK) {
-        len = SSL3_RT_MAX_ENCRYPTED_LENGTH - SSL3_RT_MAX_COMPRESSED_OVERHEAD;
+        len = SSL3_RT_MAX_ENCRYPTED_LENGTH;
+#ifndef OPENSSL_NO_COMP
+        len -= SSL3_RT_MAX_COMPRESSED_OVERHEAD;
+#endif
         SSL_CTX_set_max_proto_version(sctx, TLS1_2_VERSION);
     } else if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK
                || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK) {
@@ -211,7 +214,7 @@ int test_main(int argc, char *argv[])
     cert = argv[1];
     privkey = argv[2];
 
-    ADD_ALL_TESTS(test_record_plain_overflow, TOTAL_RECORD_OVERFLOW_TESTS);
+    ADD_ALL_TESTS(test_record_overflow, TOTAL_RECORD_OVERFLOW_TESTS);
 
     testresult = run_tests(argv[0]);
 
-- 
2.25.1