diff options
| author | Doug Hogan <doug@cvs.openbsd.org> | 2015-07-17 07:04:42 +0000 |
|---|---|---|
| committer | Doug Hogan <doug@cvs.openbsd.org> | 2015-07-17 07:04:42 +0000 |
| commit | 3a9386389f8311f434d276aae9bb03de200ab2bf (patch) | |
| tree | e1d9a5db8d46e950e8b31c596507ff92cc40eb56 | |
| parent | ffdbc16e1a1bb5830a23e08a1fa29ad0afd7735f (diff) | |
Remove workaround for TLS padding bug from SSLeay days.
OpenSSL doesn't remember which clients were impacted and the
functionality has been broken in their stable releases for 2 years.
Based on OpenSSL commit a8e4ac6a2fe67c19672ecf0c6aeafa15801ce3a5.
ok jsing@
| -rw-r--r-- | lib/libssl/d1_enc.c | 6 | ||||
| -rw-r--r-- | lib/libssl/doc/SSL_CTX_set_options.3 | 8 | ||||
| -rw-r--r-- | lib/libssl/s3_cbc.c | 20 | ||||
| -rw-r--r-- | lib/libssl/ssl.h | 5 | ||||
| -rw-r--r-- | lib/libssl/ssl3.h | 4 | ||||
| -rw-r--r-- | lib/libssl/t1_enc.c | 6 |
6 files changed, 12 insertions, 37 deletions
diff --git a/lib/libssl/d1_enc.c b/lib/libssl/d1_enc.c index 7eac48785e4..c58e109ae57 100644 --- a/lib/libssl/d1_enc.c +++ b/lib/libssl/d1_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_enc.c,v 1.9 2014/12/14 15:30:50 jsing Exp $ */ +/* $OpenBSD: d1_enc.c,v 1.10 2015/07/17 07:04:40 doug Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -187,10 +187,6 @@ dtls1_enc(SSL *s, int send) /* we need to add 'i' padding bytes of value j */ j = i - 1; - if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) { - if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) - j++; - } for (k = (int)l; k < (int)(l + i); k++) rec->input[k] = j; l += i; diff --git a/lib/libssl/doc/SSL_CTX_set_options.3 b/lib/libssl/doc/SSL_CTX_set_options.3 index 53a7a6c9c06..922522a33c1 100644 --- a/lib/libssl/doc/SSL_CTX_set_options.3 +++ b/lib/libssl/doc/SSL_CTX_set_options.3 @@ -1,7 +1,7 @@ .\" -.\" $OpenBSD: SSL_CTX_set_options.3,v 1.6 2015/06/15 05:32:58 doug Exp $ +.\" $OpenBSD: SSL_CTX_set_options.3,v 1.7 2015/07/17 07:04:40 doug Exp $ .\" -.Dd $Mdocdate: June 15 2015 $ +.Dd $Mdocdate: July 17 2015 $ .Dt SSL_CTX_SET_OPTIONS 3 .Os .Sh NAME @@ -125,7 +125,9 @@ this option has no effect. .It Dv SSL_OP_TLS_D5_BUG \&... .It Dv SSL_OP_TLS_BLOCK_PADDING_BUG -\&... +As of +.Ox 5.8 , +this option has no effect. .It Dv SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol vulnerability affecting CBC ciphers, which cannot be handled by some broken SSL diff --git a/lib/libssl/s3_cbc.c b/lib/libssl/s3_cbc.c index fd4781b64cc..57485caacf1 100644 --- a/lib/libssl/s3_cbc.c +++ b/lib/libssl/s3_cbc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_cbc.c,v 1.9 2014/12/15 00:46:53 doug Exp $ */ +/* $OpenBSD: s3_cbc.c,v 1.10 2015/07/17 07:04:40 doug Exp $ */ /* ==================================================================== * Copyright (c) 2012 The OpenSSL Project. All rights reserved. * @@ -165,24 +165,6 @@ tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size, padding_length = rec->data[rec->length - 1]; - /* NB: if compression is in operation the first packet may not be of - * even length so the padding bug check cannot be performed. This bug - * workaround has been around since SSLeay so hopefully it is either - * fixed now or no buggy implementation supports compression [steve] - * (We don't support compression either, so it's not in operation.) - */ - if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)) { - /* First packet is even in size, so check */ - if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0", - SSL3_SEQUENCE_SIZE) == 0) && !(padding_length & 1)) { - s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG; - } - if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) && - padding_length > 0) { - padding_length--; - } - } - if (EVP_CIPHER_flags(s->enc_read_ctx->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) { /* padding is already verified */ rec->length -= padding_length + 1; diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h index c47ae4632fe..84154a51765 100644 --- a/lib/libssl/ssl.h +++ b/lib/libssl/ssl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.h,v 1.87 2015/06/20 12:29:39 jsing Exp $ */ +/* $OpenBSD: ssl.h,v 1.88 2015/07/17 07:04:41 doug Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -522,7 +522,6 @@ struct ssl_session_st { #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L #define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L #define SSL_OP_TLS_D5_BUG 0x00000100L -#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added * in OpenSSL 0.9.6d. Usually (depending on the application protocol) @@ -578,7 +577,6 @@ struct ssl_session_st { SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER | \ SSL_OP_SAFARI_ECDHE_ECDSA_BUG | \ SSL_OP_TLS_D5_BUG | \ - SSL_OP_TLS_BLOCK_PADDING_BUG | \ SSL_OP_CRYPTOPRO_TLSEXT_BUG) /* Obsolete flags kept for compatibility. No sane code should use them. */ @@ -594,6 +592,7 @@ struct ssl_session_st { #define SSL_OP_PKCS1_CHECK_2 0x0 #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0 #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 +#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0 /* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success * when just a single record has been written): */ diff --git a/lib/libssl/ssl3.h b/lib/libssl/ssl3.h index 265d18810e4..8bcf9e37e82 100644 --- a/lib/libssl/ssl3.h +++ b/lib/libssl/ssl3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl3.h,v 1.37 2015/06/18 22:51:05 doug Exp $ */ +/* $OpenBSD: ssl3.h,v 1.38 2015/07/17 07:04:41 doug Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -351,7 +351,7 @@ typedef struct ssl3_buffer_st { #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 #define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 #define SSL3_FLAGS_POP_BUFFER 0x0004 -#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 +#define TLS1_FLAGS_TLS_PADDING_BUG 0x0 #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 #define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 #define SSL3_FLAGS_CCS_OK 0x0080 diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c index b48e248b239..5cd1688a37f 100644 --- a/lib/libssl/t1_enc.c +++ b/lib/libssl/t1_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_enc.c,v 1.78 2015/06/17 14:27:56 jsing Exp $ */ +/* $OpenBSD: t1_enc.c,v 1.79 2015/07/17 07:04:41 doug Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -875,10 +875,6 @@ tls1_enc(SSL *s, int send) /* we need to add 'i' padding bytes of value j */ j = i - 1; - if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) { - if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) - j++; - } for (k = (int)l; k < (int)(l + i); k++) rec->input[k] = j; l += i; |