From 1c9ed1d8a715e70c5e0d8c08f3a47e1a6fa9fd89 Mon Sep 17 00:00:00 2001 From: Kurt Roeckx Date: Tue, 22 Dec 2015 13:48:01 +0100 Subject: [PATCH] Remove SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER and SSL_OP_TLS_D5_BUG support. Suggested by David Benjamin Reviewed-by: Rich Salz Reviewed-by: Viktor Dukhovni MR: #1520 --- include/openssl/ssl.h | 4 ++-- ssl/record/ssl3_buffer.c | 4 ---- ssl/record/ssl3_record.c | 22 ++++------------------ ssl/s3_lib.c | 4 ---- ssl/ssl_locl.h | 2 -- ssl/statem/statem_srvr.c | 14 ++++---------- 6 files changed, 10 insertions(+), 40 deletions(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 119b50fc0e..e841360e17 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -362,11 +362,11 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, /* Dead forever, see CVE-2010-4180. */ # define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0U # define SSL_OP_TLSEXT_PADDING 0x00000010U -# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020U +# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x0U # define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040U /* Ancient SSLeay version, retained for compatibility */ # define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0 -# define SSL_OP_TLS_D5_BUG 0x00000100U +# define SSL_OP_TLS_D5_BUG 0x0U /* Removed from OpenSSL 1.1.0 */ # define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0U diff --git a/ssl/record/ssl3_buffer.c b/ssl/record/ssl3_buffer.c index 7685e69262..17719c2d7a 100644 --- a/ssl/record/ssl3_buffer.c +++ b/ssl/record/ssl3_buffer.c @@ -159,10 +159,6 @@ int ssl3_setup_read_buffer(SSL *s) if (b->buf == NULL) { len = SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align; - if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) { - s->s3->init_extra = 1; - len += SSL3_RT_MAX_EXTRA; - } #ifndef OPENSSL_NO_COMP if (ssl_allow_compression(s)) len += SSL3_RT_MAX_COMPRESSED_OVERHEAD; diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 99c655e65b..fd982132c2 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -193,25 +193,11 @@ int ssl3_get_record(SSL *s) unsigned char md[EVP_MAX_MD_SIZE]; short version; unsigned mac_size; - size_t extra; unsigned empty_record_count = 0; rr = RECORD_LAYER_get_rrec(&s->rlayer); sess = s->session; - if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) - extra = SSL3_RT_MAX_EXTRA; - else - extra = 0; - if (extra && !s->s3->init_extra) { - /* - * An application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER set after - * ssl3_setup_buffers() was done - */ - SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR); - return -1; - } - again: /* check if we have the header */ if ((RECORD_LAYER_get_rstate(&s->rlayer) != SSL_ST_READ_BODY) || @@ -349,7 +335,7 @@ int ssl3_get_record(SSL *s) */ /* check is not needed I believe */ - if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH + extra) { + if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) { al = SSL_AD_RECORD_OVERFLOW; SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); goto f_err; @@ -453,7 +439,7 @@ int ssl3_get_record(SSL *s) if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) enc_err = -1; - if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + extra + mac_size) + if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size) enc_err = -1; } @@ -473,7 +459,7 @@ int ssl3_get_record(SSL *s) /* r->length is now just compressed */ if (s->expand != NULL) { - if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + extra) { + if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) { al = SSL_AD_RECORD_OVERFLOW; SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_COMPRESSED_LENGTH_TOO_LONG); goto f_err; @@ -485,7 +471,7 @@ int ssl3_get_record(SSL *s) } } - if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH + extra) { + if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) { al = SSL_AD_RECORD_OVERFLOW; SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG); goto f_err; diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index c02b5455b4..4fc4426cd9 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3402,8 +3402,6 @@ void ssl3_free(SSL *s) void ssl3_clear(SSL *s) { - int init_extra; - ssl3_cleanup_key_block(s); sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); OPENSSL_free(s->s3->tmp.ciphers_raw); @@ -3427,7 +3425,6 @@ void ssl3_clear(SSL *s) s->s3->is_probably_safari = 0; #endif /* !OPENSSL_NO_EC */ - init_extra = s->s3->init_extra; ssl3_free_digest_list(s); if (s->s3->alpn_selected) { @@ -3436,7 +3433,6 @@ void ssl3_clear(SSL *s) } memset(s->s3, 0, sizeof(*s->s3)); - s->s3->init_extra = init_extra; ssl_free_wbio_buffer(s); diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 6261a66b2d..8a6678920f 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1188,8 +1188,6 @@ typedef struct ssl3_state_st { /* flags for countermeasure against known-IV weakness */ int need_empty_fragments; int empty_fragment_done; - /* The value of 'extra' when the buffers were initialized */ - int init_extra; /* used during startup, digest all incoming/outgoing packets */ BIO *handshake_buffer; /* diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 79254b5248..b8b18b74e9 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2227,18 +2227,12 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) if (s->version == SSL3_VERSION || s->version == DTLS1_BAD_VER) { enc_premaster = *pkt; } else { - PACKET orig = *pkt; if (!PACKET_get_length_prefixed_2(pkt, &enc_premaster) || PACKET_remaining(pkt) != 0) { - /* Try SSLv3 behaviour for TLS. */ - if (s->options & SSL_OP_TLS_D5_BUG) { - enc_premaster = orig; - } else { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, - SSL_R_LENGTH_MISMATCH); - goto f_err; - } + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, + SSL_R_LENGTH_MISMATCH); + goto f_err; } } -- 2.34.1