Remove support for the TLS padding extension.

This was added as a workaround for broken F5 TLS termination, which then
created issues talking to broken IronPorts. The size of the padding is
hardcoded so it cannot be used in any generic sense.

ok bcook@ beck@ doug@

2 files changed, 4 insertions, 39 deletions

diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 1a6f28911b..a72af19711 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.131 2017/08/13 16:25:19 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.132 2017/08/13 16:28:45 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -481,7 +481,6 @@ struct ssl_session_st {
 
 /* Allow initial connection to servers that don't support RI */
 #define SSL_OP_LEGACY_SERVER_CONNECT                    0x00000004L
-#define SSL_OP_TLSEXT_PADDING                           0x00000010L
 
 /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
  * in OpenSSL 0.9.6d.  Usually (depending on the application protocol)
@@ -520,8 +519,7 @@ struct ssl_session_st {
 
 /* SSL_OP_ALL: various bug workarounds that should be rather harmless. */
 #define SSL_OP_ALL \
-    (SSL_OP_LEGACY_SERVER_CONNECT | \
-     SSL_OP_TLSEXT_PADDING)
+    (SSL_OP_LEGACY_SERVER_CONNECT)
 
 /* Obsolete flags kept for compatibility. No sane code should use them. */
 #define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION        0x0
@@ -544,6 +542,7 @@ struct ssl_session_st {
 #define SSL_OP_SINGLE_ECDH_USE                          0x0
 #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG                 0x0
 #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG              0x0
+#define SSL_OP_TLSEXT_PADDING                           0x0
 #define SSL_OP_TLS_BLOCK_PADDING_BUG                    0x0
 #define SSL_OP_TLS_D5_BUG                               0x0
 
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index b8b54484ed..c141dcef31 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.132 2017/08/13 16:25:19 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.133 2017/08/13 16:28:45 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -720,40 +720,6 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
         }
 #endif
 
-        /*
-         * Add padding to workaround bugs in F5 terminators.
-         * See https://tools.ietf.org/html/draft-agl-tls-padding-03
-         *
-         * Note that this seems to trigger issues with IronPort SMTP
-         * appliances.
-         *
-         * NB: because this code works out the length of all existing
-         * extensions it MUST always appear last.
-         */
-        if (s->internal->options & SSL_OP_TLSEXT_PADDING) {
-                int hlen = ret - (unsigned char *)s->internal->init_buf->data;
-
-                /*
-                 * The code in s23_clnt.c to build ClientHello messages
-                 * includes the 5-byte record header in the buffer, while the
-                 * code in s3_clnt.c does not.
-                 */
-                if (S3I(s)->hs.state == SSL23_ST_CW_CLNT_HELLO_A)
-                        hlen -= 5;
-                if (hlen > 0xff && hlen < 0x200) {
-                        hlen = 0x200 - hlen;
-                        if (hlen >= 4)
-                                hlen -= 4;
-                        else
-                                hlen = 0;
-
-                        s2n(TLSEXT_TYPE_padding, ret);
-                        s2n(hlen, ret);
-                        memset(ret, 0, hlen);
-                        ret += hlen;
-                }
-        }
-
         if ((extdatalen = ret - p - 2) == 0)
                 return p;