summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordoug <>2015-06-15 05:16:56 +0000
committerdoug <>2015-06-15 05:16:56 +0000
commit6e37f91580bf8e077c11c85155cef0381d8ef35c (patch)
tree09daa6da27571646945c913b493870c53aabab06
parentc3c8a32860541df7ab360b602a1449e6d90be892 (diff)
downloadopenbsd-6e37f91580bf8e077c11c85155cef0381d8ef35c.tar.gz
openbsd-6e37f91580bf8e077c11c85155cef0381d8ef35c.tar.bz2
openbsd-6e37f91580bf8e077c11c85155cef0381d8ef35c.zip
Remove ancient compat hack SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG.
This was imported into OpenSSL from SSLeay. It was recently deleted in OpenSSL commit 7a4dadc3a6a487db92619622b820eb4f7be512c9
Diffstat
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_options.36
-rw-r--r--src/lib/libssl/s3_srvr.c25
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.36
-rw-r--r--src/lib/libssl/src/ssl/s3_srvr.c25
-rw-r--r--src/usr.bin/openssl/s_server.c30
5 files changed, 11 insertions, 81 deletions
diff --git a/src/lib/libssl/doc/SSL_CTX_set_options.3 b/src/lib/libssl/doc/SSL_CTX_set_options.3
index bacd3b84f0..8bb22b7cc6 100644
--- a/src/lib/libssl/doc/SSL_CTX_set_options.3
+++ b/src/lib/libssl/doc/SSL_CTX_set_options.3
@@ -1,5 +1,5 @@
1.\" 1.\"
2.\" $OpenBSD: SSL_CTX_set_options.3,v 1.4 2015/06/15 03:32:59 doug Exp $ 2.\" $OpenBSD: SSL_CTX_set_options.3,v 1.5 2015/06/15 05:16:56 doug Exp $
3.\" 3.\"
4.Dd $Mdocdate: June 15 2015 $ 4.Dd $Mdocdate: June 15 2015 $
5.Dt SSL_CTX_SET_OPTIONS 3 5.Dt SSL_CTX_SET_OPTIONS 3
@@ -197,7 +197,9 @@ non-self-signed CA which does not have its CA in netscape, and the browser has
197a cert, it will crash/hang. 197a cert, it will crash/hang.
198Works for 3.x and 4.xbeta 198Works for 3.x and 4.xbeta
199.It Dv SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 199.It Dv SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
200\&... 200As of
201.Ox 5.8 ,
202this option has no effect.
201.It Dv SSL_OP_NO_SSLv2 203.It Dv SSL_OP_NO_SSLv2
202As of 204As of
203.Ox 5.6 , 205.Ox 5.6 ,
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 7f6a5a0bbd..7b6af070c9 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_srvr.c,v 1.104 2015/06/15 03:32:59 doug Exp $ */ 1/* $OpenBSD: s3_srvr.c,v 1.105 2015/06/15 05:16:56 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -148,8 +148,6 @@
148 * OTHERWISE. 148 * OTHERWISE.
149 */ 149 */
150 150
151#define REUSE_CIPHER_BUG
152
153#include <stdio.h> 151#include <stdio.h>
154 152
155#include "ssl_locl.h" 153#include "ssl_locl.h"
@@ -1126,27 +1124,6 @@ ssl3_get_client_hello(SSL *s)
1126 } 1124 }
1127 s->s3->tmp.new_cipher = c; 1125 s->s3->tmp.new_cipher = c;
1128 } else { 1126 } else {
1129 /* Session-id reuse */
1130#ifdef REUSE_CIPHER_BUG
1131 STACK_OF(SSL_CIPHER) *sk;
1132 SSL_CIPHER *nc = NULL;
1133 SSL_CIPHER *ec = NULL;
1134
1135 if (s->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG) {
1136 sk = s->session->ciphers;
1137 for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
1138 c = sk_SSL_CIPHER_value(sk, i);
1139 if (c->algorithm_enc & SSL_eNULL)
1140 nc = c;
1141 }
1142 if (nc != NULL)
1143 s->s3->tmp.new_cipher = nc;
1144 else if (ec != NULL)
1145 s->s3->tmp.new_cipher = ec;
1146 else
1147 s->s3->tmp.new_cipher = s->session->cipher;
1148 } else
1149#endif
1150 s->s3->tmp.new_cipher = s->session->cipher; 1127 s->s3->tmp.new_cipher = s->session->cipher;
1151 } 1128 }
1152 1129
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3 b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3
index bacd3b84f0..8bb22b7cc6 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3
@@ -1,5 +1,5 @@
1.\" 1.\"
2.\" $OpenBSD: SSL_CTX_set_options.3,v 1.4 2015/06/15 03:32:59 doug Exp $ 2.\" $OpenBSD: SSL_CTX_set_options.3,v 1.5 2015/06/15 05:16:56 doug Exp $
3.\" 3.\"
4.Dd $Mdocdate: June 15 2015 $ 4.Dd $Mdocdate: June 15 2015 $
5.Dt SSL_CTX_SET_OPTIONS 3 5.Dt SSL_CTX_SET_OPTIONS 3
@@ -197,7 +197,9 @@ non-self-signed CA which does not have its CA in netscape, and the browser has
197a cert, it will crash/hang. 197a cert, it will crash/hang.
198Works for 3.x and 4.xbeta 198Works for 3.x and 4.xbeta
199.It Dv SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 199.It Dv SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
200\&... 200As of
201.Ox 5.8 ,
202this option has no effect.
201.It Dv SSL_OP_NO_SSLv2 203.It Dv SSL_OP_NO_SSLv2
202As of 204As of
203.Ox 5.6 , 205.Ox 5.6 ,
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index 7f6a5a0bbd..7b6af070c9 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_srvr.c,v 1.104 2015/06/15 03:32:59 doug Exp $ */ 1/* $OpenBSD: s3_srvr.c,v 1.105 2015/06/15 05:16:56 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -148,8 +148,6 @@
148 * OTHERWISE. 148 * OTHERWISE.
149 */ 149 */
150 150
151#define REUSE_CIPHER_BUG
152
153#include <stdio.h> 151#include <stdio.h>
154 152
155#include "ssl_locl.h" 153#include "ssl_locl.h"
@@ -1126,27 +1124,6 @@ ssl3_get_client_hello(SSL *s)
1126 } 1124 }
1127 s->s3->tmp.new_cipher = c; 1125 s->s3->tmp.new_cipher = c;
1128 } else { 1126 } else {
1129 /* Session-id reuse */
1130#ifdef REUSE_CIPHER_BUG
1131 STACK_OF(SSL_CIPHER) *sk;
1132 SSL_CIPHER *nc = NULL;
1133 SSL_CIPHER *ec = NULL;
1134
1135 if (s->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG) {
1136 sk = s->session->ciphers;
1137 for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
1138 c = sk_SSL_CIPHER_value(sk, i);
1139 if (c->algorithm_enc & SSL_eNULL)
1140 nc = c;
1141 }
1142 if (nc != NULL)
1143 s->s3->tmp.new_cipher = nc;
1144 else if (ec != NULL)
1145 s->s3->tmp.new_cipher = ec;
1146 else
1147 s->s3->tmp.new_cipher = s->session->cipher;
1148 } else
1149#endif
1150 s->s3->tmp.new_cipher = s->session->cipher; 1127 s->s3->tmp.new_cipher = s->session->cipher;
1151 } 1128 }
1152 1129
diff --git a/src/usr.bin/openssl/s_server.c b/src/usr.bin/openssl/s_server.c
index 5ef801ad95..61b70a5569 100644
--- a/src/usr.bin/openssl/s_server.c
+++ b/src/usr.bin/openssl/s_server.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s_server.c,v 1.10 2015/04/14 12:56:36 jsing Exp $ */ 1/* $OpenBSD: s_server.c,v 1.11 2015/06/15 05:16:56 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -226,7 +226,6 @@ static int s_quiet = 0;
226static char *keymatexportlabel = NULL; 226static char *keymatexportlabel = NULL;
227static int keymatexportlen = 20; 227static int keymatexportlen = 20;
228 228
229static int hack = 0;
230#ifndef OPENSSL_NO_ENGINE 229#ifndef OPENSSL_NO_ENGINE
231static char *engine_id = NULL; 230static char *engine_id = NULL;
232#endif 231#endif
@@ -263,7 +262,6 @@ s_server_init(void)
263 s_debug = 0; 262 s_debug = 0;
264 s_msg = 0; 263 s_msg = 0;
265 s_quiet = 0; 264 s_quiet = 0;
266 hack = 0;
267#ifndef OPENSSL_NO_ENGINE 265#ifndef OPENSSL_NO_ENGINE
268 engine_id = NULL; 266 engine_id = NULL;
269#endif 267#endif
@@ -776,8 +774,6 @@ s_server_main(int argc, char *argv[])
776 } 774 }
777 else if (strcmp(*argv, "-msg") == 0) { 775 else if (strcmp(*argv, "-msg") == 0) {
778 s_msg = 1; 776 s_msg = 1;
779 } else if (strcmp(*argv, "-hack") == 0) {
780 hack = 1;
781 } else if (strcmp(*argv, "-state") == 0) { 777 } else if (strcmp(*argv, "-state") == 0) {
782 state = 1; 778 state = 1;
783 } else if (strcmp(*argv, "-crlf") == 0) { 779 } else if (strcmp(*argv, "-crlf") == 0) {
@@ -1029,8 +1025,6 @@ bad:
1029 SSL_CTX_set_quiet_shutdown(ctx, 1); 1025 SSL_CTX_set_quiet_shutdown(ctx, 1);
1030 if (bugs) 1026 if (bugs)
1031 SSL_CTX_set_options(ctx, SSL_OP_ALL); 1027 SSL_CTX_set_options(ctx, SSL_OP_ALL);
1032 if (hack)
1033 SSL_CTX_set_options(ctx, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
1034 SSL_CTX_set_options(ctx, off); 1028 SSL_CTX_set_options(ctx, off);
1035 /* 1029 /*
1036 * DTLS: partial reads end up discarding unread UDP bytes :-( Setting 1030 * DTLS: partial reads end up discarding unread UDP bytes :-( Setting
@@ -1088,8 +1082,6 @@ bad:
1088 SSL_CTX_set_quiet_shutdown(ctx2, 1); 1082 SSL_CTX_set_quiet_shutdown(ctx2, 1);
1089 if (bugs) 1083 if (bugs)
1090 SSL_CTX_set_options(ctx2, SSL_OP_ALL); 1084 SSL_CTX_set_options(ctx2, SSL_OP_ALL);
1091 if (hack)
1092 SSL_CTX_set_options(ctx2, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
1093 SSL_CTX_set_options(ctx2, off); 1085 SSL_CTX_set_options(ctx2, off);
1094 /* 1086 /*
1095 * DTLS: partial reads end up discarding unread UDP bytes :-( 1087 * DTLS: partial reads end up discarding unread UDP bytes :-(
@@ -1811,26 +1803,6 @@ www_body(char *hostname, int s, unsigned char *context)
1811 SSL_set_msg_callback_arg(con, bio_s_out); 1803 SSL_set_msg_callback_arg(con, bio_s_out);
1812 } 1804 }
1813 for (;;) { 1805 for (;;) {
1814 if (hack) {
1815 i = SSL_accept(con);
1816 switch (SSL_get_error(con, i)) {
1817 case SSL_ERROR_NONE:
1818 break;
1819 case SSL_ERROR_WANT_WRITE:
1820 case SSL_ERROR_WANT_READ:
1821 case SSL_ERROR_WANT_X509_LOOKUP:
1822 continue;
1823 case SSL_ERROR_SYSCALL:
1824 case SSL_ERROR_SSL:
1825 case SSL_ERROR_ZERO_RETURN:
1826 ret = 1;
1827 goto err;
1828 /* break; */
1829 }
1830
1831 SSL_renegotiate(con);
1832 SSL_write(con, NULL, 0);
1833 }
1834 i = BIO_gets(io, buf, bufsize - 1); 1806 i = BIO_gets(io, buf, bufsize - 1);
1835 if (i < 0) { /* error */ 1807 if (i < 0) { /* error */
1836 if (!BIO_should_retry(io)) { 1808 if (!BIO_should_retry(io)) {
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 13:43:59 +0000