diff options
| author | doug <> | 2015-07-17 07:04:41 +0000 |
|---|---|---|
| committer | doug <> | 2015-07-17 07:04:41 +0000 |
| commit | 72d01d7d13377f8533acd81c582f9c5fedba7439 (patch) | |
| tree | a3867fae7dea1b800ba72ab3973817fa74caaaab /src/lib/libssl/ssl.h | |
| parent | 01a4baa577701df39baeb365c4e6238422173634 (diff) | |
| download | openbsd-72d01d7d13377f8533acd81c582f9c5fedba7439.tar.gz openbsd-72d01d7d13377f8533acd81c582f9c5fedba7439.tar.bz2 openbsd-72d01d7d13377f8533acd81c582f9c5fedba7439.zip | |
Remove workaround for TLS padding bug from SSLeay days.
OpenSSL doesn't remember which clients were impacted and the
functionality has been broken in their stable releases for 2 years.
Based on OpenSSL commit a8e4ac6a2fe67c19672ecf0c6aeafa15801ce3a5.
ok jsing@
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/ssl.h | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index c47ae4632f..84154a5176 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl.h,v 1.87 2015/06/20 12:29:39 jsing Exp $ */ | 1 | /* $OpenBSD: ssl.h,v 1.88 2015/07/17 07:04:41 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -522,7 +522,6 @@ struct ssl_session_st { | |||
| 522 | #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L | 522 | #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L |
| 523 | #define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L | 523 | #define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L |
| 524 | #define SSL_OP_TLS_D5_BUG 0x00000100L | 524 | #define SSL_OP_TLS_D5_BUG 0x00000100L |
| 525 | #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L | ||
| 526 | 525 | ||
| 527 | /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added | 526 | /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added |
| 528 | * in OpenSSL 0.9.6d. Usually (depending on the application protocol) | 527 | * in OpenSSL 0.9.6d. Usually (depending on the application protocol) |
| @@ -578,7 +577,6 @@ struct ssl_session_st { | |||
| 578 | SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER | \ | 577 | SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER | \ |
| 579 | SSL_OP_SAFARI_ECDHE_ECDSA_BUG | \ | 578 | SSL_OP_SAFARI_ECDHE_ECDSA_BUG | \ |
| 580 | SSL_OP_TLS_D5_BUG | \ | 579 | SSL_OP_TLS_D5_BUG | \ |
| 581 | SSL_OP_TLS_BLOCK_PADDING_BUG | \ | ||
| 582 | SSL_OP_CRYPTOPRO_TLSEXT_BUG) | 580 | SSL_OP_CRYPTOPRO_TLSEXT_BUG) |
| 583 | 581 | ||
| 584 | /* Obsolete flags kept for compatibility. No sane code should use them. */ | 582 | /* Obsolete flags kept for compatibility. No sane code should use them. */ |
| @@ -594,6 +592,7 @@ struct ssl_session_st { | |||
| 594 | #define SSL_OP_PKCS1_CHECK_2 0x0 | 592 | #define SSL_OP_PKCS1_CHECK_2 0x0 |
| 595 | #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0 | 593 | #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0 |
| 596 | #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 | 594 | #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 |
| 595 | #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0 | ||
| 597 | 596 | ||
| 598 | /* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success | 597 | /* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success |
| 599 | * when just a single record has been written): */ | 598 | * when just a single record has been written): */ |