diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/d1_enc.c | 6 | ||||
| -rw-r--r-- | src/lib/libssl/doc/SSL_CTX_set_options.3 | 8 | ||||
| -rw-r--r-- | src/lib/libssl/s3_cbc.c | 20 | ||||
| -rw-r--r-- | src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3 | 8 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/d1_enc.c | 6 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_cbc.c | 20 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl.h | 5 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl3.h | 4 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/t1_enc.c | 6 | ||||
| -rw-r--r-- | src/lib/libssl/ssl.h | 5 | ||||
| -rw-r--r-- | src/lib/libssl/ssl3.h | 4 | ||||
| -rw-r--r-- | src/lib/libssl/t1_enc.c | 6 | ||||
| -rw-r--r-- | src/usr.bin/openssl/s_server.c | 6 |
13 files changed, 25 insertions, 79 deletions
diff --git a/src/lib/libssl/d1_enc.c b/src/lib/libssl/d1_enc.c index 7eac48785e..c58e109ae5 100644 --- a/src/lib/libssl/d1_enc.c +++ b/src/lib/libssl/d1_enc.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_enc.c,v 1.9 2014/12/14 15:30:50 jsing Exp $ */ | 1 | /* $OpenBSD: d1_enc.c,v 1.10 2015/07/17 07:04:40 doug Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -187,10 +187,6 @@ dtls1_enc(SSL *s, int send) | |||
| 187 | 187 | ||
| 188 | /* we need to add 'i' padding bytes of value j */ | 188 | /* we need to add 'i' padding bytes of value j */ |
| 189 | j = i - 1; | 189 | j = i - 1; |
| 190 | if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) { | ||
| 191 | if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) | ||
| 192 | j++; | ||
| 193 | } | ||
| 194 | for (k = (int)l; k < (int)(l + i); k++) | 190 | for (k = (int)l; k < (int)(l + i); k++) |
| 195 | rec->input[k] = j; | 191 | rec->input[k] = j; |
| 196 | l += i; | 192 | l += i; |
diff --git a/src/lib/libssl/doc/SSL_CTX_set_options.3 b/src/lib/libssl/doc/SSL_CTX_set_options.3 index 53a7a6c9c0..922522a33c 100644 --- a/src/lib/libssl/doc/SSL_CTX_set_options.3 +++ b/src/lib/libssl/doc/SSL_CTX_set_options.3 | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | .\" | 1 | .\" |
| 2 | .\" $OpenBSD: SSL_CTX_set_options.3,v 1.6 2015/06/15 05:32:58 doug Exp $ | 2 | .\" $OpenBSD: SSL_CTX_set_options.3,v 1.7 2015/07/17 07:04:40 doug Exp $ |
| 3 | .\" | 3 | .\" |
| 4 | .Dd $Mdocdate: June 15 2015 $ | 4 | .Dd $Mdocdate: July 17 2015 $ |
| 5 | .Dt SSL_CTX_SET_OPTIONS 3 | 5 | .Dt SSL_CTX_SET_OPTIONS 3 |
| 6 | .Os | 6 | .Os |
| 7 | .Sh NAME | 7 | .Sh NAME |
| @@ -125,7 +125,9 @@ this option has no effect. | |||
| 125 | .It Dv SSL_OP_TLS_D5_BUG | 125 | .It Dv SSL_OP_TLS_D5_BUG |
| 126 | \&... | 126 | \&... |
| 127 | .It Dv SSL_OP_TLS_BLOCK_PADDING_BUG | 127 | .It Dv SSL_OP_TLS_BLOCK_PADDING_BUG |
| 128 | \&... | 128 | As of |
| 129 | .Ox 5.8 , | ||
| 130 | this option has no effect. | ||
| 129 | .It Dv SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS | 131 | .It Dv SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS |
| 130 | Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol vulnerability | 132 | Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol vulnerability |
| 131 | affecting CBC ciphers, which cannot be handled by some broken SSL | 133 | affecting CBC ciphers, which cannot be handled by some broken SSL |
diff --git a/src/lib/libssl/s3_cbc.c b/src/lib/libssl/s3_cbc.c index fd4781b64c..57485caacf 100644 --- a/src/lib/libssl/s3_cbc.c +++ b/src/lib/libssl/s3_cbc.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_cbc.c,v 1.9 2014/12/15 00:46:53 doug Exp $ */ | 1 | /* $OpenBSD: s3_cbc.c,v 1.10 2015/07/17 07:04:40 doug Exp $ */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright (c) 2012 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 2012 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| @@ -165,24 +165,6 @@ tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size, | |||
| 165 | 165 | ||
| 166 | padding_length = rec->data[rec->length - 1]; | 166 | padding_length = rec->data[rec->length - 1]; |
| 167 | 167 | ||
| 168 | /* NB: if compression is in operation the first packet may not be of | ||
| 169 | * even length so the padding bug check cannot be performed. This bug | ||
| 170 | * workaround has been around since SSLeay so hopefully it is either | ||
| 171 | * fixed now or no buggy implementation supports compression [steve] | ||
| 172 | * (We don't support compression either, so it's not in operation.) | ||
| 173 | */ | ||
| 174 | if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)) { | ||
| 175 | /* First packet is even in size, so check */ | ||
| 176 | if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0", | ||
| 177 | SSL3_SEQUENCE_SIZE) == 0) && !(padding_length & 1)) { | ||
| 178 | s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG; | ||
| 179 | } | ||
| 180 | if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) && | ||
| 181 | padding_length > 0) { | ||
| 182 | padding_length--; | ||
| 183 | } | ||
| 184 | } | ||
| 185 | |||
| 186 | if (EVP_CIPHER_flags(s->enc_read_ctx->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) { | 168 | if (EVP_CIPHER_flags(s->enc_read_ctx->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) { |
| 187 | /* padding is already verified */ | 169 | /* padding is already verified */ |
| 188 | rec->length -= padding_length + 1; | 170 | rec->length -= padding_length + 1; |
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3 b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3 index 53a7a6c9c0..922522a33c 100644 --- a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3 +++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3 | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | .\" | 1 | .\" |
| 2 | .\" $OpenBSD: SSL_CTX_set_options.3,v 1.6 2015/06/15 05:32:58 doug Exp $ | 2 | .\" $OpenBSD: SSL_CTX_set_options.3,v 1.7 2015/07/17 07:04:40 doug Exp $ |
| 3 | .\" | 3 | .\" |
| 4 | .Dd $Mdocdate: June 15 2015 $ | 4 | .Dd $Mdocdate: July 17 2015 $ |
| 5 | .Dt SSL_CTX_SET_OPTIONS 3 | 5 | .Dt SSL_CTX_SET_OPTIONS 3 |
| 6 | .Os | 6 | .Os |
| 7 | .Sh NAME | 7 | .Sh NAME |
| @@ -125,7 +125,9 @@ this option has no effect. | |||
| 125 | .It Dv SSL_OP_TLS_D5_BUG | 125 | .It Dv SSL_OP_TLS_D5_BUG |
| 126 | \&... | 126 | \&... |
| 127 | .It Dv SSL_OP_TLS_BLOCK_PADDING_BUG | 127 | .It Dv SSL_OP_TLS_BLOCK_PADDING_BUG |
| 128 | \&... | 128 | As of |
| 129 | .Ox 5.8 , | ||
| 130 | this option has no effect. | ||
| 129 | .It Dv SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS | 131 | .It Dv SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS |
| 130 | Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol vulnerability | 132 | Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol vulnerability |
| 131 | affecting CBC ciphers, which cannot be handled by some broken SSL | 133 | affecting CBC ciphers, which cannot be handled by some broken SSL |
diff --git a/src/lib/libssl/src/ssl/d1_enc.c b/src/lib/libssl/src/ssl/d1_enc.c index 7eac48785e..c58e109ae5 100644 --- a/src/lib/libssl/src/ssl/d1_enc.c +++ b/src/lib/libssl/src/ssl/d1_enc.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_enc.c,v 1.9 2014/12/14 15:30:50 jsing Exp $ */ | 1 | /* $OpenBSD: d1_enc.c,v 1.10 2015/07/17 07:04:40 doug Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -187,10 +187,6 @@ dtls1_enc(SSL *s, int send) | |||
| 187 | 187 | ||
| 188 | /* we need to add 'i' padding bytes of value j */ | 188 | /* we need to add 'i' padding bytes of value j */ |
| 189 | j = i - 1; | 189 | j = i - 1; |
| 190 | if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) { | ||
| 191 | if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) | ||
| 192 | j++; | ||
| 193 | } | ||
| 194 | for (k = (int)l; k < (int)(l + i); k++) | 190 | for (k = (int)l; k < (int)(l + i); k++) |
| 195 | rec->input[k] = j; | 191 | rec->input[k] = j; |
| 196 | l += i; | 192 | l += i; |
diff --git a/src/lib/libssl/src/ssl/s3_cbc.c b/src/lib/libssl/src/ssl/s3_cbc.c index fd4781b64c..57485caacf 100644 --- a/src/lib/libssl/src/ssl/s3_cbc.c +++ b/src/lib/libssl/src/ssl/s3_cbc.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_cbc.c,v 1.9 2014/12/15 00:46:53 doug Exp $ */ | 1 | /* $OpenBSD: s3_cbc.c,v 1.10 2015/07/17 07:04:40 doug Exp $ */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright (c) 2012 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 2012 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| @@ -165,24 +165,6 @@ tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size, | |||
| 165 | 165 | ||
| 166 | padding_length = rec->data[rec->length - 1]; | 166 | padding_length = rec->data[rec->length - 1]; |
| 167 | 167 | ||
| 168 | /* NB: if compression is in operation the first packet may not be of | ||
| 169 | * even length so the padding bug check cannot be performed. This bug | ||
| 170 | * workaround has been around since SSLeay so hopefully it is either | ||
| 171 | * fixed now or no buggy implementation supports compression [steve] | ||
| 172 | * (We don't support compression either, so it's not in operation.) | ||
| 173 | */ | ||
| 174 | if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)) { | ||
| 175 | /* First packet is even in size, so check */ | ||
| 176 | if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0", | ||
| 177 | SSL3_SEQUENCE_SIZE) == 0) && !(padding_length & 1)) { | ||
| 178 | s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG; | ||
| 179 | } | ||
| 180 | if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) && | ||
| 181 | padding_length > 0) { | ||
| 182 | padding_length--; | ||
| 183 | } | ||
| 184 | } | ||
| 185 | |||
| 186 | if (EVP_CIPHER_flags(s->enc_read_ctx->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) { | 168 | if (EVP_CIPHER_flags(s->enc_read_ctx->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) { |
| 187 | /* padding is already verified */ | 169 | /* padding is already verified */ |
| 188 | rec->length -= padding_length + 1; | 170 | rec->length -= padding_length + 1; |
diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h index c47ae4632f..84154a5176 100644 --- a/src/lib/libssl/src/ssl/ssl.h +++ b/src/lib/libssl/src/ssl/ssl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl.h,v 1.87 2015/06/20 12:29:39 jsing Exp $ */ | 1 | /* $OpenBSD: ssl.h,v 1.88 2015/07/17 07:04:41 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -522,7 +522,6 @@ struct ssl_session_st { | |||
| 522 | #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L | 522 | #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L |
| 523 | #define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L | 523 | #define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L |
| 524 | #define SSL_OP_TLS_D5_BUG 0x00000100L | 524 | #define SSL_OP_TLS_D5_BUG 0x00000100L |
| 525 | #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L | ||
| 526 | 525 | ||
| 527 | /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added | 526 | /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added |
| 528 | * in OpenSSL 0.9.6d. Usually (depending on the application protocol) | 527 | * in OpenSSL 0.9.6d. Usually (depending on the application protocol) |
| @@ -578,7 +577,6 @@ struct ssl_session_st { | |||
| 578 | SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER | \ | 577 | SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER | \ |
| 579 | SSL_OP_SAFARI_ECDHE_ECDSA_BUG | \ | 578 | SSL_OP_SAFARI_ECDHE_ECDSA_BUG | \ |
| 580 | SSL_OP_TLS_D5_BUG | \ | 579 | SSL_OP_TLS_D5_BUG | \ |
| 581 | SSL_OP_TLS_BLOCK_PADDING_BUG | \ | ||
| 582 | SSL_OP_CRYPTOPRO_TLSEXT_BUG) | 580 | SSL_OP_CRYPTOPRO_TLSEXT_BUG) |
| 583 | 581 | ||
| 584 | /* Obsolete flags kept for compatibility. No sane code should use them. */ | 582 | /* Obsolete flags kept for compatibility. No sane code should use them. */ |
| @@ -594,6 +592,7 @@ struct ssl_session_st { | |||
| 594 | #define SSL_OP_PKCS1_CHECK_2 0x0 | 592 | #define SSL_OP_PKCS1_CHECK_2 0x0 |
| 595 | #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0 | 593 | #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0 |
| 596 | #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 | 594 | #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 |
| 595 | #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0 | ||
| 597 | 596 | ||
| 598 | /* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success | 597 | /* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success |
| 599 | * when just a single record has been written): */ | 598 | * when just a single record has been written): */ |
diff --git a/src/lib/libssl/src/ssl/ssl3.h b/src/lib/libssl/src/ssl/ssl3.h index 265d18810e..8bcf9e37e8 100644 --- a/src/lib/libssl/src/ssl/ssl3.h +++ b/src/lib/libssl/src/ssl/ssl3.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl3.h,v 1.37 2015/06/18 22:51:05 doug Exp $ */ | 1 | /* $OpenBSD: ssl3.h,v 1.38 2015/07/17 07:04:41 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -351,7 +351,7 @@ typedef struct ssl3_buffer_st { | |||
| 351 | #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 | 351 | #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 |
| 352 | #define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 | 352 | #define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 |
| 353 | #define SSL3_FLAGS_POP_BUFFER 0x0004 | 353 | #define SSL3_FLAGS_POP_BUFFER 0x0004 |
| 354 | #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 | 354 | #define TLS1_FLAGS_TLS_PADDING_BUG 0x0 |
| 355 | #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 | 355 | #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 |
| 356 | #define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 | 356 | #define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 |
| 357 | #define SSL3_FLAGS_CCS_OK 0x0080 | 357 | #define SSL3_FLAGS_CCS_OK 0x0080 |
diff --git a/src/lib/libssl/src/ssl/t1_enc.c b/src/lib/libssl/src/ssl/t1_enc.c index b48e248b23..5cd1688a37 100644 --- a/src/lib/libssl/src/ssl/t1_enc.c +++ b/src/lib/libssl/src/ssl/t1_enc.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_enc.c,v 1.78 2015/06/17 14:27:56 jsing Exp $ */ | 1 | /* $OpenBSD: t1_enc.c,v 1.79 2015/07/17 07:04:41 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -875,10 +875,6 @@ tls1_enc(SSL *s, int send) | |||
| 875 | 875 | ||
| 876 | /* we need to add 'i' padding bytes of value j */ | 876 | /* we need to add 'i' padding bytes of value j */ |
| 877 | j = i - 1; | 877 | j = i - 1; |
| 878 | if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) { | ||
| 879 | if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) | ||
| 880 | j++; | ||
| 881 | } | ||
| 882 | for (k = (int)l; k < (int)(l + i); k++) | 878 | for (k = (int)l; k < (int)(l + i); k++) |
| 883 | rec->input[k] = j; | 879 | rec->input[k] = j; |
| 884 | l += i; | 880 | l += i; |
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index c47ae4632f..84154a5176 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl.h,v 1.87 2015/06/20 12:29:39 jsing Exp $ */ | 1 | /* $OpenBSD: ssl.h,v 1.88 2015/07/17 07:04:41 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -522,7 +522,6 @@ struct ssl_session_st { | |||
| 522 | #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L | 522 | #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L |
| 523 | #define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L | 523 | #define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L |
| 524 | #define SSL_OP_TLS_D5_BUG 0x00000100L | 524 | #define SSL_OP_TLS_D5_BUG 0x00000100L |
| 525 | #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L | ||
| 526 | 525 | ||
| 527 | /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added | 526 | /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added |
| 528 | * in OpenSSL 0.9.6d. Usually (depending on the application protocol) | 527 | * in OpenSSL 0.9.6d. Usually (depending on the application protocol) |
| @@ -578,7 +577,6 @@ struct ssl_session_st { | |||
| 578 | SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER | \ | 577 | SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER | \ |
| 579 | SSL_OP_SAFARI_ECDHE_ECDSA_BUG | \ | 578 | SSL_OP_SAFARI_ECDHE_ECDSA_BUG | \ |
| 580 | SSL_OP_TLS_D5_BUG | \ | 579 | SSL_OP_TLS_D5_BUG | \ |
| 581 | SSL_OP_TLS_BLOCK_PADDING_BUG | \ | ||
| 582 | SSL_OP_CRYPTOPRO_TLSEXT_BUG) | 580 | SSL_OP_CRYPTOPRO_TLSEXT_BUG) |
| 583 | 581 | ||
| 584 | /* Obsolete flags kept for compatibility. No sane code should use them. */ | 582 | /* Obsolete flags kept for compatibility. No sane code should use them. */ |
| @@ -594,6 +592,7 @@ struct ssl_session_st { | |||
| 594 | #define SSL_OP_PKCS1_CHECK_2 0x0 | 592 | #define SSL_OP_PKCS1_CHECK_2 0x0 |
| 595 | #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0 | 593 | #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0 |
| 596 | #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 | 594 | #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 |
| 595 | #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0 | ||
| 597 | 596 | ||
| 598 | /* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success | 597 | /* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success |
| 599 | * when just a single record has been written): */ | 598 | * when just a single record has been written): */ |
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h index 265d18810e..8bcf9e37e8 100644 --- a/src/lib/libssl/ssl3.h +++ b/src/lib/libssl/ssl3.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl3.h,v 1.37 2015/06/18 22:51:05 doug Exp $ */ | 1 | /* $OpenBSD: ssl3.h,v 1.38 2015/07/17 07:04:41 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -351,7 +351,7 @@ typedef struct ssl3_buffer_st { | |||
| 351 | #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 | 351 | #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 |
| 352 | #define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 | 352 | #define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 |
| 353 | #define SSL3_FLAGS_POP_BUFFER 0x0004 | 353 | #define SSL3_FLAGS_POP_BUFFER 0x0004 |
| 354 | #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 | 354 | #define TLS1_FLAGS_TLS_PADDING_BUG 0x0 |
| 355 | #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 | 355 | #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 |
| 356 | #define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 | 356 | #define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 |
| 357 | #define SSL3_FLAGS_CCS_OK 0x0080 | 357 | #define SSL3_FLAGS_CCS_OK 0x0080 |
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index b48e248b23..5cd1688a37 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_enc.c,v 1.78 2015/06/17 14:27:56 jsing Exp $ */ | 1 | /* $OpenBSD: t1_enc.c,v 1.79 2015/07/17 07:04:41 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -875,10 +875,6 @@ tls1_enc(SSL *s, int send) | |||
| 875 | 875 | ||
| 876 | /* we need to add 'i' padding bytes of value j */ | 876 | /* we need to add 'i' padding bytes of value j */ |
| 877 | j = i - 1; | 877 | j = i - 1; |
| 878 | if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) { | ||
| 879 | if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) | ||
| 880 | j++; | ||
| 881 | } | ||
| 882 | for (k = (int)l; k < (int)(l + i); k++) | 878 | for (k = (int)l; k < (int)(l + i); k++) |
| 883 | rec->input[k] = j; | 879 | rec->input[k] = j; |
| 884 | l += i; | 880 | l += i; |
diff --git a/src/usr.bin/openssl/s_server.c b/src/usr.bin/openssl/s_server.c index 61b70a5569..066588f01b 100644 --- a/src/usr.bin/openssl/s_server.c +++ b/src/usr.bin/openssl/s_server.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s_server.c,v 1.11 2015/06/15 05:16:56 doug Exp $ */ | 1 | /* $OpenBSD: s_server.c,v 1.12 2015/07/17 07:04:41 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1692,10 +1692,6 @@ init_ssl_connection(SSL * con) | |||
| 1692 | #endif | 1692 | #endif |
| 1693 | if (SSL_cache_hit(con)) | 1693 | if (SSL_cache_hit(con)) |
| 1694 | BIO_printf(bio_s_out, "Reused session-id\n"); | 1694 | BIO_printf(bio_s_out, "Reused session-id\n"); |
| 1695 | if (SSL_ctrl(con, SSL_CTRL_GET_FLAGS, 0, NULL) & | ||
| 1696 | TLS1_FLAGS_TLS_PADDING_BUG) | ||
| 1697 | BIO_printf(bio_s_out, | ||
| 1698 | "Peer has incorrect TLSv1 block padding\n"); | ||
| 1699 | BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n", | 1695 | BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n", |
| 1700 | SSL_get_secure_renegotiation_support(con) ? "" : " NOT"); | 1696 | SSL_get_secure_renegotiation_support(con) ? "" : " NOT"); |
| 1701 | if (keymatexportlabel != NULL) { | 1697 | if (keymatexportlabel != NULL) { |