2 files changed, 4 insertions, 39 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 1a6f28911b..a72af19711 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.131 2017/08/13 16:25:19 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.132 2017/08/13 16:28:45 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -481,7 +481,6 @@ struct ssl_session_st {
 /* Allow initial connection to servers that don't support RI */
 #define SSL_OP_LEGACY_SERVER_CONNECT                    0x00000004L
-#define SSL_OP_TLSEXT_PADDING                           0x00000010L
 /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
 * in OpenSSL 0.9.6d.  Usually (depending on the application protocol)
@@ -520,8 +519,7 @@ struct ssl_session_st {
 /* SSL_OP_ALL: various bug workarounds that should be rather harmless. */
 #define SSL_OP_ALL \
-    (SSL_OP_LEGACY_SERVER_CONNECT | \
+    (SSL_OP_LEGACY_SERVER_CONNECT)
-     SSL_OP_TLSEXT_PADDING)
 /* Obsolete flags kept for compatibility. No sane code should use them. */
 #define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION        0x0
@@ -544,6 +542,7 @@ struct ssl_session_st {
 #define SSL_OP_SINGLE_ECDH_USE                          0x0
 #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG                 0x0
 #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG              0x0
+#define SSL_OP_TLSEXT_PADDING                           0x0
 #define SSL_OP_TLS_BLOCK_PADDING_BUG                    0x0
 #define SSL_OP_TLS_D5_BUG                               0x0
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index b8b54484ed..c141dcef31 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.132 2017/08/13 16:25:19 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.133 2017/08/13 16:28:45 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -720,40 +720,6 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
        }
 #endif
-        /*
-         * Add padding to workaround bugs in F5 terminators.
-         * See https://tools.ietf.org/html/draft-agl-tls-padding-03
-         *
-         * Note that this seems to trigger issues with IronPort SMTP
-         * appliances.
-         *
-         * NB: because this code works out the length of all existing
-         * extensions it MUST always appear last.
-         */
-        if (s->internal->options & SSL_OP_TLSEXT_PADDING) {
-                int hlen = ret - (unsigned char *)s->internal->init_buf->data;
-                /*
-                 * The code in s23_clnt.c to build ClientHello messages
-                 * includes the 5-byte record header in the buffer, while the
-                 * code in s3_clnt.c does not.
-                 */
-                if (S3I(s)->hs.state == SSL23_ST_CW_CLNT_HELLO_A)
-                        hlen -= 5;
-                if (hlen > 0xff && hlen < 0x200) {
-                        hlen = 0x200 - hlen;
-                        if (hlen >= 4)
-                                hlen -= 4;
-                        else
-                                hlen = 0;
-                        s2n(TLSEXT_TYPE_padding, ret);
-                        s2n(hlen, ret);
-                        memset(ret, 0, hlen);
-                        ret += hlen;
-                }
-        }
        if ((extdatalen = ret - p - 2) == 0)
                return p;

diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index 1a6f28911b..a72af19711 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl.h,v 1.131 2017/08/13 16:25:19 jsing Exp $ */	1	/* $OpenBSD: ssl.h,v 1.132 2017/08/13 16:28:45 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -481,7 +481,6 @@ struct ssl_session_st {
481		481
482	/* Allow initial connection to servers that don't support RI */	482	/* Allow initial connection to servers that don't support RI */
483	#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L	483	#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
484	#define SSL_OP_TLSEXT_PADDING 0x00000010L
485		484
486	/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added	485	/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
487	* in OpenSSL 0.9.6d. Usually (depending on the application protocol)	486	* in OpenSSL 0.9.6d. Usually (depending on the application protocol)
@@ -520,8 +519,7 @@ struct ssl_session_st {
520		519
521	/* SSL_OP_ALL: various bug workarounds that should be rather harmless. */	520	/* SSL_OP_ALL: various bug workarounds that should be rather harmless. */
522	#define SSL_OP_ALL \	521	#define SSL_OP_ALL \
523	(SSL_OP_LEGACY_SERVER_CONNECT \| \	522	(SSL_OP_LEGACY_SERVER_CONNECT)
524	SSL_OP_TLSEXT_PADDING)
525		523
526	/* Obsolete flags kept for compatibility. No sane code should use them. */	524	/* Obsolete flags kept for compatibility. No sane code should use them. */
527	#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x0	525	#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x0
@@ -544,6 +542,7 @@ struct ssl_session_st {
544	#define SSL_OP_SINGLE_ECDH_USE 0x0	542	#define SSL_OP_SINGLE_ECDH_USE 0x0
545	#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0	543	#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0
546	#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0	544	#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0
		545	#define SSL_OP_TLSEXT_PADDING 0x0
547	#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0	546	#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0
548	#define SSL_OP_TLS_D5_BUG 0x0	547	#define SSL_OP_TLS_D5_BUG 0x0
549		548


diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index b8b54484ed..c141dcef31 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_lib.c,v 1.132 2017/08/13 16:25:19 jsing Exp $ */	1	/* $OpenBSD: t1_lib.c,v 1.133 2017/08/13 16:28:45 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -720,40 +720,6 @@ ssl_add_clienthello_tlsext(SSL s, unsigned char p, unsigned char *limit)
720	}	720	}
721	#endif	721	#endif
722		722
723	/*
724	* Add padding to workaround bugs in F5 terminators.
725	* See https://tools.ietf.org/html/draft-agl-tls-padding-03
726	*
727	* Note that this seems to trigger issues with IronPort SMTP
728	* appliances.
729	*
730	* NB: because this code works out the length of all existing
731	* extensions it MUST always appear last.
732	*/
733	if (s->internal->options & SSL_OP_TLSEXT_PADDING) {
734	int hlen = ret - (unsigned char *)s->internal->init_buf->data;
735
736	/*
737	* The code in s23_clnt.c to build ClientHello messages
738	* includes the 5-byte record header in the buffer, while the
739	* code in s3_clnt.c does not.
740	*/
741	if (S3I(s)->hs.state == SSL23_ST_CW_CLNT_HELLO_A)
742	hlen -= 5;
743	if (hlen > 0xff && hlen < 0x200) {
744	hlen = 0x200 - hlen;
745	if (hlen >= 4)
746	hlen -= 4;
747	else
748	hlen = 0;
749
750	s2n(TLSEXT_TYPE_padding, ret);
751	s2n(hlen, ret);
752	memset(ret, 0, hlen);
753	ret += hlen;
754	}
755	}
756
757	if ((extdatalen = ret - p - 2) == 0)	723	if ((extdatalen = ret - p - 2) == 0)
758	return p;	724	return p;
759		725