1 files changed, 1 insertions, 35 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index b8b54484ed..c141dcef31 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.132 2017/08/13 16:25:19 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.133 2017/08/13 16:28:45 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -720,40 +720,6 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
        }
 #endif
-        /*
-         * Add padding to workaround bugs in F5 terminators.
-         * See https://tools.ietf.org/html/draft-agl-tls-padding-03
-         *
-         * Note that this seems to trigger issues with IronPort SMTP
-         * appliances.
-         *
-         * NB: because this code works out the length of all existing
-         * extensions it MUST always appear last.
-         */
-        if (s->internal->options & SSL_OP_TLSEXT_PADDING) {
-                int hlen = ret - (unsigned char *)s->internal->init_buf->data;
-                /*
-                 * The code in s23_clnt.c to build ClientHello messages
-                 * includes the 5-byte record header in the buffer, while the
-                 * code in s3_clnt.c does not.
-                 */
-                if (S3I(s)->hs.state == SSL23_ST_CW_CLNT_HELLO_A)
-                        hlen -= 5;
-                if (hlen > 0xff && hlen < 0x200) {
-                        hlen = 0x200 - hlen;
-                        if (hlen >= 4)
-                                hlen -= 4;
-                        else
-                                hlen = 0;
-                        s2n(TLSEXT_TYPE_padding, ret);
-                        s2n(hlen, ret);
-                        memset(ret, 0, hlen);
-                        ret += hlen;
-                }
-        }
        if ((extdatalen = ret - p - 2) == 0)
                return p;

diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index b8b54484ed..c141dcef31 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_lib.c,v 1.132 2017/08/13 16:25:19 jsing Exp $ */	1	/* $OpenBSD: t1_lib.c,v 1.133 2017/08/13 16:28:45 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -720,40 +720,6 @@ ssl_add_clienthello_tlsext(SSL s, unsigned char p, unsigned char *limit)
720	}	720	}
721	#endif	721	#endif
722		722
723	/*
724	* Add padding to workaround bugs in F5 terminators.
725	* See https://tools.ietf.org/html/draft-agl-tls-padding-03
726	*
727	* Note that this seems to trigger issues with IronPort SMTP
728	* appliances.
729	*
730	* NB: because this code works out the length of all existing
731	* extensions it MUST always appear last.
732	*/
733	if (s->internal->options & SSL_OP_TLSEXT_PADDING) {
734	int hlen = ret - (unsigned char *)s->internal->init_buf->data;
735
736	/*
737	* The code in s23_clnt.c to build ClientHello messages
738	* includes the 5-byte record header in the buffer, while the
739	* code in s3_clnt.c does not.
740	*/
741	if (S3I(s)->hs.state == SSL23_ST_CW_CLNT_HELLO_A)
742	hlen -= 5;
743	if (hlen > 0xff && hlen < 0x200) {
744	hlen = 0x200 - hlen;
745	if (hlen >= 4)
746	hlen -= 4;
747	else
748	hlen = 0;
749
750	s2n(TLSEXT_TYPE_padding, ret);
751	s2n(hlen, ret);
752	memset(ret, 0, hlen);
753	ret += hlen;
754	}
755	}
756
757	if ((extdatalen = ret - p - 2) == 0)	723	if ((extdatalen = ret - p - 2) == 0)
758	return p;	724	return p;
759		725