Commit 22e3dcb7 authored by Rich Salz's avatar Rich Salz Committed by Rich Salz
Browse files

Remove TLS heartbeat, disable DTLS heartbeat 



To enable heartbeats for DTLS, configure with enable-heartbeats.
Heartbeats for TLS have been completely removed.

This addresses RT 3647

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
parent f3f1cf84

CHANGES

+5 −0
Original line number Diff line number Diff line
@@ -4,6 +4,11 @@ 


 Changes between 1.0.2f and 1.1.0  [xx XXX xxxx]



  *) Heartbeat for TLS has been removed and is disabled by default

     for DTLS; configure with enable-heartbeats.  Code that uses the

     old #define's might need to be updated.

     [Emilia Käsper, Rich Salz]



  *) Rename REF_CHECK to REF_DEBUG.

     [Rich Salz]

Configure

+1 −0
Original line number Diff line number Diff line
@@ -318,6 +318,7 @@ my %disabled = ( # "what" => "comment" [or special keyword "experimental 
		 "unit-test"	  => "default",

		 "zlib"           => "default",

		 "crypto-mdebug"  => "default",

		 "heartbeats"     => "default",

	       );

my @experimental = ();

apps/openssl.c

+3 −0
Original line number Diff line number Diff line
@@ -748,6 +748,9 @@ static void list_disabled(void) 
#ifdef OPENSSL_NO_GOST

    BIO_puts(bio_out, "GOST\n");

#endif

#ifdef OPENSSL_NO_HEARTBEATS

    BIO_puts(bio_out, "HEARTBEATS\n");

#endif

#ifdef OPENSSL_NO_HMAC

    BIO_puts(bio_out, "HMAC\n");

#endif

include/openssl/ssl.h

+4 −6
Original line number Diff line number Diff line
@@ -601,7 +601,7 @@ unsigned long SSL_set_options(SSL *s, unsigned long op); 


# ifndef OPENSSL_NO_HEARTBEATS

#  define SSL_heartbeat(ssl) \

        SSL_ctrl((ssl),SSL_CTRL_TLS_EXT_SEND_HEARTBEAT,0,NULL)

        SSL_ctrl((ssl),SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT,0,NULL)

# endif



# define SSL_CTX_set_cert_flags(ctx,op) \
@@ -1177,9 +1177,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) 
# define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH               80

# define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD               81

# ifndef OPENSSL_NO_HEARTBEATS

#  define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT                         85

#  define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING          86

#  define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS      87

#  define SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT               85

#  define SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING        86

#  define SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS    87

# endif

# define DTLS_CTRL_GET_TIMEOUT           73

# define DTLS_CTRL_HANDLE_TIMEOUT        74
@@ -2125,11 +2125,9 @@ void ERR_load_SSL_strings(void); 
# define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT              274

# define SSL_F_TLS1_EXPORT_KEYING_MATERIAL                314

# define SSL_F_TLS1_GET_CURVELIST                         338

# define SSL_F_TLS1_HEARTBEAT                             315

# define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT            275

# define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT            276

# define SSL_F_TLS1_PRF                                   284

# define SSL_F_TLS1_PROCESS_HEARTBEAT                     341

# define SSL_F_TLS1_SETUP_KEY_BLOCK                       211

# define SSL_F_TLS1_SET_SERVER_SIGALGS                    335

# define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK          354

include/openssl/ssl3.h

+1 −1
Original line number Diff line number Diff line
@@ -306,7 +306,7 @@ extern "C" { 
# define SSL3_RT_ALERT                   21

# define SSL3_RT_HANDSHAKE               22

# define SSL3_RT_APPLICATION_DATA        23

# define TLS1_RT_HEARTBEAT               24

# define DTLS1_RT_HEARTBEAT              24



/* Pseudo content types to indicate additional parameters */

# define TLS1_RT_CRYPTO                  0x1000