Commit a8e4ac6a authored by Emilia Kasper's avatar Emilia Kasper
Browse files

Remove SSL_OP_TLS_BLOCK_PADDING_BUG 

This is a workaround so old that nobody remembers what buggy clients
it was for. It's also been broken in stable branches for two years and
nobody noticed (see
https://boringssl-review.googlesource.com/#/c/1694/

).

Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
parent 91d13f1a

CHANGES

+5 −0
Original line number Diff line number Diff line
@@ -3,6 +3,11 @@ 
 _______________



 Changes between 1.0.2 and 1.1.0  [xx XXX xxxx]

  *) Remove SSL_OP_TLS_BLOCK_PADDING_BUG. This is SSLeay legacy, we're

     not aware of clients that still exhibit this bug, and the workaround

     hasn't been working properly for a while.

     [Emilia Käsper]



  *) The return type of BIO_number_read() and BIO_number_written() as well as

     the corresponding num_read and num_write members in the BIO structure has

     changed from unsigned long to uint64_t. On platforms where an unsigned

apps/s_server.c

+0 −3
Original line number Diff line number Diff line
@@ -2462,9 +2462,6 @@ static int init_ssl_connection(SSL *con) 
#endif

    if (SSL_cache_hit(con))

        BIO_printf(bio_s_out, "Reused session-id\n");

    if (SSL_ctrl(con, SSL_CTRL_GET_FLAGS, 0, NULL) &

        TLS1_FLAGS_TLS_PADDING_BUG)

        BIO_printf(bio_s_out, "Peer has incorrect TLSv1 block padding\n");

    BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",

               SSL_get_secure_renegotiation_support(con) ? "" : " NOT");

    if (keymatexportlabel != NULL) {

doc/ssl/SSL_CTX_set_options.pod

+0 −4
Original line number Diff line number Diff line
@@ -94,10 +94,6 @@ OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers. 


...



=item SSL_OP_TLS_BLOCK_PADDING_BUG



...



=item SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS



Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol

include/openssl/ssl.h

+2 −1
Original line number Diff line number Diff line
@@ -360,7 +360,8 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, 
# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG                   0x00000040L

# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG                 0x00000080L

# define SSL_OP_TLS_D5_BUG                               0x00000100L

# define SSL_OP_TLS_BLOCK_PADDING_BUG                    0x00000200L

/* Removed from OpenSSL 1.1.0 */

# define SSL_OP_TLS_BLOCK_PADDING_BUG                    0x0L



/* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */

# define SSL_OP_MSIE_SSLV2_RSA_PADDING                   0x0

include/openssl/ssl3.h

+2 −1
Original line number Diff line number Diff line
@@ -362,7 +362,8 @@ extern "C" { 
# define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS       0x0001

# define SSL3_FLAGS_DELAY_CLIENT_FINISHED        0x0002

# define SSL3_FLAGS_POP_BUFFER                   0x0004

# define TLS1_FLAGS_TLS_PADDING_BUG              0x0008

/* Removed from OpenSSL 1.1.0 */

# define TLS1_FLAGS_TLS_PADDING_BUG              0x0

# define TLS1_FLAGS_SKIP_CERT_VERIFY             0x0010

# define TLS1_FLAGS_KEEP_HANDSHAKE               0x0020

/*