Remove SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER and SSL_OP_TLS_D5_BUG support.

Suggested by David Benjamin Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Viktor Dukhovni <openssl-users@dukhovni.org> MR: #1520
2015-12-22 13:48:01 +01:00 · 2015-12-22 13:48:01 +01:00 · 1c9ed1d8a7
commit 1c9ed1d8a7
parent 933d108516
6 changed files with 10 additions and 40 deletions
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@ -362,11 +362,11 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type,
 /* Dead forever, see CVE-2010-4180. */
 # define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG         0x0U
 # define SSL_OP_TLSEXT_PADDING                           0x00000010U
-# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER               0x00000020U
+# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER               0x0U
 # define SSL_OP_SAFARI_ECDHE_ECDSA_BUG                   0x00000040U
 /* Ancient SSLeay version, retained for compatibility */
 # define SSL_OP_SSLEAY_080_CLIENT_DH_BUG                 0x0
-# define SSL_OP_TLS_D5_BUG                               0x00000100U
+# define SSL_OP_TLS_D5_BUG                               0x0U
 /* Removed from OpenSSL 1.1.0 */
 # define SSL_OP_TLS_BLOCK_PADDING_BUG                    0x0U

--- a/ssl/record/ssl3_buffer.c
+++ b/ssl/record/ssl3_buffer.c
@ -159,10 +159,6 @@ int ssl3_setup_read_buffer(SSL *s)
    if (b->buf == NULL) {
        len = SSL3_RT_MAX_PLAIN_LENGTH
            + SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
-        if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) {
-            s->s3->init_extra = 1;
-            len += SSL3_RT_MAX_EXTRA;
-        }
 #ifndef OPENSSL_NO_COMP
        if (ssl_allow_compression(s))
            len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@ -193,25 +193,11 @@ int ssl3_get_record(SSL *s)
    unsigned char md[EVP_MAX_MD_SIZE];
    short version;
    unsigned mac_size;
-    size_t extra;
    unsigned empty_record_count = 0;

    rr = RECORD_LAYER_get_rrec(&s->rlayer);
    sess = s->session;

-    if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
-        extra = SSL3_RT_MAX_EXTRA;
-    else
-        extra = 0;
-    if (extra && !s->s3->init_extra) {
-        /*
-         * An application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER set after
-         * ssl3_setup_buffers() was done
-         */
-        SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR);
-        return -1;
-    }
-
 again:
    /* check if we have the header */
    if ((RECORD_LAYER_get_rstate(&s->rlayer) != SSL_ST_READ_BODY) ||
@ -349,7 +335,7 @@ int ssl3_get_record(SSL *s)
     */

    /* check is not needed I believe */
-    if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH + extra) {
+    if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
        al = SSL_AD_RECORD_OVERFLOW;
        SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
        goto f_err;
@ -453,7 +439,7 @@ int ssl3_get_record(SSL *s)
        if (i < 0 || mac == NULL
            || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
            enc_err = -1;
-        if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + extra + mac_size)
+        if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
            enc_err = -1;
    }

@ -473,7 +459,7 @@ int ssl3_get_record(SSL *s)

    /* r->length is now just compressed */
    if (s->expand != NULL) {
-        if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + extra) {
+        if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) {
            al = SSL_AD_RECORD_OVERFLOW;
            SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_COMPRESSED_LENGTH_TOO_LONG);
            goto f_err;
@ -485,7 +471,7 @@ int ssl3_get_record(SSL *s)
        }
    }

-    if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH + extra) {
+    if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
        al = SSL_AD_RECORD_OVERFLOW;
        SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG);
        goto f_err;
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@ -3402,8 +3402,6 @@ void ssl3_free(SSL *s)

 void ssl3_clear(SSL *s)
 {
-    int init_extra;
-
    ssl3_cleanup_key_block(s);
    sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
    OPENSSL_free(s->s3->tmp.ciphers_raw);
@ -3427,7 +3425,6 @@ void ssl3_clear(SSL *s)
    s->s3->is_probably_safari = 0;
 #endif                         /* !OPENSSL_NO_EC */

-    init_extra = s->s3->init_extra;
    ssl3_free_digest_list(s);

    if (s->s3->alpn_selected) {
@ -3436,7 +3433,6 @@ void ssl3_clear(SSL *s)
    }

    memset(s->s3, 0, sizeof(*s->s3));
-    s->s3->init_extra = init_extra;

    ssl_free_wbio_buffer(s);

--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@ -1188,8 +1188,6 @@ typedef struct ssl3_state_st {
    /* flags for countermeasure against known-IV weakness */
    int need_empty_fragments;
    int empty_fragment_done;
-    /* The value of 'extra' when the buffers were initialized */
-    int init_extra;
    /* used during startup, digest all incoming/outgoing packets */
    BIO *handshake_buffer;
    /*
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@ -2227,20 +2227,14 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
        if (s->version == SSL3_VERSION || s->version == DTLS1_BAD_VER) {
            enc_premaster = *pkt;
        } else {
-            PACKET orig = *pkt;
            if (!PACKET_get_length_prefixed_2(pkt, &enc_premaster)
                || PACKET_remaining(pkt) != 0) {
-                /* Try SSLv3 behaviour for TLS. */
-                if (s->options & SSL_OP_TLS_D5_BUG) {
-                    enc_premaster = orig;
-                } else {
                al = SSL_AD_DECODE_ERROR;
                SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
                       SSL_R_LENGTH_MISMATCH);
                goto f_err;
            }
        }
-        }

        /*
         * We want to be sure that the plaintext buffer size makes it safe to