generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove TLS heartbeat, disable DTLS heartbeat

Browse Source 
To enable heartbeats for DTLS, configure with enable-heartbeats.
Heartbeats for TLS have been completely removed.

This addresses RT 3647

Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Rich Salz
2016-01-25 13:30:37 -05:00
committed by Rich Salz
parent f3f1cf8444
commit 22e3dcb780
17 changed files with 94 additions and 339 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
include/openssl/ssl.h
View File

@@ -601,7 +601,7 @@ unsigned long SSL_set_options(SSL *s, unsigned long op);
# ifndef OPENSSL_NO_HEARTBEATS
# define SSL_heartbeat(ssl) \
SSL_ctrl((ssl),SSL_CTRL_TLS_EXT_SEND_HEARTBEAT,0,NULL)
SSL_ctrl((ssl),SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT,0,NULL)
# endif
# define SSL_CTX_set_cert_flags(ctx,op) \
@@ -1177,9 +1177,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
# define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80
# define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81
# ifndef OPENSSL_NO_HEARTBEATS
# define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT 85
# define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING 86
# define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS 87
# define SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT 85
# define SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING 86
# define SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS 87
# endif
# define DTLS_CTRL_GET_TIMEOUT 73
# define DTLS_CTRL_HANDLE_TIMEOUT 74
@@ -2125,11 +2125,9 @@ void ERR_load_SSL_strings(void);
# define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT 274
# define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 314
# define SSL_F_TLS1_GET_CURVELIST 338
# define SSL_F_TLS1_HEARTBEAT 315
# define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT 275
# define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT 276
# define SSL_F_TLS1_PRF 284
# define SSL_F_TLS1_PROCESS_HEARTBEAT 341
# define SSL_F_TLS1_SETUP_KEY_BLOCK 211
# define SSL_F_TLS1_SET_SERVER_SIGALGS 335
# define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK 354

2
include/openssl/ssl3.h
View File

@@ -306,7 +306,7 @@ extern "C" {
# define SSL3_RT_ALERT 21
# define SSL3_RT_HANDSHAKE 22
# define SSL3_RT_APPLICATION_DATA 23
# define TLS1_RT_HEARTBEAT 24
# define DTLS1_RT_HEARTBEAT 24
/* Pseudo content types to indicate additional parameters */
# define TLS1_RT_CRYPTO 0x1000

32
include/openssl/tls1.h
View File

@@ -391,14 +391,32 @@ SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
# ifndef OPENSSL_NO_HEARTBEATS
# define SSL_TLSEXT_HB_ENABLED 0x01
# define SSL_TLSEXT_HB_DONT_SEND_REQUESTS 0x02
# define SSL_TLSEXT_HB_DONT_RECV_REQUESTS 0x04
# define SSL_DTLSEXT_HB_ENABLED 0x01
# define SSL_DTLSEXT_HB_DONT_SEND_REQUESTS 0x02
# define SSL_DTLSEXT_HB_DONT_RECV_REQUESTS 0x04
# define SSL_get_dtlsext_heartbeat_pending(ssl) \
SSL_ctrl((ssl),SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING,0,NULL)
# define SSL_set_dtlsext_heartbeat_no_requests(ssl, arg) \
SSL_ctrl((ssl),SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL)
# define SSL_get_tlsext_heartbeat_pending(ssl) \
SSL_ctrl((ssl),SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING,0,NULL)
# define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \
SSL_ctrl((ssl),SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL)
# if OPENSSL_API_COMPAT < 0x10100000L
# define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT \
SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT
# define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING \
SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING
# define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS \
SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS
# define SSL_TLSEXT_HB_ENABLED \
SSL_DTLSEXT_HB_ENABLED
# define SSL_TLSEXT_HB_DONT_SEND_REQUESTS \
SSL_DTLSEXT_HB_DONT_SEND_REQUESTS
# define SSL_TLSEXT_HB_DONT_RECV_REQUESTS \
SSL_DTLSEXT_HB_DONT_RECV_REQUESTS
# define SSL_get_tlsext_heartbeat_pending(ssl) \
SSL_get_dtlsext_heartbeat_pending(ssl)
# define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \
SSL_set_dtlsext_heartbeat_no_requests(ssl, arg)
# endif
# endif
/* PSK ciphersuites from 4279 */