wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove heartbeats completely

Browse source 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1669)
This commit is contained in:
Richard Levitte 2016-10-06 11:22:28 +02:00
parent 54c68d35c6
commit 6c62f9e163
12 changed files with 3 additions and 102 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
Configure
View file

@ -367,7 +367,6 @@ my @disablables = (
"fuzz-libfuzzer", "fuzz-libfuzzer",
"fuzz-afl", "fuzz-afl",
"gost", "gost",
"heartbeats",
"hw(-.+)?", "hw(-.+)?",
"idea", "idea",
"makedepend", "makedepend",
@ -435,7 +434,6 @@ our %disabled = ( # "what" => "comment"
"external-tests" => "default", "external-tests" => "default",
"fuzz-libfuzzer" => "default", "fuzz-libfuzzer" => "default",
"fuzz-afl" => "default", "fuzz-afl" => "default",
"heartbeats" => "default",
"md2" => "default", "md2" => "default",
"msan" => "default", "msan" => "default",
"rc5" => "default", "rc5" => "default",
@ -487,8 +485,8 @@ my @disable_cascades = (
"tls" => [ @tls ], "tls" => [ @tls ],
# SRP and HEARTBEATS require TLSEXT # SRP requires TLSEXT
"tlsext" => [ "srp", "heartbeats" ], "tlsext" => [ "srp" ],
"crypto-mdebug" => [ "crypto-mdebug-backtrace" ], "crypto-mdebug" => [ "crypto-mdebug-backtrace" ],
@ -506,7 +504,6 @@ my @disable_cascades = (
"stdio" => [ "apps", "capieng" ], "stdio" => [ "apps", "capieng" ],
"apps" => [ "tests" ], "apps" => [ "tests" ],
"comp" => [ "zlib" ], "comp" => [ "zlib" ],
sub { !$disabled{"unit-test"} } => [ "heartbeats" ],
sub { !$disabled{"msan"} } => [ "asm" ], sub { !$disabled{"msan"} } => [ "asm" ],
); );

3
apps/openssl.c
View file

@ -628,9 +628,6 @@ static void list_disabled(void)
#ifdef OPENSSL_NO_GOST #ifdef OPENSSL_NO_GOST
BIO_puts(bio_out, "GOST\n"); BIO_puts(bio_out, "GOST\n");
#endif #endif
#ifdef OPENSSL_NO_HEARTBEATS
BIO_puts(bio_out, "HEARTBEATS\n");
#endif
#ifdef OPENSSL_NO_IDEA #ifdef OPENSSL_NO_IDEA
BIO_puts(bio_out, "IDEA\n"); BIO_puts(bio_out, "IDEA\n");
#endif #endif

17
apps/s_cb.c
View file

@ -555,22 +555,6 @@ void msg_cb(int write_p, int version, int content_type, const void *buf,
case 23: case 23:
str_content_type = "ApplicationData"; str_content_type = "ApplicationData";
break; break;
#ifndef OPENSSL_NO_HEARTBEATS
case 24:
str_details1 = ", Heartbeat";
if (len > 0) {
switch (bp[0]) {
case 1:
str_details1 = ", HeartbeatRequest";
break;
case 2:
str_details1 = ", HeartbeatResponse";
break;
}
}
break;
#endif
} }
} }
@ -611,7 +595,6 @@ static STRINT_PAIR tlsext_types[] = {
{"SRP", TLSEXT_TYPE_srp}, {"SRP", TLSEXT_TYPE_srp},
{"signature algorithms", TLSEXT_TYPE_signature_algorithms}, {"signature algorithms", TLSEXT_TYPE_signature_algorithms},
{"use SRTP", TLSEXT_TYPE_use_srtp}, {"use SRTP", TLSEXT_TYPE_use_srtp},
{"heartbeat", TLSEXT_TYPE_heartbeat},
{"session ticket", TLSEXT_TYPE_session_ticket}, {"session ticket", TLSEXT_TYPE_session_ticket},
{"renegotiation info", TLSEXT_TYPE_renegotiate}, {"renegotiation info", TLSEXT_TYPE_renegotiate},
{"signed certificate timestamps", TLSEXT_TYPE_signed_certificate_timestamp}, {"signed certificate timestamps", TLSEXT_TYPE_signed_certificate_timestamp},

7
apps/s_client.c
View file

@ -2448,13 +2448,6 @@ int s_client_main(int argc, char **argv)
SSL_renegotiate(con); SSL_renegotiate(con);
cbuf_len = 0; cbuf_len = 0;
} }
#ifndef OPENSSL_NO_HEARTBEATS
else if ((!c_ign_eof) && (cbuf[0] == 'B' && cmdletters)) {
BIO_printf(bio_err, "HEARTBEATING\n");
SSL_heartbeat(con);
cbuf_len = 0;
}
#endif
else { else {
cbuf_len = i; cbuf_len = i;
cbuf_off = 0; cbuf_off = 0;

8
apps/s_server.c
View file

@ -2226,14 +2226,6 @@ static int sv_body(int s, int stype, unsigned char *context)
*/ */
goto err; goto err;
} }
#ifndef OPENSSL_NO_HEARTBEATS
if ((buf[0] == 'B') && ((buf[1] == '\n') || (buf[1] == '\r'))) {
BIO_printf(bio_err, "HEARTBEATING\n");
SSL_heartbeat(con);
i = 0;
continue;
}
#endif
if ((buf[0] == 'r') && ((buf[1] == '\n') || (buf[1] == '\r'))) { if ((buf[0] == 'r') && ((buf[1] == '\n') || (buf[1] == '\r'))) {
SSL_renegotiate(con); SSL_renegotiate(con);
i = SSL_do_handshake(con); i = SSL_do_handshake(con);

13
include/openssl/ssl.h
View file

@ -509,11 +509,6 @@ unsigned long SSL_set_options(SSL *s, unsigned long op);
# define SSL_get_secure_renegotiation_support(ssl) \ # define SSL_get_secure_renegotiation_support(ssl) \
SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
# ifndef OPENSSL_NO_HEARTBEATS
# define SSL_heartbeat(ssl) \
SSL_ctrl((ssl),SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT,0,NULL)
# endif
# define SSL_CTX_set_cert_flags(ctx,op) \ # define SSL_CTX_set_cert_flags(ctx,op) \
SSL_CTX_ctrl((ctx),SSL_CTRL_CERT_FLAGS,(op),NULL) SSL_CTX_ctrl((ctx),SSL_CTRL_CERT_FLAGS,(op),NULL)
# define SSL_set_cert_flags(s,op) \ # define SSL_set_cert_flags(s,op) \
@ -1095,11 +1090,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 # define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79
# define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 # define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80
# define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 # define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81
# ifndef OPENSSL_NO_HEARTBEATS
# define SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT 85
# define SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING 86
# define SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS 87
# endif
# define DTLS_CTRL_GET_TIMEOUT 73 # define DTLS_CTRL_GET_TIMEOUT 73
# define DTLS_CTRL_HANDLE_TIMEOUT 74 # define DTLS_CTRL_HANDLE_TIMEOUT 74
# define SSL_CTRL_GET_RI_SUPPORT 76 # define SSL_CTRL_GET_RI_SUPPORT 76
@ -2085,7 +2075,6 @@ int ERR_load_SSL_strings(void);
# define SSL_F_DO_SSL3_WRITE 104 # define SSL_F_DO_SSL3_WRITE 104
# define SSL_F_DTLS1_BUFFER_RECORD 247 # define SSL_F_DTLS1_BUFFER_RECORD 247
# define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 318 # define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 318
# define SSL_F_DTLS1_HEARTBEAT 305
# define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288 # define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288
# define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS 424 # define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS 424
# define SSL_F_DTLS1_PROCESS_RECORD 257 # define SSL_F_DTLS1_PROCESS_RECORD 257
@ -2510,8 +2499,6 @@ int ERR_load_SSL_strings(void);
# define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 # define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111
# define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 # define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112
# define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 # define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110
# define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT 365
# define SSL_R_TLS_HEARTBEAT_PENDING 366
# define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367 # define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367
# define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 # define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157
# define SSL_R_TOO_MANY_WARN_ALERTS 409 # define SSL_R_TOO_MANY_WARN_ALERTS 409

1
include/openssl/ssl3.h
View file

@ -204,7 +204,6 @@ extern "C" {
# define SSL3_RT_ALERT 21 # define SSL3_RT_ALERT 21
# define SSL3_RT_HANDSHAKE 22 # define SSL3_RT_HANDSHAKE 22
# define SSL3_RT_APPLICATION_DATA 23 # define SSL3_RT_APPLICATION_DATA 23
# define DTLS1_RT_HEARTBEAT 24
/* Pseudo content types to indicate additional parameters */ /* Pseudo content types to indicate additional parameters */
# define TLS1_RT_CRYPTO 0x1000 # define TLS1_RT_CRYPTO 0x1000

32
include/openssl/tls1.h
View file

@ -146,9 +146,6 @@ extern "C" {
/* ExtensionType value from RFC5764 */ /* ExtensionType value from RFC5764 */
# define TLSEXT_TYPE_use_srtp 14 # define TLSEXT_TYPE_use_srtp 14
/* ExtensionType value from RFC5620 */
# define TLSEXT_TYPE_heartbeat 15
/* ExtensionType value from RFC7301 */ /* ExtensionType value from RFC7301 */
# define TLSEXT_TYPE_application_layer_protocol_negotiation 16 # define TLSEXT_TYPE_application_layer_protocol_negotiation 16
@ -325,35 +322,6 @@ SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
# define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ # define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
# ifndef OPENSSL_NO_HEARTBEATS
# define SSL_DTLSEXT_HB_ENABLED 0x01
# define SSL_DTLSEXT_HB_DONT_SEND_REQUESTS 0x02
# define SSL_DTLSEXT_HB_DONT_RECV_REQUESTS 0x04
# define SSL_get_dtlsext_heartbeat_pending(ssl) \
SSL_ctrl((ssl),SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING,0,NULL)
# define SSL_set_dtlsext_heartbeat_no_requests(ssl, arg) \
SSL_ctrl((ssl),SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL)
# if OPENSSL_API_COMPAT < 0x10100000L
# define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT \
SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT
# define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING \
SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING
# define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS \
SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS
# define SSL_TLSEXT_HB_ENABLED \
SSL_DTLSEXT_HB_ENABLED
# define SSL_TLSEXT_HB_DONT_SEND_REQUESTS \
SSL_DTLSEXT_HB_DONT_SEND_REQUESTS
# define SSL_TLSEXT_HB_DONT_RECV_REQUESTS \
SSL_DTLSEXT_HB_DONT_RECV_REQUESTS
# define SSL_get_tlsext_heartbeat_pending(ssl) \
SSL_get_dtlsext_heartbeat_pending(ssl)
# define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \
SSL_set_dtlsext_heartbeat_no_requests(ssl, arg)
# endif
# endif
/* PSK ciphersuites from 4279 */ /* PSK ciphersuites from 4279 */
# define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A # define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A
# define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B # define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B

7
ssl/s3_lib.c
View file

@ -3047,13 +3047,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
ret = 1; ret = 1;
break; break;
#ifndef OPENSSL_NO_HEARTBEATS
case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
break;
#endif
case SSL_CTRL_CHAIN: case SSL_CTRL_CHAIN:
if (larg) if (larg)
return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg); return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);

5
ssl/ssl_err.c
View file

@ -30,7 +30,6 @@ static ERR_STRING_DATA SSL_str_functs[] = {
{ERR_FUNC(SSL_F_DO_SSL3_WRITE), "do_ssl3_write"}, {ERR_FUNC(SSL_F_DO_SSL3_WRITE), "do_ssl3_write"},
{ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "dtls1_buffer_record"}, {ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "dtls1_buffer_record"},
{ERR_FUNC(SSL_F_DTLS1_CHECK_TIMEOUT_NUM), "dtls1_check_timeout_num"}, {ERR_FUNC(SSL_F_DTLS1_CHECK_TIMEOUT_NUM), "dtls1_check_timeout_num"},
{ERR_FUNC(SSL_F_DTLS1_HEARTBEAT), "dtls1_heartbeat"},
{ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "dtls1_preprocess_fragment"}, {ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "dtls1_preprocess_fragment"},
{ERR_FUNC(SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS), {ERR_FUNC(SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS),
"dtls1_process_buffered_records"}, "dtls1_process_buffered_records"},
@ -620,10 +619,6 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
{ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME), "tlsv1 unrecognized name"}, {ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME), "tlsv1 unrecognized name"},
{ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION), {ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION),
"tlsv1 unsupported extension"}, "tlsv1 unsupported extension"},
{ERR_REASON(SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT),
"peer does not accept heartbeats"},
{ERR_REASON(SSL_R_TLS_HEARTBEAT_PENDING),
"heartbeat request already pending"},
{ERR_REASON(SSL_R_TLS_ILLEGAL_EXPORTER_LABEL), {ERR_REASON(SSL_R_TLS_ILLEGAL_EXPORTER_LABEL),
"tls illegal exporter label"}, "tls illegal exporter label"},
{ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST), {ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),

3
ssl/t1_trce.c
View file

@ -710,9 +710,6 @@ static int ssl_print_extension(BIO *bio, int indent, int server, int extype,
} }
break; break;
case TLSEXT_TYPE_heartbeat:
return 0;
case TLSEXT_TYPE_session_ticket: case TLSEXT_TYPE_session_ticket:
if (extlen != 0) if (extlen != 0)
ssl_print_hex(bio, indent + 4, "ticket", ext, extlen); ssl_print_hex(bio, indent + 4, "ticket", ext, extlen);

2
util/mkdef.pl
View file

@ -101,7 +101,7 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
# RFC3779 # RFC3779
"RFC3779", "RFC3779",
# TLS # TLS
"PSK", "SRP", "HEARTBEATS", "PSK", "SRP",
# CMS # CMS
"CMS", "CMS",
"OCSP", "OCSP",