Google Git
Sign in
boringssl / boringssl.git / ef5e515819bdaa1e4f8e2421ce00a046cefaa312^! / . / ssl / s3_srvr.c
commitef5e515819bdaa1e4f8e2421ce00a046cefaa312[log] [tgz]
authorDavid Benjamin <davidben@chromium.org>Wed Nov 18 20:35:31 2015 -0500
committerAdam Langley <agl@google.com>Tue Dec 15 19:11:41 2015 +0000
tree66009b1386b782cab60bda8f71876e614cbd5a92
parentc100ef43790a0f3da3018325fe1486f6fe2558f1 [diff] [blame]
Remove SSL_OP_TLS_D5_BUG.

This dates to SSLeay 0.9.0. The Internet seems to have completely
forgotten what "D5" is. (I can't find reference to it beyond
documentation of this quirk.) The use counter we added sees virtually no
hits.

Change-Id: I9781d401acb98ce3790b1b165fc257a6f5e9b155
Reviewed-on: https://boringssl-review.googlesource.com/6557
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index b5ec1b5..ae6f391 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c

@@ -1587,16 +1587,6 @@
   return -1;
 }
 
-static struct CRYPTO_STATIC_MUTEX g_d5_bug_lock = CRYPTO_STATIC_MUTEX_INIT;
-static uint64_t g_d5_bug_use_count = 0;
-
-uint64_t OPENSSL_get_d5_bug_use_count(void) {
-  CRYPTO_STATIC_MUTEX_lock_read(&g_d5_bug_lock);
-  uint64_t ret = g_d5_bug_use_count;
-  CRYPTO_STATIC_MUTEX_unlock(&g_d5_bug_lock);
-  return ret;
-}
-
 int ssl3_get_client_key_exchange(SSL *s) {
   int al;
   CBS client_key_exchange;
@@ -1702,22 +1692,13 @@
       }
       /* TLS and [incidentally] DTLS{0xFEFF} */
       if (s->version > SSL3_VERSION) {
-        CBS copy = client_key_exchange;
         if (!CBS_get_u16_length_prefixed(&client_key_exchange,
                                          &encrypted_premaster_secret) ||
             CBS_len(&client_key_exchange) != 0) {
-          if (!(s->options & SSL_OP_TLS_D5_BUG)) {
-            al = SSL_AD_DECODE_ERROR;
-            OPENSSL_PUT_ERROR(SSL,
-                              SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
-            goto f_err;
-          } else {
-            CRYPTO_STATIC_MUTEX_lock_write(&g_d5_bug_lock);
-            g_d5_bug_use_count++;
-            CRYPTO_STATIC_MUTEX_unlock(&g_d5_bug_lock);
-
-            encrypted_premaster_secret = copy;
-          }
+          al = SSL_AD_DECODE_ERROR;
+          OPENSSL_PUT_ERROR(SSL,
+                            SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
+          goto f_err;
         }
       } else {
         encrypted_premaster_secret = client_key_exchange;