From 030a9b3ed0746d9b6432c851e3d0be1c66d4fb92 Mon Sep 17 00:00:00 2001 From: Christos Tsantilas Date: Sun, 31 Oct 2021 07:14:40 +0000 Subject: [PATCH] Remove step2+ stare-and-splice and peek-and-bump support (#926) Support for these features was successfully disabled (at build time) for five years. See commit 88a300c for the list of reasons. We did not even provide an ./configure --enable-... option for it. The corresponding code does not compile with modern OpenSSL versions, but its mere presence complicates related code logic and significantly increases related development efforts. This code is not worth keeping. This is a Measurement Factory project. --- acinclude/lib-checks.m4 | 42 --------------- configure.ac | 1 - src/ssl/bio.cc | 116 ---------------------------------------- 3 files changed, 159 deletions(-) diff --git a/acinclude/lib-checks.m4 b/acinclude/lib-checks.m4 index c75a870412..b614810fd7 100644 --- a/acinclude/lib-checks.m4 +++ b/acinclude/lib-checks.m4 @@ -392,45 +392,3 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[ SQUID_STATE_ROLLBACK(check_TXTDB) ]) -dnl Check if we can rewrite the hello message stored in an SSL object. -dnl The tests are very basic, just check if the required members exist in -dnl SSL structure. -AC_DEFUN([SQUID_CHECK_OPENSSL_HELLO_OVERWRITE_HACK],[ - AH_TEMPLATE(SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK, "Define to 1 if hello message can be overwritten in SSL struct") - SQUID_STATE_SAVE(check_openSSL_overwrite_hack) - AC_MSG_CHECKING(whether hello message can be overwritten in SSL struct) - - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM( - [ - #include - #include - #include - ], - [ - SSL *ssl; - char *random, *msg; - memcpy(ssl->s3->client_random, random, SSL3_RANDOM_SIZE); - SSL3_BUFFER *wb=&(ssl->s3->wbuf); - assert(wb->len == 0); - memcpy(wb->buf, msg, 0); - assert(wb->left == 0); - memcpy(ssl->init_buf->data, msg, 0); - ssl->init_num = 0; - ssl->s3->wpend_ret = 0; - ssl->s3->wpend_tot = 0; - SSL_CIPHER *cipher = 0; - assert(SSL_CIPHER_get_id(cipher)); - ]) - ], - [ - AC_MSG_RESULT([possibly; to try, set SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK macro value to 1]) - ], - [ - AC_MSG_RESULT([no]) - ], - []) - -SQUID_STATE_ROLLBACK(check_openSSL_overwrite_hack) -] -) diff --git a/configure.ac b/configure.ac index 2e70d6419c..97114ae64e 100644 --- a/configure.ac +++ b/configure.ac @@ -1379,7 +1379,6 @@ if test "x$with_openssl" = "xyes"; then SQUID_CHECK_OPENSSL_CONST_SSL_SESSION_CB_ARG SQUID_CHECK_OPENSSL_CONST_X509_GET0_SIGNATURE_ARGS SQUID_CHECK_OPENSSL_TXTDB - SQUID_CHECK_OPENSSL_HELLO_OVERWRITE_HACK fi if test "x$SSLLIB" = "x"; then AC_MSG_ERROR([Required OpenSSL library not found]) diff --git a/src/ssl/bio.cc b/src/ssl/bio.cc index 5bf35648ea..8d01e4426a 100644 --- a/src/ssl/bio.cc +++ b/src/ssl/bio.cc @@ -350,115 +350,6 @@ Ssl::ServerBio::giveBuffered(char *buf, const int size) return bytes; } -// This function makes the required checks to examine if the client hello -// message is compatible with the features provided by OpenSSL toolkit. -// If the features are compatible and can be supported it tries to rewrite SSL -// structure members, to replace the hello message created by openSSL, with the -// web client SSL hello message. -// This is mostly possible in the cases where the web client uses openSSL -// library similar with this one used by squid. -static bool -adjustSSL(SSL *ssl, Security::TlsDetails::Pointer const &details, SBuf &helloMessage) -{ -#if SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK - if (!details) - return false; - - if (!ssl->s3) { - debugs(83, 5, "No SSLv3 data found!"); - return false; - } - - // If the client supports compression but our context does not support - // we can not adjust. -#if !defined(OPENSSL_NO_COMP) - const bool requireCompression = (details->compressionSupported && ssl->ctx->comp_methods == nullptr); -#else - const bool requireCompression = details->compressionSupported; -#endif - if (requireCompression) { - debugs(83, 5, "Client Hello Data supports compression, but we do not!"); - return false; - } - -#if !defined(SSL_TLSEXT_HB_ENABLED) - if (details->doHeartBeats) { - debugs(83, 5, "Client Hello Data supports HeartBeats but we do not support!"); - return false; - } -#endif - - if (details->unsupportedExtensions) { - debugs(83, 5, "Client Hello contains extensions that we do not support!"); - return false; - } - - SSL3_BUFFER *wb=&(ssl->s3->wbuf); - if (wb->len < (size_t)helloMessage.length()) { - debugs(83, 5, "Client Hello exceeds OpenSSL buffer: " << helloMessage.length() << " >= " << wb->len); - return false; - } - - /* Check whether all on-the-wire ciphers are supported by OpenSSL. */ - - const auto &wireCiphers = details->ciphers; - Security::TlsDetails::Ciphers::size_type ciphersToFind = wireCiphers.size(); - - // RFC 5746: "TLS_EMPTY_RENEGOTIATION_INFO_SCSV is not a true cipher suite". - // It is commonly seen on the wire, including in from-OpenSSL traffic, but - // SSL_get_ciphers() does not return this _pseudo_ cipher suite in my tests. - // If OpenSSL supports scsvCipher, we count it (at most once) further below. -#if defined(TLSEXT_TYPE_renegotiate) - // the 0x00FFFF mask converts 3-byte OpenSSL cipher to our 2-byte cipher - const uint16_t scsvCipher = SSL3_CK_SCSV & 0x00FFFF; -#else - const uint16_t scsvCipher = 0; -#endif - - STACK_OF(SSL_CIPHER) *cipher_stack = SSL_get_ciphers(ssl); - const int supportedCipherCount = sk_SSL_CIPHER_num(cipher_stack); - for (int idx = 0; idx < supportedCipherCount && ciphersToFind > 0; ++idx) { - const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(cipher_stack, idx); - const auto id = SSL_CIPHER_get_id(cipher) & 0x00FFFF; - if (wireCiphers.find(id) != wireCiphers.end() && (!scsvCipher || id != scsvCipher)) - --ciphersToFind; - } - - if (ciphersToFind > 0 && scsvCipher && wireCiphers.find(scsvCipher) != wireCiphers.end()) - --ciphersToFind; - - if (ciphersToFind > 0) { - // TODO: Add slowlyReportUnsupportedCiphers() to slowly find and report each of them - debugs(83, 5, "Client Hello Data has " << ciphersToFind << " ciphers that we do not support!"); - return false; - } - - debugs(83, 5, "OpenSSL SSL struct will be adjusted to mimic client hello data!"); - - //Adjust ssl structure data. - // We need to fix the random in SSL struct: - if (details->clientRandom.length() == SSL3_RANDOM_SIZE) - memcpy(ssl->s3->client_random, details->clientRandom.c_str(), SSL3_RANDOM_SIZE); - memcpy(wb->buf, helloMessage.rawContent(), helloMessage.length()); - wb->left = helloMessage.length(); - - size_t mainHelloSize = helloMessage.length() - 5; - const char *mainHello = helloMessage.rawContent() + 5; - assert((size_t)ssl->init_buf->max > mainHelloSize); - memcpy(ssl->init_buf->data, mainHello, mainHelloSize); - debugs(83, 5, "Hello Data init and adjustd sizes :" << ssl->init_num << " = "<< mainHelloSize); - ssl->init_num = mainHelloSize; - ssl->s3->wpend_ret = mainHelloSize; - ssl->s3->wpend_tot = mainHelloSize; - return true; -#else - (void)ssl; - (void)details; - (void)helloMessage; - return false; -#endif -} - int Ssl::ServerBio::write(const char *buf, int size, BIO *table) { @@ -485,19 +376,12 @@ Ssl::ServerBio::write(const char *buf, int size, BIO *table) if (bumpMode_ == Ssl::bumpPeek) { // we should not be here if we failed to parse the client-sent ClientHello Must(!clientSentHello.isEmpty()); - if (adjustSSL(ssl, clientTlsDetails, clientSentHello)) - allowBump = true; allowSplice = true; // Replace OpenSSL-generated ClientHello with client-sent one. helloMsg.append(clientSentHello); debugs(83, 7, "FD " << fd_ << ": Using client-sent ClientHello for peek mode"); } else { /*Ssl::bumpStare*/ allowBump = true; - if (!clientSentHello.isEmpty() && adjustSSL(ssl, clientTlsDetails, clientSentHello)) { - allowSplice = true; - helloMsg.append(clientSentHello); - debugs(83, 7, "FD " << fd_ << ": Using client-sent ClientHello for stare mode"); - } } } // if we did not use the client-sent ClientHello, then use the OpenSSL-generated one -- 2.39.5