diff options
| author | Bodo Möller <bodo@openssl.org> | 2002-06-14 12:19:34 +0000 |
|---|---|---|
| committer | Bodo Möller <bodo@openssl.org> | 2002-06-14 12:19:34 +0000 |
| commit | 32a76f2c75fd9e6bd126e43e0220f3830ffaa805 (patch) | |
| tree | 1e5f2aaf00ebfbd3da2f9b4c35e4fbd316ee16d5 /ssl | |
| parent | 578c1cdefaf1416214140173c6770dd953b57672 (diff) | |
New option SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS for disabling CBC
vulnerability workaround (included in SSL_OP_ALL).
PR: #90
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/s3_enc.c | 15 | ||||
| -rw-r--r-- | ssl/ssl.h | 22 | ||||
| -rw-r--r-- | ssl/t1_enc.c | 15 |
3 files changed, 38 insertions, 14 deletions
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index d9a161ad8b..1944814ca7 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -361,13 +361,18 @@ int ssl3_setup_key_block(SSL *s) ssl3_generate_key_block(s,p,num); - /* enable vulnerability countermeasure for CBC ciphers with - * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) */ - s->s3->need_empty_fragments = 1; + if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) + { + /* enable vulnerability countermeasure for CBC ciphers with + * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) + */ + s->s3->need_empty_fragments = 1; + #ifndef NO_RC4 - if ((s->session->cipher != NULL) && ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)) - s->s3->need_empty_fragments = 0; + if ((s->session->cipher != NULL) && ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)) + s->s3->need_empty_fragments = 0; #endif + } return(1); err: @@ -350,6 +350,7 @@ typedef struct ssl_session_st struct ssl_session_st *prev,*next; } SSL_SESSION; + #define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L #define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L @@ -361,11 +362,27 @@ typedef struct ssl_session_st #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L #define SSL_OP_TLS_ROLLBACK_BUG 0x00000400L +/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added + * in OpenSSL 0.9.6d. Usually (depending on the application protocol) + * the workaround is not needed. Unfortunately some broken SSL/TLS + * implementations cannot handle it at all, which is why we include + * it in SSL_OP_ALL. */ +#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L /* added in 0.9.6e */ + +/* SSL_OP_ALL: various bug workarounds that should be rather harmless */ +#define SSL_OP_ALL 0x000FFFFFL + +/* As server, disallow session resumption on renegotiation */ +#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L /* If set, always create a new key when using tmp_dh parameters */ #define SSL_OP_SINGLE_DH_USE 0x00100000L /* Set to also use the tmp_rsa key when doing RSA operations. */ #define SSL_OP_EPHEMERAL_RSA 0x00200000L +#define SSL_OP_NO_SSLv2 0x01000000L +#define SSL_OP_NO_SSLv3 0x02000000L +#define SSL_OP_NO_TLSv1 0x04000000L + /* The next flag deliberately changes the ciphertest, this is a check * for the PKCS#1 attack */ #define SSL_OP_PKCS1_CHECK_1 0x08000000L @@ -374,11 +391,7 @@ typedef struct ssl_session_st /* SSL_OP_NON_EXPORT_FIRST looks utterly broken .. */ #define SSL_OP_NON_EXPORT_FIRST 0x40000000L #define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x80000000L -#define SSL_OP_ALL 0x000FFFFFL -#define SSL_OP_NO_SSLv2 0x01000000L -#define SSL_OP_NO_SSLv3 0x02000000L -#define SSL_OP_NO_TLSv1 0x04000000L /* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success * when just a single record has been written): */ @@ -392,6 +405,7 @@ typedef struct ssl_session_st * is blocking: */ #define SSL_MODE_AUTO_RETRY 0x00000004L + /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, * they cannot be used to clear bits. */ diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index b752e891c3..000bfa7248 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -433,13 +433,18 @@ printf("\nkey block\n"); { int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); } #endif - /* enable vulnerability countermeasure for CBC ciphers with - * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) */ - s->s3->need_empty_fragments = 1; + if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) + { + /* enable vulnerability countermeasure for CBC ciphers with + * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) + */ + s->s3->need_empty_fragments = 1; + #ifndef NO_RC4 - if ((s->session->cipher != NULL) && ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)) - s->s3->need_empty_fragments = 0; + if ((s->session->cipher != NULL) && ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)) + s->s3->need_empty_fragments = 0; #endif + } return(1); err: |