diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-09-30 22:10:29 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2014-10-10 13:23:29 +0100 |
commit | f3014206a29b08b664bb9655ddcb0a752d29b2e0 (patch) | |
tree | bc0d22138685cd5715259beede0ec799107d9f04 /ssl | |
parent | e0fdea3e49e7454aa76bd5ecf3a3747641354c68 (diff) |
Disable encrypt them mac for SSL 3.0 and stream ciphers (RC4 only).
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/t1_lib.c | 26 |
1 files changed, 18 insertions, 8 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index dc108aa894..d0602fb1ea 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1485,8 +1485,11 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c if (!custom_ext_add(s, 0, &ret, limit, al)) return NULL; #ifdef TLSEXT_TYPE_encrypt_then_mac - s2n(TLSEXT_TYPE_encrypt_then_mac,ret); - s2n(0,ret); + if (s->version != SSL3_VERSION) + { + s2n(TLSEXT_TYPE_encrypt_then_mac,ret); + s2n(0,ret); + } #endif /* Add padding to workaround bugs in F5 terminators. @@ -1719,10 +1722,12 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c #ifdef TLSEXT_TYPE_encrypt_then_mac if (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC) { - /* Don't use encrypt_then_mac if AEAD: might want - * to disable for other ciphersuites too. + /* Don't use encrypt_then_mac if AEAD, RC4 or SSL 3.0: + * might want to disable for other cases too. */ - if (s->s3->tmp.new_cipher->algorithm_mac == SSL_AEAD) + if (s->s3->tmp.new_cipher->algorithm_mac == SSL_AEAD + || s->s3->tmp.new_cipher->algorithm_enc == SSL_RC4 + || s->version == SSL3_VERSION) s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC; else { @@ -2436,7 +2441,10 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char } #ifdef TLSEXT_TYPE_encrypt_then_mac else if (type == TLSEXT_TYPE_encrypt_then_mac) - s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC; + { + if (s->version != SSL3_VERSION) + s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC; + } #endif /* If this ClientHello extension was unhandled and this is * a nonresumed connection, check whether the extension is a @@ -2777,8 +2785,10 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char #ifdef TLSEXT_TYPE_encrypt_then_mac else if (type == TLSEXT_TYPE_encrypt_then_mac) { - /* Ignore if inappropriate ciphersuite */ - if (s->s3->tmp.new_cipher->algorithm_mac != SSL_AEAD) + /* Ignore if inappropriate ciphersuite or SSL 3.0 */ + if (s->s3->tmp.new_cipher->algorithm_mac != SSL_AEAD + && s->s3->tmp.new_cipher->algorithm_enc != SSL_RC4 + && s->version != SSL3_VERSION) s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC; } #endif |