New option SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS for disabling CBC vulnerability workaround (included in SSL_OP_ALL). PR: #90

commit: c21506ba024adb6d5655a92d61c1d3824e5dedcf [log] [tgz]
author: Bodo Möller <bodo@openssl.org> Fri Jun 14 12:21:11 2002 +0000
committer: Bodo Möller <bodo@openssl.org> Fri Jun 14 12:21:11 2002 +0000
tree: 96e66d9bbbab85cf0a0a317d051156e26df0386d
parent: 00f1628eaccac9be1f3941d20f387fa9a7063b30 [diff]
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 6dfef5c..72ac8b6 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c

@@ -378,13 +378,18 @@
 
 	ret = ssl3_generate_key_block(s,p,num);
 
-	/* enable vulnerability countermeasure for CBC ciphers with
-	 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) */
-	s->s3->need_empty_fragments = 1;
+	if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
+		{
+		/* enable vulnerability countermeasure for CBC ciphers with
+		 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
+		 */
+		s->s3->need_empty_fragments = 1;
+
 #ifndef OPENSSL_NO_RC4
-	if ((s->session->cipher != NULL) && ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4))
-		s->s3->need_empty_fragments = 0;
+		if ((s->session->cipher != NULL) && ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4))
+			s->s3->need_empty_fragments = 0;
 #endif
+		}
 
 	return ret;
 		

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 833f761..474e5a7 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h

@@ -429,6 +429,7 @@
 	struct ssl_session_st *prev,*next;
 	} SSL_SESSION;
 
+
 #define SSL_OP_MICROSOFT_SESS_ID_BUG			0x00000001L
 #define SSL_OP_NETSCAPE_CHALLENGE_BUG			0x00000002L
 #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG		0x00000008L
@@ -439,6 +440,19 @@
 #define SSL_OP_TLS_D5_BUG				0x00000100L
 #define SSL_OP_TLS_BLOCK_PADDING_BUG			0x00000200L
 
+/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
+ * in OpenSSL 0.9.6d.  Usually (depending on the application protocol)
+ * the workaround is not needed.  Unfortunately some broken SSL/TLS
+ * implementations cannot handle it at all, which is why we include
+ * it in SSL_OP_ALL. */
+#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS              0x00000800L /* added in 0.9.6e */
+
+/* SSL_OP_ALL: various bug workarounds that should be rather harmless.
+ *             This used to be 0x000FFFFFL before 0.9.7. */
+#define SSL_OP_ALL					0x00000FFFL
+
+/* As server, disallow session resumption on renegotiation */
+#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION	0x00010000L
 /* If set, always create a new key when using tmp_dh parameters */
 #define SSL_OP_SINGLE_DH_USE				0x00100000L
 /* Set to always use the tmp_rsa key when doing RSA operations,
@@ -452,8 +466,10 @@
  * (version 3.1) was announced in the client hello. Normally this is
  * forbidden to prevent version rollback attacks. */
 #define SSL_OP_TLS_ROLLBACK_BUG				0x00800000L
-/* As server, disallow session resumption on renegotiation */
-#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION	0x01000000L
+
+#define SSL_OP_NO_SSLv2					0x01000000L
+#define SSL_OP_NO_SSLv3					0x02000000L
+#define SSL_OP_NO_TLSv1					0x04000000L
 
 /* The next flag deliberately changes the ciphertest, this is a check
  * for the PKCS#1 attack */
@@ -461,11 +477,7 @@
 #define SSL_OP_PKCS1_CHECK_2				0x10000000L
 #define SSL_OP_NETSCAPE_CA_DN_BUG			0x20000000L
 #define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG		0x40000000L
-#define SSL_OP_ALL					0x000FFFFFL
 
-#define SSL_OP_NO_SSLv2					0x01000000L
-#define SSL_OP_NO_SSLv3					0x02000000L
-#define SSL_OP_NO_TLSv1					0x04000000L
 
 /* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
  * when just a single record has been written): */
@@ -479,6 +491,7 @@
  * is blocking: */
 #define SSL_MODE_AUTO_RETRY 0x00000004L
 
+
 /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
  * they cannot be used to clear bits. */
 

diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index b80525f..ecd2d6c 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c

@@ -483,13 +483,18 @@
 { int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }
 #endif
 
-	/* enable vulnerability countermeasure for CBC ciphers with
-	 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) */
-	s->s3->need_empty_fragments = 1;
+	if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
+		{
+		/* enable vulnerability countermeasure for CBC ciphers with
+		 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
+		 */
+		s->s3->need_empty_fragments = 1;
+
 #ifndef NO_RC4
-	if ((s->session->cipher != NULL) && ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4))
-		s->s3->need_empty_fragments = 0;
+		if ((s->session->cipher != NULL) && ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4))
+			s->s3->need_empty_fragments = 0;
 #endif
+		}
 		
 	return(1);
 err:
commit	c21506ba024adb6d5655a92d61c1d3824e5dedcf	[log] [tgz]
author	Bodo Möller <bodo@openssl.org>	Fri Jun 14 12:21:11 2002 +0000
committer	Bodo Möller <bodo@openssl.org>	Fri Jun 14 12:21:11 2002 +0000
tree	96e66d9bbbab85cf0a0a317d051156e26df0386d
parent	00f1628eaccac9be1f3941d20f387fa9a7063b30 [diff]