diff options
author | Jack Lloyd <lloyd@randombit.net> | 2016-10-08 23:40:33 -0400 |
---|---|---|
committer | Jack Lloyd <lloyd@randombit.net> | 2016-10-08 23:40:33 -0400 |
commit | 4d1f71b1aa66ec915dd7ce7eab462f1a1faa17b2 (patch) | |
tree | f5572e9db93c8ef51bee535a732885fbecbf1832 /src/lib/tls | |
parent | 62cd6e3651711f759f870460599596ff5be904a5 (diff) |
Make TLS CBC optional
Diffstat (limited to 'src/lib/tls')
-rw-r--r-- | src/lib/tls/info.txt | 1 | ||||
-rw-r--r-- | src/lib/tls/tls_cbc/info.txt | 5 | ||||
-rw-r--r-- | src/lib/tls/tls_cbc/tls_cbc.cpp (renamed from src/lib/tls/tls_cbc.cpp) | 0 | ||||
-rw-r--r-- | src/lib/tls/tls_cbc/tls_cbc.h (renamed from src/lib/tls/tls_cbc.h) | 0 | ||||
-rw-r--r-- | src/lib/tls/tls_ciphersuite.cpp | 5 | ||||
-rw-r--r-- | src/lib/tls/tls_record.cpp | 9 |
6 files changed, 18 insertions, 2 deletions
diff --git a/src/lib/tls/info.txt b/src/lib/tls/info.txt index ad0d266fa..667726318 100644 --- a/src/lib/tls/info.txt +++ b/src/lib/tls/info.txt @@ -22,7 +22,6 @@ tls_version.h </header:public> <header:internal> -tls_cbc.h tls_extensions.h tls_handshake_hash.h tls_handshake_io.h diff --git a/src/lib/tls/tls_cbc/info.txt b/src/lib/tls/tls_cbc/info.txt new file mode 100644 index 000000000..0a2827e71 --- /dev/null +++ b/src/lib/tls/tls_cbc/info.txt @@ -0,0 +1,5 @@ +define TLS_CBC 20161008 + +<header:internal> +tls_cbc.h +</header:internal> diff --git a/src/lib/tls/tls_cbc.cpp b/src/lib/tls/tls_cbc/tls_cbc.cpp index c7203003b..c7203003b 100644 --- a/src/lib/tls/tls_cbc.cpp +++ b/src/lib/tls/tls_cbc/tls_cbc.cpp diff --git a/src/lib/tls/tls_cbc.h b/src/lib/tls/tls_cbc/tls_cbc.h index 90b54bb5a..90b54bb5a 100644 --- a/src/lib/tls/tls_cbc.h +++ b/src/lib/tls/tls_cbc/tls_cbc.h diff --git a/src/lib/tls/tls_ciphersuite.cpp b/src/lib/tls/tls_ciphersuite.cpp index 9a52e0e0e..aa00334c5 100644 --- a/src/lib/tls/tls_ciphersuite.cpp +++ b/src/lib/tls/tls_ciphersuite.cpp @@ -78,6 +78,11 @@ bool Ciphersuite::is_usable() const if(!have_hash(prf_algo())) return false; +#if !defined(BOTAN_HAS_TLS_CBC) + if(cbc_ciphersuite()) + return false; +#endif + if(mac_algo() == "AEAD") { if(cipher_algo() == "ChaCha20Poly1305") diff --git a/src/lib/tls/tls_record.cpp b/src/lib/tls/tls_record.cpp index 0bee24e34..5eef2b4e2 100644 --- a/src/lib/tls/tls_record.cpp +++ b/src/lib/tls/tls_record.cpp @@ -13,11 +13,14 @@ #include <botan/loadstor.h> #include <botan/internal/tls_seq_numbers.h> #include <botan/internal/tls_session_key.h> -#include <botan/internal/tls_cbc.h> #include <botan/internal/rounding.h> #include <botan/internal/ct_utils.h> #include <botan/rng.h> +#if defined(BOTAN_HAS_TLS_CBC) + #include <botan/internal/tls_cbc.h> +#endif + namespace Botan { namespace TLS { @@ -70,6 +73,7 @@ Connection_Cipher_State::Connection_Cipher_State(Protocol_Version version, } else { +#if defined(BOTAN_HAS_TLS_CBC) // legacy CBC+HMAC mode if(our_side) { @@ -99,6 +103,9 @@ Connection_Cipher_State::Connection_Cipher_State(Protocol_Version version, m_nonce_bytes_from_record = m_nonce_bytes_from_handshake; else if(our_side == false) m_aead->start(iv.bits_of()); +#else + throw Exception("Negotiated disabled TLS CBC+HMAC ciphersuite"); +#endif } } |