polarssl: disable 1/n-1 record splitting

Disable record splitting (for now).  OpenVPN assumes records are sent
unfragmented, which is no longer a valid assumption when record splitting
is enabled (which polarssl/mbedtls did in 1.3.10, see trac #524).
Changing the code to deal with record splitting will require intrusive
changes that need thorough review and testing.  Since OpenVPN is not
susceptible to BEAST (the data transmitted over the control channel is
very hard to influence for a remote attacker), we can just disable record
splitting as a quick fix.  This gives us the time to develop a proper
solution in the mean time, and test that thoroughly.

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1430766398-17209-1-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9646
Signed-off-by: Gert Doering <gert@greenie.muc.de>

1 files changed, 8 insertions, 0 deletions

diff --git a/src/openvpn/ssl_polarssl.c b/src/openvpn/ssl_polarssl.c
index cb282d9..dd0fab0 100644
--- a/src/openvpn/ssl_polarssl.c
+++ b/src/openvpn/ssl_polarssl.c
@@ -738,6 +738,14 @@ void key_state_ssl_init(struct key_state_ssl *ks_ssl,
       if (ssl_ctx->allowed_ciphers)
 	ssl_set_ciphersuites (ks_ssl->ctx, ssl_ctx->allowed_ciphers);
 
+      /* Disable record splitting (for now).  OpenVPN assumes records are sent
+       * unfragmented, and changing that will require thorough review and
+       * testing.  Since OpenVPN is not susceptible to BEAST, we can just
+       * disable record splitting as a quick fix. */
+#if defined(POLARSSL_SSL_CBC_RECORD_SPLITTING)
+      ssl_set_cbc_record_splitting (ks_ssl->ctx, SSL_CBC_RECORD_SPLITTING_DISABLED);
+#endif /* POLARSSL_SSL_CBC_RECORD_SPLITTING */
+
       /* Initialise authentication information */
       if (is_server)
 	ssl_set_dh_param_ctx (ks_ssl->ctx, ssl_ctx->dhm_ctx );