diff options
author | Todd Short <tshort@akamai.com> | 2017-05-10 16:46:14 -0400 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-06-06 22:39:41 +0100 |
commit | db0f35dda18403accabe98e7780f3dfc516f49de (patch) | |
tree | 68a7b32f8f99c5624e2d0bb1089f6bf34047f01f /ssl | |
parent | 270d65fa34caa974fb27c9b161b0c9b6cd806c76 (diff) |
Fix #2400 Add NO_RENEGOTIATE option
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3432)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/record/rec_layer_s3.c | 6 | ||||
-rw-r--r-- | ssl/ssl_conf.c | 4 | ||||
-rw-r--r-- | ssl/ssl_err.c | 2 | ||||
-rw-r--r-- | ssl/ssl_lib.c | 18 | ||||
-rw-r--r-- | ssl/statem/extensions_srvr.c | 1 | ||||
-rw-r--r-- | ssl/statem/statem_clnt.c | 5 | ||||
-rw-r--r-- | ssl/statem/statem_lib.c | 4 | ||||
-rw-r--r-- | ssl/statem/statem_srvr.c | 4 |
8 files changed, 37 insertions, 7 deletions
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 01caf4c372..045a74c113 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -1433,13 +1433,15 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, */ if (s->server && SSL_is_init_finished(s) && - !s->s3->send_connection_binding && (s->version > SSL3_VERSION) && !SSL_IS_TLS13(s) && + (SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) && (s->rlayer.handshake_fragment_len >= 4) && (s->rlayer.handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) && (s->session != NULL) && (s->session->cipher != NULL) && - !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) { + ((!s->s3->send_connection_binding && + !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) || + (s->options & SSL_OP_NO_RENEGOTIATION))) { SSL3_RECORD_set_length(rr, 0); SSL3_RECORD_set_read(rr); ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 484bb61feb..41c7ff7d83 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -358,6 +358,7 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value) SSL_FLAG_TBL("UnsafeLegacyRenegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION), SSL_FLAG_TBL_INV("EncryptThenMac", SSL_OP_NO_ENCRYPT_THEN_MAC), + SSL_FLAG_TBL("NoRenegotiation", SSL_OP_NO_RENEGOTIATION), }; if (value == NULL) return -3; @@ -573,6 +574,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = { SSL_CONF_CMD_SWITCH("serverpref", SSL_CONF_FLAG_SERVER), SSL_CONF_CMD_SWITCH("legacy_renegotiation", 0), SSL_CONF_CMD_SWITCH("legacy_server_connect", SSL_CONF_FLAG_SERVER), + SSL_CONF_CMD_SWITCH("no_renegotiation", 0), SSL_CONF_CMD_SWITCH("no_resumption_on_reneg", SSL_CONF_FLAG_SERVER), SSL_CONF_CMD_SWITCH("no_legacy_server_connect", SSL_CONF_FLAG_SERVER), SSL_CONF_CMD_SWITCH("strict", 0), @@ -639,6 +641,8 @@ static const ssl_switch_tbl ssl_cmd_switches[] = { {SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, 0}, /* legacy_server_connect */ {SSL_OP_LEGACY_SERVER_CONNECT, 0}, + /* no_renegotiation */ + {SSL_OP_NO_RENEGOTIATION, 0}, /* no_resumption_on_reneg */ {SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION, 0}, /* no_legacy_server_connect */ diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index e334b00370..7152fa2701 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -216,6 +216,8 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_SSL_READ_EX), "SSL_read_ex"}, {ERR_FUNC(SSL_F_SSL_READ_INTERNAL), "ssl_read_internal"}, {ERR_FUNC(SSL_F_SSL_RENEGOTIATE), "SSL_renegotiate"}, + {ERR_FUNC(SSL_F_SSL_RENEGOTIATE_ABBREVIATED), + "SSL_renegotiate_abbreviated"}, {ERR_FUNC(SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT), "ssl_scan_clienthello_tlsext"}, {ERR_FUNC(SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT), diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 028b69da08..e90c4b8732 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1922,9 +1922,12 @@ int SSL_renegotiate(SSL *s) return 0; } - if (s->renegotiate == 0) - s->renegotiate = 1; + if ((s->options & SSL_OP_NO_RENEGOTIATION)) { + SSLerr(SSL_F_SSL_RENEGOTIATE, SSL_R_NO_RENEGOTIATION); + return 0; + } + s->renegotiate = 1; s->new_session = 1; return (s->method->ssl_renegotiate(s)); @@ -1932,12 +1935,17 @@ int SSL_renegotiate(SSL *s) int SSL_renegotiate_abbreviated(SSL *s) { - if (SSL_IS_TLS13(s)) + if (SSL_IS_TLS13(s)) { + SSLerr(SSL_F_SSL_RENEGOTIATE_ABBREVIATED, SSL_R_WRONG_SSL_VERSION); return 0; + } - if (s->renegotiate == 0) - s->renegotiate = 1; + if ((s->options & SSL_OP_NO_RENEGOTIATION)) { + SSLerr(SSL_F_SSL_RENEGOTIATE_ABBREVIATED, SSL_R_NO_RENEGOTIATION); + return 0; + } + s->renegotiate = 1; s->new_session = 0; return (s->method->ssl_renegotiate(s)); diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 95bacdffc4..fe181abad0 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -817,6 +817,7 @@ EXT_RETURN tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt, if (!s->s3->send_connection_binding) return EXT_RETURN_NOT_SENT; + /* Still add this even if SSL_OP_NO_RENEGOTIATION is set */ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_renegotiate) || !WPACKET_start_sub_packet_u16(pkt) || !WPACKET_start_sub_packet_u8(pkt) diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index d4382e89cc..020589f1b1 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -3454,6 +3454,11 @@ MSG_PROCESS_RETURN tls_process_hello_req(SSL *s, PACKET *pkt) return MSG_PROCESS_ERROR; } + if ((s->options & SSL_OP_NO_RENEGOTIATION)) { + ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); + return MSG_PROCESS_FINISHED_READING; + } + /* * This is a historical discrepancy (not in the RFC) maintained for * compatibility reasons. If a TLS client receives a HelloRequest it will diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index c2b14853c2..29fb9dcf1f 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -116,6 +116,10 @@ int tls_setup_handshake(SSL *s) } if (SSL_IS_FIRST_HANDSHAKE(s)) { s->ctx->stats.sess_accept++; + } else if ((s->options & SSL_OP_NO_RENEGOTIATION)) { + /* Renegotiation is disabled */ + ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); + return 0; } else if (!s->s3->send_connection_binding && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) { diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 02c6e569d8..c26c93bdc9 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1246,6 +1246,10 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) } /* Check if this is actually an unexpected renegotiation ClientHello */ if (s->renegotiate == 0 && !SSL_IS_FIRST_HANDSHAKE(s)) { + if ((s->options & SSL_OP_NO_RENEGOTIATION)) { + ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); + goto err; + } s->renegotiate = 1; s->new_session = 1; } |