diff options
author | Tim Perry <pimterry@gmail.com> | 2024-04-16 15:40:21 +0200 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2024-04-22 13:23:28 +0100 |
commit | 972ee925b16fc3bc7ec71080c439e669754235ab (patch) | |
tree | 69a9654ce675a2d8e5903f979842488086cd3556 /ssl | |
parent | 6ee369cd6ec751c03879da56178e75e2691e08cb (diff) |
Use empty renegotiate extension instead of SCSV for TLS > 1.0
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24161)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/statem/extensions_clnt.c | 33 | ||||
-rw-r--r-- | ssl/statem/statem_clnt.c | 5 |
2 files changed, 33 insertions, 5 deletions
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 381a6c9d7b..77fe629132 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -16,10 +16,37 @@ EXT_RETURN tls_construct_ctos_renegotiate(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { - /* Add RI if renegotiating */ - if (!s->renegotiate) - return EXT_RETURN_NOT_SENT; + if (!s->renegotiate) { + /* If not renegotiating, send an empty RI extension to indicate support */ + +#if DTLS_MAX_VERSION_INTERNAL != DTLS1_2_VERSION +# error Internal DTLS version error +#endif + + if (!SSL_CONNECTION_IS_DTLS(s) + && (s->min_proto_version >= TLS1_3_VERSION + || (ssl_security(s, SSL_SECOP_VERSION, 0, TLS1_VERSION, NULL) + && s->min_proto_version <= TLS1_VERSION))) { + /* + * For TLS <= 1.0 SCSV is used instead, and for TLS 1.3 this + * extension isn't used at all. + */ + return EXT_RETURN_NOT_SENT; + } + + + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_renegotiate) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u8(pkt, 0) + || !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + return EXT_RETURN_SENT; + } + /* Add a complete RI extension if renegotiating */ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_renegotiate) || !WPACKET_start_sub_packet_u16(pkt) || !WPACKET_sub_memcpy_u8(pkt, s->s3.previous_client_finished, diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 7d8b140373..6f73d5f698 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -4064,8 +4064,9 @@ int ssl_cipher_list_to_bytes(SSL_CONNECTION *s, STACK_OF(SSL_CIPHER) *sk, int i; size_t totlen = 0, len, maxlen, maxverok = 0; int empty_reneg_info_scsv = !s->renegotiate - && (SSL_CONNECTION_IS_DTLS(s) - || s->min_proto_version < TLS1_3_VERSION); + && !SSL_CONNECTION_IS_DTLS(s) + && ssl_security(s, SSL_SECOP_VERSION, 0, TLS1_VERSION, NULL) + && s->min_proto_version <= TLS1_VERSION; SSL *ssl = SSL_CONNECTION_GET_SSL(s); /* Set disabled masks for this session */ |