From 6b0e9facf4a24553b01c536bb2981c8eb1b7c136 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Thu, 20 Sep 2001 22:54:09 +0000 Subject: New function SSL_renegotiate_pending(). New option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION. --- ssl/s3_srvr.c | 19 +++++++++++++++++-- ssl/ssl.h | 12 ++++++++++-- ssl/ssl_lib.c | 7 +++++++ 3 files changed, 34 insertions(+), 4 deletions(-) (limited to 'ssl') diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index dcc1b72c9b..94da180d08 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -524,7 +524,9 @@ int ssl3_accept(SSL *s) /* remove buffering on output */ ssl_free_wbio_buffer(s); - s->new_session=0; + if (s->new_session == 2) + s->new_session=0; + /* if s->new_session is still 1, we have only sent a HelloRequest */ s->init_num=0; ssl_update_cache(s,SSL_SESS_CACHE_SERVER); @@ -673,7 +675,15 @@ static int ssl3_get_client_hello(SSL *s) j= *(p++); s->hit=0; - if (j == 0) + /* Versions before 0.9.7 always allow session reuse during renegotiation + * (i.e. when s->new_session is true), option + * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is new with 0.9.7. + * Maybe this optional behaviour should always have been the default, + * but we cannot safely change the default behaviour (or new applications + * might be written that become totally unsecure when compiled with + * an earlier library version) + */ + if (j == 0 || (s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) { if (!ssl_get_new_session(s,1)) goto err; @@ -694,6 +704,11 @@ static int ssl3_get_client_hello(SSL *s) } } + if (s->new_session) + /* actually not necessarily a 'new' section unless + * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ + s->new_session = 2; + p+=j; n2s(p,i); if ((i == 0) && (j != 0)) diff --git a/ssl/ssl.h b/ssl/ssl.h index 88060ad6d8..8a8013463b 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -335,7 +335,8 @@ typedef struct ssl_session_st /* If set, always create a new key when using tmp_dh parameters */ #define SSL_OP_SINGLE_DH_USE 0x00100000L -/* Set to also use the tmp_rsa key when doing RSA operations. */ +/* Set to always use the tmp_rsa key when doing RSA operations, + * even when this violates protocol specs */ #define SSL_OP_EPHEMERAL_RSA 0x00200000L /* Set on servers to choose the cipher according to the server's * preferences */ @@ -345,6 +346,8 @@ typedef struct ssl_session_st * (version 3.1) was announced in the client hello. Normally this is * forbidden to prevent version rollback attacks. */ #define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L +/* As server, disallow session resumption on renegotiation */ +#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x01000000L /* The next flag deliberately changes the ciphertest, this is a check * for the PKCS#1 attack */ @@ -640,7 +643,11 @@ struct ssl_st int server; /* are we the server side? - mostly used by SSL_clear*/ - int new_session;/* 1 if we are to use a new session */ + int new_session;/* 1 if we are to use a new session, + * (sometimes 2 after a new session has in fact been assigned). + * NB: For servers, the 'new' session may actually be a previously + * cached session or even the previous session unless + * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ int quiet_shutdown;/* don't send shutdown packets */ int shutdown; /* we have shut things down, 0x01 sent, 0x02 * for received */ @@ -1157,6 +1164,7 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s); int SSL_do_handshake(SSL *s); int SSL_renegotiate(SSL *s); +int SSL_renegotiate_pending(SSL *s); int SSL_shutdown(SSL *s); SSL_METHOD *SSL_get_ssl_method(SSL *s); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 89c3c2d4f4..f5512c465e 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -836,6 +836,13 @@ int SSL_renegotiate(SSL *s) return(s->method->ssl_renegotiate(s)); } +int SSL_renegotiate_pending(SSL *s) + { + /* becomes true when negotiation is requested; + * false again once a handshake has finished */ + return (s->new_session != 0); + } + long SSL_ctrl(SSL *s,int cmd,long larg,char *parg) { long l; -- cgit v1.2.3