diff options
| author | jsing <> | 2025-03-12 14:03:55 +0000 |
|---|---|---|
| committer | jsing <> | 2025-03-12 14:03:55 +0000 |
| commit | cc5a28ea6d2a0de9bcd56f07684bdc53cdfd10af (patch) | |
| tree | 115a09cea80866af43519a40dfdd3e9409e4cc96 /src/lib/libssl/d1_pkt.c | |
| parent | 93373bbf82b95dab0336951cf191b5fecde0597c (diff) | |
| download | openbsd-cc5a28ea6d2a0de9bcd56f07684bdc53cdfd10af.tar.gz openbsd-cc5a28ea6d2a0de9bcd56f07684bdc53cdfd10af.tar.bz2 openbsd-cc5a28ea6d2a0de9bcd56f07684bdc53cdfd10af.zip | |
Provide SSL_OP_NO_RENEGOTIATION and SSL_OP_ALLOW_CLIENT_RENEGOTIATION.
In January 2017 we added SSL_OP_NO_CLIENT_RENEGOTIATION, which results in a
SSL_AD_NO_RENEGOTIATION fatal alert if a ClientHello message is seen on an
active connection (client initiated renegotation). Then in May 2017 OpenSSL
added SSL_OP_NO_RENEGOTIATION, which results in a SSL_AD_NO_RENEGOTIATION
warning alert if a server receives a ClientHello on an active connection
(client initiated renegotation), or a client receives a HelloRequest
(server requested renegotation). This option also causes calls to
SSL_renegotiate() and SSL_renegotiate_abbreviated() to fail. Then in 2021,
OpenSSL also added SSL_OP_ALLOW_CLIENT_RENEGOTIATION, which trumps
SSL_OP_NO_RENEGOTIATION but only for incoming ClientHello messages
(apparently unsetting SSL_OP_NO_RENEGOTIATION is too hard).
Provide SSL_OP_NO_RENEGOTIATION and SSL_OP_ALLOW_CLIENT_RENEGOTIATION,
primarily to make life easier for ports. If SSL_OP_NO_CLIENT_RENEGOTIATION
is set it will take precedence and render SSL_OP_ALLOW_CLIENT_RENEGOTIATION
ineffective. The rest of the behaviour should match OpenSSL, with the
exception of ClientHellos triggering fatal alerts instead of warnings.
ok tb@
Diffstat (limited to 'src/lib/libssl/d1_pkt.c')
| -rw-r--r-- | src/lib/libssl/d1_pkt.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c index cf32ca8cd6..8ba0bb0bcf 100644 --- a/src/lib/libssl/d1_pkt.c +++ b/src/lib/libssl/d1_pkt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_pkt.c,v 1.129 2024/07/20 04:04:23 jsing Exp $ */ | 1 | /* $OpenBSD: d1_pkt.c,v 1.130 2025/03/12 14:03:55 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -592,6 +592,12 @@ dtls1_read_handshake_unexpected(SSL *s) | |||
| 592 | tls_content_clear(s->s3->rcontent); | 592 | tls_content_clear(s->s3->rcontent); |
| 593 | s->s3->rrec.length = 0; | 593 | s->s3->rrec.length = 0; |
| 594 | 594 | ||
| 595 | if ((s->options & SSL_OP_NO_RENEGOTIATION) != 0) { | ||
| 596 | ssl3_send_alert(s, SSL3_AL_WARNING, | ||
| 597 | SSL_AD_NO_RENEGOTIATION); | ||
| 598 | return 1; | ||
| 599 | } | ||
| 600 | |||
| 595 | /* | 601 | /* |
| 596 | * It should be impossible to hit this, but keep the safety | 602 | * It should be impossible to hit this, but keep the safety |
| 597 | * harness for now... | 603 | * harness for now... |
| @@ -644,7 +650,9 @@ dtls1_read_handshake_unexpected(SSL *s) | |||
| 644 | return -1; | 650 | return -1; |
| 645 | } | 651 | } |
| 646 | 652 | ||
| 647 | if ((s->options & SSL_OP_NO_CLIENT_RENEGOTIATION) != 0) { | 653 | if ((s->options & SSL_OP_NO_CLIENT_RENEGOTIATION) != 0 || |
| 654 | ((s->options & SSL_OP_NO_RENEGOTIATION) != 0 && | ||
| 655 | (s->options & SSL_OP_ALLOW_CLIENT_RENEGOTIATION) == 0)) { | ||
| 648 | ssl3_send_alert(s, SSL3_AL_FATAL, | 656 | ssl3_send_alert(s, SSL3_AL_FATAL, |
| 649 | SSL_AD_NO_RENEGOTIATION); | 657 | SSL_AD_NO_RENEGOTIATION); |
| 650 | return -1; | 658 | return -1; |