From d19d7f935ec0e391fa977c235786de64fbe84830 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Tue, 31 Jan 2017 15:35:46 +0000
Subject: Provide an SSL_OP_NO_CLIENT_RENEGOTIATION option that disallows
 client-initiated renegotiation. The current default behaviour remains
 unchanged.

ok beck@ reyk@
---
 src/lib/libssl/ssl_pkt.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'src/lib/libssl/ssl_pkt.c')

diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c
index 6a1c837944..c57eacd770 100644
--- a/src/lib/libssl/ssl_pkt.c
+++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_pkt.c,v 1.8 2017/01/29 15:31:15 jsing Exp $ */
+/* $OpenBSD: ssl_pkt.c,v 1.9 2017/01/31 15:35:46 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1136,6 +1136,14 @@ start:
 		 * now try again to obtain the (application) data we were asked for */
 		goto start;
 	}
+	/* Disallow client initiated renegotiation if configured. */
+	if (s->server && SSL_is_init_finished(s) &&
+	    S3I(s)->handshake_fragment_len >= 4 &&
+	    S3I(s)->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO &&
+	    (s->internal->options & SSL_OP_NO_CLIENT_RENEGOTIATION)) {
+		al = SSL_AD_NO_RENEGOTIATION;
+		goto f_err;
+	}
 	/* If we are a server and get a client hello when renegotiation isn't
 	 * allowed send back a no renegotiation alert and carry on.
 	 * WARNING: experimental code, needs reviewing (steve)
-- 
cgit v1.2.3-55-g6feb