From 3ad3f36472b7244bbdcd534b2487fb1c780509fa Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Tue, 31 Jan 2017 15:35:46 +0000
Subject: Provide an SSL_OP_NO_CLIENT_RENEGOTIATION option that disallows
 client-initiated renegotiation. The current default behaviour remains
 unchanged.

ok beck@ reyk@
---
 src/lib/libssl/ssl.h     |  4 +++-
 src/lib/libssl/ssl_pkt.c | 10 +++++++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 2122fea936..72de5c15a9 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.125 2017/01/26 07:20:57 beck Exp $ */
+/* $OpenBSD: ssl.h,v 1.126 2017/01/31 15:35:46 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -501,6 +501,8 @@ struct ssl_session_st {
 
 /* As server, disallow session resumption on renegotiation */
 #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION	0x00010000L
+/* Disallow client initiated renegotiation. */
+#define SSL_OP_NO_CLIENT_RENEGOTIATION			0x00020000L
 /* If set, always create a new key when using tmp_ecdh parameters */
 #define SSL_OP_SINGLE_ECDH_USE				0x00080000L
 /* If set, always create a new key when using tmp_dh parameters */
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c
index 6a1c837944..c57eacd770 100644
--- a/src/lib/libssl/ssl_pkt.c
+++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_pkt.c,v 1.8 2017/01/29 15:31:15 jsing Exp $ */
+/* $OpenBSD: ssl_pkt.c,v 1.9 2017/01/31 15:35:46 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1136,6 +1136,14 @@ start:
 		 * now try again to obtain the (application) data we were asked for */
 		goto start;
 	}
+	/* Disallow client initiated renegotiation if configured. */
+	if (s->server && SSL_is_init_finished(s) &&
+	    S3I(s)->handshake_fragment_len >= 4 &&
+	    S3I(s)->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO &&
+	    (s->internal->options & SSL_OP_NO_CLIENT_RENEGOTIATION)) {
+		al = SSL_AD_NO_RENEGOTIATION;
+		goto f_err;
+	}
 	/* If we are a server and get a client hello when renegotiation isn't
 	 * allowed send back a no renegotiation alert and carry on.
 	 * WARNING: experimental code, needs reviewing (steve)
-- 
cgit v1.2.3-55-g6feb