Google Git
Sign in
boringssl/boringssl.git/44d3eed2bbaf18427fb38aa65a86018ac85a052a^!/./ssl/ssl_lib.c
commit
44d3eed2bbaf18427fb38aa65a86018ac85a052a
[log]
author
David Benjamin <davidben@chromium.org>
Thu May 21 01:29:55 2015 -0400
committer
Adam Langley <agl@google.com>
Thu May 21 20:43:56 2015 +0000
tree
da7c33f935aac5e44a278a78ca754aa078fc2e20
parent
3d59e04bce96474099ba76786a2337e99ae14505 [diff] [blame]
Forbid caller-initiated renegotiations and all renego as a servers.

The only case where renego is supported is if we are a client and the
server sends a HelloRequest. That is still needed to support the renego
+ client auth hack in Chrome. Beyond that, no other forms of renego will
work.

The messy logic where the handshake loop is repurposed to send
HelloRequest and the extremely confusing tri-state s->renegotiate (which
makes SSL_renegotiate_pending a lie during the initial handshake as a
server) are now gone. The next change will further simplify things by
removing ssl->s3->renegotiate and the renego deferral logic. There's
also some server-only renegotiation checks that can go now.

Also clean up ssl3_read_bytes' HelloRequest handling. The old logic relied on
the handshake state machine to reject bad HelloRequests which... actually that
code probably lets you initiate renego by sending the first four bytes of a
ServerHello and expecting the peer to read it later.

BUG=429450

Change-Id: Ie0f87d0c2b94e13811fe8e22e810ab2ffc8efa6c
Reviewed-on: https://boringssl-review.googlesource.com/4824
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index e53d12c..e84079a 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c

@@ -931,24 +931,14 @@
   return 1;
 }
 
-int SSL_renegotiate(SSL *s) {
-  if (SSL_IS_DTLS(s)) {
-    /* Renegotiation is not supported for DTLS. */
-    OPENSSL_PUT_ERROR(SSL, SSL_renegotiate, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-    return 0;
-  }
-
-  if (s->renegotiate == 0) {
-    s->renegotiate = 1;
-  }
-
-  return s->method->ssl_renegotiate(s);
+int SSL_renegotiate(SSL *ssl) {
+  /* Caller-initiated renegotiation is not supported. */
+  OPENSSL_PUT_ERROR(SSL, SSL_renegotiate, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+  return 0;
 }
 
-int SSL_renegotiate_pending(SSL *s) {
-  /* becomes true when negotiation is requested; false again once a handshake
-   * has finished */
-  return s->renegotiate != 0;
+int SSL_renegotiate_pending(SSL *ssl) {
+  return SSL_in_init(ssl) && ssl->s3->initial_handshake_complete;
 }
 
 uint32_t SSL_CTX_set_options(SSL_CTX *ctx, uint32_t options) {
@@ -2112,8 +2102,6 @@
     return -1;
   }
 
-  s->method->ssl_renegotiate_check(s);
-
   if (SSL_in_init(s)) {
     ret = s->handshake_func(s);
   }