Default renegotiations to off.
As of crbug.com/484543, Chromium's SSLClientSocket is not sensitive to whether
renegotiation is enabled or not. Disable it by default and require consumers to
opt into enabling this protocol mistake.
BUG=429450
Change-Id: I2329068284dbb851da010ff1fd398df3d663bcc3
Reviewed-on: https://boringssl-review.googlesource.com/4723
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 860a99a..2053d69 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1165,7 +1165,8 @@
/* SSL_set_reject_peer_renegotiations controls whether renegotiation attempts by
* the peer are rejected. It may be set at any point in a connection's lifetime
- * to disallow future renegotiations programmatically. */
+ * to control future renegotiations programmatically. By default, renegotiations
+ * are rejected. */
OPENSSL_EXPORT void SSL_set_reject_peer_renegotiations(SSL *ssl, int reject);
/* the maximum length of the buffer given to callbacks containing the resulting
@@ -1424,9 +1425,9 @@
* data rate) state in 3G networks. */
char fastradio_padding;
- /* reject_peer_renegotiations, if one, causes causes renegotiation attempts
- * from the peer to be rejected with a fatal error. */
- char reject_peer_renegotiations;
+ /* accept_peer_renegotiations, if one, accepts renegotiation attempts from the
+ * peer. Otherwise, they will be rejected with a fatal error. */
+ char accept_peer_renegotiations;
/* These fields are always NULL and exist only to keep wpa_supplicant happy
* about the change to EVP_AEAD. They are only needed for EAP-FAST, which we
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index c42d000..75d4df7 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -869,7 +869,7 @@
if (rr->type == SSL3_RT_HANDSHAKE) {
/* If peer renegotiations are disabled, all out-of-order handshake records
* are fatal. */
- if (s->reject_peer_renegotiations) {
+ if (!s->accept_peer_renegotiations) {
al = SSL_AD_NO_RENEGOTIATION;
OPENSSL_PUT_ERROR(SSL, ssl3_read_bytes, SSL_R_NO_RENEGOTIATION);
goto f_err;
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 6c8e2c9..15bb8be 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2929,7 +2929,7 @@
}
void SSL_set_reject_peer_renegotiations(SSL *s, int reject) {
- s->reject_peer_renegotiations = !!reject;
+ s->accept_peer_renegotiations = !reject;
}
const SSL_CIPHER *SSL_get_cipher_by_value(uint16_t value) {
diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc
index 1cf96f2..5b54a67 100644
--- a/ssl/test/bssl_shim.cc
+++ b/ssl/test/bssl_shim.cc
@@ -660,8 +660,9 @@
!SSL_set_cipher_list(ssl.get(), config->cipher.c_str())) {
return false;
}
- if (config->reject_peer_renegotiations) {
- SSL_set_reject_peer_renegotiations(ssl.get(), 1);
+ if (!config->reject_peer_renegotiations) {
+ /* Renegotiations are disabled by default. */
+ SSL_set_reject_peer_renegotiations(ssl.get(), 0);
}
int sock = Connect(config->port);
