Commit 76998a71 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Updates to conform with draft-ietf-tls-renegotiation-03.txt: 

1. Add provisional SCSV value.
2. Don't send SCSV and RI at same time.
3. Fatal error is SCSV received when renegotiating.
parent dd792d62

CHANGES

+1 −1
Original line number Diff line number Diff line
@@ -905,7 +905,7 @@ 
     the updated NID creation version. This should correctly handle UTF8.

     [Steve Henson]



  *) Implement draft-ietf-tls-renegotiation. Re-enable

  *) Implement draft-ietf-tls-renegotiation-03. Re-enable

     renegotiation but require the extension as needed. Unfortunately,

     SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION turns out to be a

     bad idea. It has been replaced by

ssl/ssl.h

+1 −0
Original line number Diff line number Diff line
@@ -2207,6 +2207,7 @@ void ERR_load_SSL_strings(void); 
#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO		 216

#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO			 217

#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO		 218

#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING		 345

#define SSL_R_SERVERHELLO_TLSEXT			 275

#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED		 277

#define SSL_R_SHORT_READ				 219

ssl/ssl3.h

+2 −4
Original line number Diff line number Diff line
@@ -128,10 +128,8 @@ 
extern "C" {

#endif



/* Magic Cipher Suite Value. NB: bogus value used for testing */

#ifndef SSL3_CK_SCSV

#define SSL3_CK_SCSV				0x03000FEC

#endif

/* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */

#define SSL3_CK_SCSV				0x030000FF



#define SSL3_CK_RSA_NULL_MD5			0x03000001

#define SSL3_CK_RSA_NULL_SHA			0x03000002

ssl/ssl_err.c

+1 −0
Original line number Diff line number Diff line
@@ -459,6 +459,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= 
{ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"},

{ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"},

{ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"},

{ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),"scsv received when renegotiating"},

{ERR_REASON(SSL_R_SERVERHELLO_TLSEXT)    ,"serverhello tlsext"},

{ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"},

{ERR_REASON(SSL_R_SHORT_READ)            ,"short read"},

ssl/ssl_lib.c

+11 −3
Original line number Diff line number Diff line
@@ -1369,10 +1369,11 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, 
		j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);

		p+=j;

		}

	/* If p == q, no ciphers and caller indicates an error, otherwise

	 * add SCSV if not renegotiating

	/* If p == q, no ciphers and caller indicates an error. Otherwise

	 * add SCSV if no extensions (i.e. SSL3 is client_version)

	 * since spec RECOMMENDS not sending both RI and SCSV.

	 */

	if (p != q && !s->new_session)

	if (p != q && !s->new_session && s->client_version == SSL3_VERSION)

		{

		static SSL_CIPHER scsv =

			{
@@ -1418,6 +1419,13 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, 
			(p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&

			(p[n-1] == (SSL3_CK_SCSV & 0xff)))

			{

			/* SCSV fatal if renegotiating */

			if (s->new_session)

				{

				SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);

				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); 

				goto err;

				}

			s->s3->send_connection_binding = 1;

			p += n;

#ifdef OPENSSL_RI_DEBUG