Commit 13f6d57b authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Add support for magic cipher suite value (MCSV). Make secure renegotiation 

work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.

NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.

Change mismatch alerts to handshake_failure as required by spec.

Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.
parent 8025e251

CHANGES

+2 −3
Original line number Diff line number Diff line
@@ -867,15 +867,14 @@ 
     the updated NID creation version. This should correctly handle UTF8.

     [Steve Henson]



  *) Implement

     https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt. Re-enable

  *) Implement draft-ietf-tls-renegotiation. Re-enable

     renegotiation but require the extension as needed. Unfortunately,

     SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION turns out to be a

     bad idea. It has been replaced by

     SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION which can be set with

     SSL_CTX_set_options(). This is really not recommended unless you

     know what you are doing.

     [Eric Rescorla <ekr@networkresonance.com> and Ben Laurie]

     [Eric Rescorla <ekr@networkresonance.com>, Ben Laurie, Steve Henson]



  *) Fixes to stateless session resumption handling. Use initial_ctx when

     issuing and attempting to decrypt tickets in case it has changed during

ssl/s3_clnt.c

+1 −1
Original line number Diff line number Diff line
@@ -912,7 +912,7 @@ int ssl3_get_server_hello(SSL *s) 


#ifndef OPENSSL_NO_TLSEXT

	/* TLS extensions*/

	if (s->version > SSL3_VERSION)

	if (s->version >= SSL3_VERSION)

		{

		if (!ssl_parse_serverhello_tlsext(s,&p,d,n, &al))

			{

ssl/s3_srvr.c

+1 −1
Original line number Diff line number Diff line
@@ -1015,7 +1015,7 @@ int ssl3_get_client_hello(SSL *s) 


#ifndef OPENSSL_NO_TLSEXT

	/* TLS extensions*/

	if (s->version > SSL3_VERSION)

	if (s->version >= SSL3_VERSION)

		{

		if (!ssl_parse_clienthello_tlsext(s,&p,d,n, &al))

			{

ssl/ssl3.h

+3 −0
Original line number Diff line number Diff line
@@ -128,6 +128,9 @@ 
extern "C" {

#endif



/* Magic Cipher Suite Value. NB: bogus value used for testing */

#define SSL3_CK_MCSV				0x03000FEC



#define SSL3_CK_RSA_NULL_MD5			0x03000001

#define SSL3_CK_RSA_NULL_SHA			0x03000002

#define SSL3_CK_RSA_RC4_40_MD5 			0x03000003

ssl/ssl_lib.c

+31 −0
Original line number Diff line number Diff line
@@ -1357,6 +1357,22 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, 
		j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);

		p+=j;

		}

	/* If p == q, no ciphers and caller indicates an error, otherwise

	 * add MCSV

	 */

	if (p != q)

		{

		static SSL_CIPHER msvc =

			{

			0, NULL, SSL3_CK_MCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0

			};

		j = put_cb ? put_cb(&msvc,p) : ssl_put_cipher_by_char(s,&msvc,p);

		p+=j;

#ifdef OPENSSL_RI_DEBUG

		fprintf(stderr, "MCSV sent by client\n");

#endif

		}



	return(p-q);

	}
@@ -1367,6 +1383,8 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, 
	STACK_OF(SSL_CIPHER) *sk;

	int i,n;



	s->s3->send_connection_binding = 0;



	n=ssl_put_cipher_by_char(s,NULL,NULL);

	if ((num%n) != 0)

		{
@@ -1383,6 +1401,19 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, 


	for (i=0; i<num; i+=n)

		{

		/* Check for MCSV */

		if ((n != 3 || !p[0]) &&

			(p[n-2] == ((SSL3_CK_MCSV >> 8) & 0xff)) &&

			(p[n-1] == (SSL3_CK_MCSV & 0xff)))

			{

			s->s3->send_connection_binding = 1;

			p += n;

#ifdef OPENSSL_RI_DEBUG

			fprintf(stderr, "MCSV received by server\n");

#endif

			continue;

			}



		c=ssl_get_cipher_by_char(s,p);

		p+=n;

		if (c != NULL)