Loading CHANGES +16 −0 Original line number Original line Diff line number Diff line Loading @@ -12,6 +12,22 @@ *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7 *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7 +) applies to 0.9.7 only +) applies to 0.9.7 only +) New function SSL_renegotiate_pending(). This returns true once renegotiation has been requested (either SSL_renegotiate() call or HelloRequest/ClientHello receveived from the peer) and becomes false once a handshake has been completed. (For servers, SSL_renegotiate() followed by SSL_do_handshake() sends a HelloRequest, but does not ensure that a handshake takes place. SSL_renegotiate_pending() is useful for checking if the client has followed the request.) [Bodo Moeller] +) New SSL option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION. By default, clients may request session resumption even during renegotiation (if session ID contexts permit); with this option, session resumption is possible only in the first handshake. [Bodo Moeller] *) Fix ssl3_accept (ssl/s3_srvr.c): Do not call ssl_init_wbio_buffer() *) Fix ssl3_accept (ssl/s3_srvr.c): Do not call ssl_init_wbio_buffer() when just sending a HelloRequest as this could interfere with when just sending a HelloRequest as this could interfere with application data writes (and is totally unnecessary). application data writes (and is totally unnecessary). Loading ssl/s3_srvr.c +17 −2 Original line number Original line Diff line number Diff line Loading @@ -524,7 +524,9 @@ int ssl3_accept(SSL *s) /* remove buffering on output */ /* remove buffering on output */ ssl_free_wbio_buffer(s); ssl_free_wbio_buffer(s); if (s->new_session == 2) s->new_session=0; s->new_session=0; /* if s->new_session is still 1, we have only sent a HelloRequest */ s->init_num=0; s->init_num=0; ssl_update_cache(s,SSL_SESS_CACHE_SERVER); ssl_update_cache(s,SSL_SESS_CACHE_SERVER); Loading Loading @@ -673,7 +675,15 @@ static int ssl3_get_client_hello(SSL *s) j= *(p++); j= *(p++); s->hit=0; s->hit=0; if (j == 0) /* Versions before 0.9.7 always allow session reuse during renegotiation * (i.e. when s->new_session is true), option * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is new with 0.9.7. * Maybe this optional behaviour should always have been the default, * but we cannot safely change the default behaviour (or new applications * might be written that become totally unsecure when compiled with * an earlier library version) */ if (j == 0 || (s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) { { if (!ssl_get_new_session(s,1)) if (!ssl_get_new_session(s,1)) goto err; goto err; Loading @@ -694,6 +704,11 @@ static int ssl3_get_client_hello(SSL *s) } } } } if (s->new_session) /* actually not necessarily a 'new' section unless * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ s->new_session = 2; p+=j; p+=j; n2s(p,i); n2s(p,i); if ((i == 0) && (j != 0)) if ((i == 0) && (j != 0)) Loading ssl/ssl.h +10 −2 Original line number Original line Diff line number Diff line Loading @@ -335,7 +335,8 @@ typedef struct ssl_session_st /* If set, always create a new key when using tmp_dh parameters */ /* If set, always create a new key when using tmp_dh parameters */ #define SSL_OP_SINGLE_DH_USE 0x00100000L #define SSL_OP_SINGLE_DH_USE 0x00100000L /* Set to also use the tmp_rsa key when doing RSA operations. */ /* Set to always use the tmp_rsa key when doing RSA operations, * even when this violates protocol specs */ #define SSL_OP_EPHEMERAL_RSA 0x00200000L #define SSL_OP_EPHEMERAL_RSA 0x00200000L /* Set on servers to choose the cipher according to the server's /* Set on servers to choose the cipher according to the server's * preferences */ * preferences */ Loading @@ -345,6 +346,8 @@ typedef struct ssl_session_st * (version 3.1) was announced in the client hello. Normally this is * (version 3.1) was announced in the client hello. Normally this is * forbidden to prevent version rollback attacks. */ * forbidden to prevent version rollback attacks. */ #define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L #define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L /* As server, disallow session resumption on renegotiation */ #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x01000000L /* The next flag deliberately changes the ciphertest, this is a check /* The next flag deliberately changes the ciphertest, this is a check * for the PKCS#1 attack */ * for the PKCS#1 attack */ Loading Loading @@ -640,7 +643,11 @@ struct ssl_st int server; /* are we the server side? - mostly used by SSL_clear*/ int server; /* are we the server side? - mostly used by SSL_clear*/ int new_session;/* 1 if we are to use a new session */ int new_session;/* 1 if we are to use a new session, * (sometimes 2 after a new session has in fact been assigned). * NB: For servers, the 'new' session may actually be a previously * cached session or even the previous session unless * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ int quiet_shutdown;/* don't send shutdown packets */ int quiet_shutdown;/* don't send shutdown packets */ int shutdown; /* we have shut things down, 0x01 sent, 0x02 int shutdown; /* we have shut things down, 0x01 sent, 0x02 * for received */ * for received */ Loading Loading @@ -1157,6 +1164,7 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s); int SSL_do_handshake(SSL *s); int SSL_do_handshake(SSL *s); int SSL_renegotiate(SSL *s); int SSL_renegotiate(SSL *s); int SSL_renegotiate_pending(SSL *s); int SSL_shutdown(SSL *s); int SSL_shutdown(SSL *s); SSL_METHOD *SSL_get_ssl_method(SSL *s); SSL_METHOD *SSL_get_ssl_method(SSL *s); Loading ssl/ssl_lib.c +7 −0 Original line number Original line Diff line number Diff line Loading @@ -836,6 +836,13 @@ int SSL_renegotiate(SSL *s) return(s->method->ssl_renegotiate(s)); return(s->method->ssl_renegotiate(s)); } } int SSL_renegotiate_pending(SSL *s) { /* becomes true when negotiation is requested; * false again once a handshake has finished */ return (s->new_session != 0); } long SSL_ctrl(SSL *s,int cmd,long larg,char *parg) long SSL_ctrl(SSL *s,int cmd,long larg,char *parg) { { long l; long l; Loading util/ssleay.num +1 −0 Original line number Original line Diff line number Diff line Loading @@ -212,3 +212,4 @@ kssl_ctx_free 261 EXIST::FUNCTION:KRB5 kssl_krb5_free_data_contents 262 EXIST::FUNCTION:KRB5 kssl_krb5_free_data_contents 262 EXIST::FUNCTION:KRB5 kssl_ctx_setstring 263 EXIST::FUNCTION:KRB5 kssl_ctx_setstring 263 EXIST::FUNCTION:KRB5 SSL_CTX_set_generate_session_id 264 EXIST::FUNCTION: SSL_CTX_set_generate_session_id 264 EXIST::FUNCTION: SSL_renegotiate_pending 265 EXIST::FUNCTION: Loading
CHANGES +16 −0 Original line number Original line Diff line number Diff line Loading @@ -12,6 +12,22 @@ *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7 *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7 +) applies to 0.9.7 only +) applies to 0.9.7 only +) New function SSL_renegotiate_pending(). This returns true once renegotiation has been requested (either SSL_renegotiate() call or HelloRequest/ClientHello receveived from the peer) and becomes false once a handshake has been completed. (For servers, SSL_renegotiate() followed by SSL_do_handshake() sends a HelloRequest, but does not ensure that a handshake takes place. SSL_renegotiate_pending() is useful for checking if the client has followed the request.) [Bodo Moeller] +) New SSL option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION. By default, clients may request session resumption even during renegotiation (if session ID contexts permit); with this option, session resumption is possible only in the first handshake. [Bodo Moeller] *) Fix ssl3_accept (ssl/s3_srvr.c): Do not call ssl_init_wbio_buffer() *) Fix ssl3_accept (ssl/s3_srvr.c): Do not call ssl_init_wbio_buffer() when just sending a HelloRequest as this could interfere with when just sending a HelloRequest as this could interfere with application data writes (and is totally unnecessary). application data writes (and is totally unnecessary). Loading
ssl/s3_srvr.c +17 −2 Original line number Original line Diff line number Diff line Loading @@ -524,7 +524,9 @@ int ssl3_accept(SSL *s) /* remove buffering on output */ /* remove buffering on output */ ssl_free_wbio_buffer(s); ssl_free_wbio_buffer(s); if (s->new_session == 2) s->new_session=0; s->new_session=0; /* if s->new_session is still 1, we have only sent a HelloRequest */ s->init_num=0; s->init_num=0; ssl_update_cache(s,SSL_SESS_CACHE_SERVER); ssl_update_cache(s,SSL_SESS_CACHE_SERVER); Loading Loading @@ -673,7 +675,15 @@ static int ssl3_get_client_hello(SSL *s) j= *(p++); j= *(p++); s->hit=0; s->hit=0; if (j == 0) /* Versions before 0.9.7 always allow session reuse during renegotiation * (i.e. when s->new_session is true), option * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is new with 0.9.7. * Maybe this optional behaviour should always have been the default, * but we cannot safely change the default behaviour (or new applications * might be written that become totally unsecure when compiled with * an earlier library version) */ if (j == 0 || (s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) { { if (!ssl_get_new_session(s,1)) if (!ssl_get_new_session(s,1)) goto err; goto err; Loading @@ -694,6 +704,11 @@ static int ssl3_get_client_hello(SSL *s) } } } } if (s->new_session) /* actually not necessarily a 'new' section unless * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ s->new_session = 2; p+=j; p+=j; n2s(p,i); n2s(p,i); if ((i == 0) && (j != 0)) if ((i == 0) && (j != 0)) Loading
ssl/ssl.h +10 −2 Original line number Original line Diff line number Diff line Loading @@ -335,7 +335,8 @@ typedef struct ssl_session_st /* If set, always create a new key when using tmp_dh parameters */ /* If set, always create a new key when using tmp_dh parameters */ #define SSL_OP_SINGLE_DH_USE 0x00100000L #define SSL_OP_SINGLE_DH_USE 0x00100000L /* Set to also use the tmp_rsa key when doing RSA operations. */ /* Set to always use the tmp_rsa key when doing RSA operations, * even when this violates protocol specs */ #define SSL_OP_EPHEMERAL_RSA 0x00200000L #define SSL_OP_EPHEMERAL_RSA 0x00200000L /* Set on servers to choose the cipher according to the server's /* Set on servers to choose the cipher according to the server's * preferences */ * preferences */ Loading @@ -345,6 +346,8 @@ typedef struct ssl_session_st * (version 3.1) was announced in the client hello. Normally this is * (version 3.1) was announced in the client hello. Normally this is * forbidden to prevent version rollback attacks. */ * forbidden to prevent version rollback attacks. */ #define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L #define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L /* As server, disallow session resumption on renegotiation */ #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x01000000L /* The next flag deliberately changes the ciphertest, this is a check /* The next flag deliberately changes the ciphertest, this is a check * for the PKCS#1 attack */ * for the PKCS#1 attack */ Loading Loading @@ -640,7 +643,11 @@ struct ssl_st int server; /* are we the server side? - mostly used by SSL_clear*/ int server; /* are we the server side? - mostly used by SSL_clear*/ int new_session;/* 1 if we are to use a new session */ int new_session;/* 1 if we are to use a new session, * (sometimes 2 after a new session has in fact been assigned). * NB: For servers, the 'new' session may actually be a previously * cached session or even the previous session unless * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ int quiet_shutdown;/* don't send shutdown packets */ int quiet_shutdown;/* don't send shutdown packets */ int shutdown; /* we have shut things down, 0x01 sent, 0x02 int shutdown; /* we have shut things down, 0x01 sent, 0x02 * for received */ * for received */ Loading Loading @@ -1157,6 +1164,7 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s); int SSL_do_handshake(SSL *s); int SSL_do_handshake(SSL *s); int SSL_renegotiate(SSL *s); int SSL_renegotiate(SSL *s); int SSL_renegotiate_pending(SSL *s); int SSL_shutdown(SSL *s); int SSL_shutdown(SSL *s); SSL_METHOD *SSL_get_ssl_method(SSL *s); SSL_METHOD *SSL_get_ssl_method(SSL *s); Loading
ssl/ssl_lib.c +7 −0 Original line number Original line Diff line number Diff line Loading @@ -836,6 +836,13 @@ int SSL_renegotiate(SSL *s) return(s->method->ssl_renegotiate(s)); return(s->method->ssl_renegotiate(s)); } } int SSL_renegotiate_pending(SSL *s) { /* becomes true when negotiation is requested; * false again once a handshake has finished */ return (s->new_session != 0); } long SSL_ctrl(SSL *s,int cmd,long larg,char *parg) long SSL_ctrl(SSL *s,int cmd,long larg,char *parg) { { long l; long l; Loading
util/ssleay.num +1 −0 Original line number Original line Diff line number Diff line Loading @@ -212,3 +212,4 @@ kssl_ctx_free 261 EXIST::FUNCTION:KRB5 kssl_krb5_free_data_contents 262 EXIST::FUNCTION:KRB5 kssl_krb5_free_data_contents 262 EXIST::FUNCTION:KRB5 kssl_ctx_setstring 263 EXIST::FUNCTION:KRB5 kssl_ctx_setstring 263 EXIST::FUNCTION:KRB5 SSL_CTX_set_generate_session_id 264 EXIST::FUNCTION: SSL_CTX_set_generate_session_id 264 EXIST::FUNCTION: SSL_renegotiate_pending 265 EXIST::FUNCTION:
