Commit 6e127fdd authored by Matt Caswell's avatar Matt Caswell
Browse files

Add the SSL_OP_NO_RENEGOTIATION option to 1.1.0 



This is based on a heavily modified version of commit db0f35dd by Todd
Short from the master branch.

We are adding this because it used to be possible to disable reneg using
the flag SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS in 1.0.2. This is no longer
possible because of the opacity work.

A point to note about this is that if an application built against new
1.1.0 headers (that know about the new option SSL_OP_NO_RENEGOTIATION
option) is run using an older version of 1.1.0 (that doesn't know about
the option) then the option will be accepted but nothing will happen, i.e.
renegotiation will not be prevented. There's probably not much we can do
about that.

Fixes #4739

Reviewed-by: default avatarBen Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4901)
parent 12492580

apps/apps.h

+4 −1
Original line number Diff line number Diff line
@@ -215,7 +215,7 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate, 
        OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_STRICT, OPT_S_SIGALGS, \

        OPT_S_CLIENTSIGALGS, OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, \

        OPT_S_DEBUGBROKE, OPT_S_COMP, \

        OPT_S__LAST

        OPT_S_NO_RENEGOTIATION, OPT_S__LAST



# define OPT_S_OPTIONS \

        {"no_ssl3", OPT_S_NOSSL3, '-',"Just disable SSLv3" }, \
@@ -230,6 +230,8 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate, 
        {"serverpref", OPT_S_SERVERPREF, '-', "Use server's cipher preferences"}, \

        {"legacy_renegotiation", OPT_S_LEGACYRENEG, '-', \

            "Enable use of legacy renegotiation (dangerous)"}, \

        {"no_renegotiation", OPT_S_NO_RENEGOTIATION, '-', \

            "Disable all renegotiation."}, \

        {"legacy_server_connect", OPT_S_LEGACYCONN, '-', \

            "Allow initial connection to servers that don't support RI"}, \

        {"no_resumption_on_reneg", OPT_S_ONRESUMP, '-', \
@@ -272,6 +274,7 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate, 
        case OPT_S_CURVES: \

        case OPT_S_NAMEDCURVE: \

        case OPT_S_CIPHER: \

        case OPT_S_NO_RENEGOTIATION: \

        case OPT_S_DEBUGBROKE



#define IS_NO_PROT_FLAG(o) \

apps/s_server.c

+3 −0
Original line number Diff line number Diff line
@@ -2575,6 +2575,9 @@ static int init_ssl_connection(SSL *con) 
        BIO_printf(bio_s_out, "Reused session-id\n");

    BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",

               SSL_get_secure_renegotiation_support(con) ? "" : " NOT");

    if ((SSL_get_options(con) & SSL_OP_NO_RENEGOTIATION))

        BIO_printf(bio_s_out, "Renegotiation is DISABLED\n");



    if (keymatexportlabel != NULL) {

        BIO_printf(bio_s_out, "Keying material exporter:\n");

        BIO_printf(bio_s_out, "    Label: '%s'\n", keymatexportlabel);

doc/ssl/SSL_CONF_cmd.pod

+10 −0
Original line number Diff line number Diff line
@@ -110,6 +110,11 @@ Attempts to use the file B<value> as the set of temporary DH parameters for 
the appropriate context. This option is only supported if certificate

operations are permitted.



=item B<-no_renegotiation>



Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting

B<SSL_OP_NO_RENEGOTIATION>.



=item B<-min_protocol>, B<-max_protocol>



Sets the minimum and maximum supported protocol.
@@ -227,6 +232,11 @@ Attempts to use the file B<value> as the set of temporary DH parameters for 
the appropriate context. This option is only supported if certificate

operations are permitted.



=item B<NoRenegotiation>



Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting

B<SSL_OP_NO_RENEGOTIATION>.



=item B<SignatureAlgorithms>



This sets the supported signature algorithms for TLS v1.2. For clients this

doc/ssl/SSL_CTX_set_options.pod

+7 −0
Original line number Diff line number Diff line
@@ -197,6 +197,11 @@ RFC7366 Encrypt-then-MAC option on TLS and DTLS connection. 
If this option is set, Encrypt-then-MAC is disabled. Clients will not

propose, and servers will not accept the extension.



=item SSL_OP_NO_RENEGOTIATION



Disable all renegotiation in TLSv1.2 and earlier. Do not send HelloRequest

messages, and ignore renegotiation requests via ClientHello.



=back



=head1 SECURE RENEGOTIATION
@@ -288,6 +293,8 @@ L<dhparam(1)> 
The attempt to always try to use secure renegotiation was added in

Openssl 0.9.8m.



B<SSL_OP_NO_RENEGOTIATION> was added in OpenSSL 1.1.0h.



=head1 COPYRIGHT



Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

include/openssl/ssl.h

+5 −0
Original line number Diff line number Diff line
@@ -323,6 +323,9 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); 
        SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2)

# define SSL_OP_NO_DTLS_MASK (SSL_OP_NO_DTLSv1|SSL_OP_NO_DTLSv1_2)



/* Disallow all renegotiation */

# define SSL_OP_NO_RENEGOTIATION                         0x40000000U



/*

 * Make server add server-hello extension from early version of cryptopro

 * draft, when GOST ciphersuite is negotiated. Required for interoperability
@@ -2201,6 +2204,8 @@ int ERR_load_SSL_strings(void); 
# define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT         311

# define SSL_F_SSL_PEEK                                   270

# define SSL_F_SSL_READ                                   223

# define SSL_F_SSL_RENEGOTIATE                            516

# define SSL_F_SSL_RENEGOTIATE_ABBREVIATED                546

# define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT                320

# define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT                321

# define SSL_F_SSL_SESSION_DUP                            348