Updates to conform with draft-ietf-tls-renegotiation-03.txt:
1. Add provisional SCSV value. 2. Don't send SCSV and RI at same time. 3. Fatal error is SCSV received when renegotiating.
This commit is contained in:
Dr. Stephen Henson
parent
37aff2199e
commit
50a095ed16
5 changed files with 15 additions and 7 deletions
2
CHANGES
2
CHANGES
|
|
@ -36,7 +36,7 @@
|
|||
the updated NID creation version. This should correctly handle UTF8.
|
||||
[Steve Henson]
|
||||
|
||||
*) Implement draft-ietf-tls-renegotiation. Re-enable
|
||||
*) Implement draft-ietf-tls-renegotiation-03. Re-enable
|
||||
renegotiation but require the extension as needed. Unfortunately,
|
||||
SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION turns out to be a
|
||||
bad idea. It has been replaced by
|
||||
|
|
|
|||
|
|
@ -2028,6 +2028,7 @@ void ERR_load_SSL_strings(void);
|
|||
#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216
|
||||
#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217
|
||||
#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218
|
||||
#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 324
|
||||
#define SSL_R_SERVERHELLO_TLSEXT 224
|
||||
#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277
|
||||
#define SSL_R_SHORT_READ 219
|
||||
|
|
|
|||
|
|
@ -129,10 +129,8 @@
|
|||
extern "C" {
|
||||
#endif
|
||||
|
||||
/* Magic Cipher Suite Value. NB: bogus value used for testing */
|
||||
#ifndef SSL3_CK_SCSV
|
||||
#define SSL3_CK_SCSV 0x03000FEC
|
||||
#endif
|
||||
/* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */
|
||||
#define SSL3_CK_SCSV 0x030000FF
|
||||
|
||||
#define SSL3_CK_RSA_NULL_MD5 0x03000001
|
||||
#define SSL3_CK_RSA_NULL_SHA 0x03000002
|
||||
|
|
|
|||
|
|
@ -429,6 +429,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
|
|||
{ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"},
|
||||
{ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"},
|
||||
{ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"},
|
||||
{ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),"scsv received when renegotiating"},
|
||||
{ERR_REASON(SSL_R_SERVERHELLO_TLSEXT) ,"serverhello tlsext"},
|
||||
{ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"},
|
||||
{ERR_REASON(SSL_R_SHORT_READ) ,"short read"},
|
||||
|
|
|
|||
|
|
@ -1299,8 +1299,9 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
|
|||
j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
|
||||
p+=j;
|
||||
}
|
||||
/* If p == q, no ciphers and caller indicates an error, otherwise
|
||||
* add SCSV
|
||||
/* If p == q, no ciphers and caller indicates an error. Otherwise
|
||||
* add SCSV if no extensions (i.e. SSL3 is client_version)
|
||||
* since spec RECOMMENDS not sending both RI and SCSV.
|
||||
*/
|
||||
if (p != q)
|
||||
{
|
||||
|
|
@ -1348,6 +1349,13 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
|
|||
(p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&
|
||||
(p[n-1] == (SSL3_CK_SCSV & 0xff)))
|
||||
{
|
||||
/* SCSV fatal if renegotiating */
|
||||
if (s->new_session)
|
||||
{
|
||||
SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
|
||||
ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
s->s3->send_connection_binding = 1;
|
||||
p += n;
|
||||
#ifdef OPENSSL_RI_DEBUG
|
||||
|
|
|
|||
Loading…
Reference in a new issue