From 6b0e9facf4a24553b01c536bb2981c8eb1b7c136 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Bodo=20M=C3=B6ller?= Date: Thu, 20 Sep 2001 22:54:09 +0000 Subject: [PATCH] New function SSL_renegotiate_pending(). New option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION. --- CHANGES | 16 ++++++++++++++++ ssl/s3_srvr.c | 19 +++++++++++++++++-- ssl/ssl.h | 12 ++++++++++-- ssl/ssl_lib.c | 7 +++++++ util/ssleay.num | 1 + 5 files changed, 51 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index ad5f9464e8..1d2c6cf98a 100644 --- a/CHANGES +++ b/CHANGES @@ -12,6 +12,22 @@ *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7 +) applies to 0.9.7 only + +) New function SSL_renegotiate_pending(). This returns true once + renegotiation has been requested (either SSL_renegotiate() call + or HelloRequest/ClientHello receveived from the peer) and becomes + false once a handshake has been completed. + (For servers, SSL_renegotiate() followed by SSL_do_handshake() + sends a HelloRequest, but does not ensure that a handshake takes + place. SSL_renegotiate_pending() is useful for checking if the + client has followed the request.) + [Bodo Moeller] + + +) New SSL option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION. + By default, clients may request session resumption even during + renegotiation (if session ID contexts permit); with this option, + session resumption is possible only in the first handshake. + [Bodo Moeller] + *) Fix ssl3_accept (ssl/s3_srvr.c): Do not call ssl_init_wbio_buffer() when just sending a HelloRequest as this could interfere with application data writes (and is totally unnecessary). diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index dcc1b72c9b..94da180d08 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -524,7 +524,9 @@ int ssl3_accept(SSL *s) /* remove buffering on output */ ssl_free_wbio_buffer(s); - s->new_session=0; + if (s->new_session == 2) + s->new_session=0; + /* if s->new_session is still 1, we have only sent a HelloRequest */ s->init_num=0; ssl_update_cache(s,SSL_SESS_CACHE_SERVER); @@ -673,7 +675,15 @@ static int ssl3_get_client_hello(SSL *s) j= *(p++); s->hit=0; - if (j == 0) + /* Versions before 0.9.7 always allow session reuse during renegotiation + * (i.e. when s->new_session is true), option + * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is new with 0.9.7. + * Maybe this optional behaviour should always have been the default, + * but we cannot safely change the default behaviour (or new applications + * might be written that become totally unsecure when compiled with + * an earlier library version) + */ + if (j == 0 || (s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) { if (!ssl_get_new_session(s,1)) goto err; @@ -694,6 +704,11 @@ static int ssl3_get_client_hello(SSL *s) } } + if (s->new_session) + /* actually not necessarily a 'new' section unless + * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ + s->new_session = 2; + p+=j; n2s(p,i); if ((i == 0) && (j != 0)) diff --git a/ssl/ssl.h b/ssl/ssl.h index 88060ad6d8..8a8013463b 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -335,7 +335,8 @@ typedef struct ssl_session_st /* If set, always create a new key when using tmp_dh parameters */ #define SSL_OP_SINGLE_DH_USE 0x00100000L -/* Set to also use the tmp_rsa key when doing RSA operations. */ +/* Set to always use the tmp_rsa key when doing RSA operations, + * even when this violates protocol specs */ #define SSL_OP_EPHEMERAL_RSA 0x00200000L /* Set on servers to choose the cipher according to the server's * preferences */ @@ -345,6 +346,8 @@ typedef struct ssl_session_st * (version 3.1) was announced in the client hello. Normally this is * forbidden to prevent version rollback attacks. */ #define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L +/* As server, disallow session resumption on renegotiation */ +#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x01000000L /* The next flag deliberately changes the ciphertest, this is a check * for the PKCS#1 attack */ @@ -640,7 +643,11 @@ struct ssl_st int server; /* are we the server side? - mostly used by SSL_clear*/ - int new_session;/* 1 if we are to use a new session */ + int new_session;/* 1 if we are to use a new session, + * (sometimes 2 after a new session has in fact been assigned). + * NB: For servers, the 'new' session may actually be a previously + * cached session or even the previous session unless + * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ int quiet_shutdown;/* don't send shutdown packets */ int shutdown; /* we have shut things down, 0x01 sent, 0x02 * for received */ @@ -1157,6 +1164,7 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s); int SSL_do_handshake(SSL *s); int SSL_renegotiate(SSL *s); +int SSL_renegotiate_pending(SSL *s); int SSL_shutdown(SSL *s); SSL_METHOD *SSL_get_ssl_method(SSL *s); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 89c3c2d4f4..f5512c465e 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -836,6 +836,13 @@ int SSL_renegotiate(SSL *s) return(s->method->ssl_renegotiate(s)); } +int SSL_renegotiate_pending(SSL *s) + { + /* becomes true when negotiation is requested; + * false again once a handshake has finished */ + return (s->new_session != 0); + } + long SSL_ctrl(SSL *s,int cmd,long larg,char *parg) { long l; diff --git a/util/ssleay.num b/util/ssleay.num index 4090d99092..168e6d3c59 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -212,3 +212,4 @@ kssl_ctx_free 261 EXIST::FUNCTION:KRB5 kssl_krb5_free_data_contents 262 EXIST::FUNCTION:KRB5 kssl_ctx_setstring 263 EXIST::FUNCTION:KRB5 SSL_CTX_set_generate_session_id 264 EXIST::FUNCTION: +SSL_renegotiate_pending 265 EXIST::FUNCTION: -- 2.25.1