From 8b56f9c81d5f298f1939c12b25e08911f1620cc2 Mon Sep 17 00:00:00 2001
From: Ben Laurie <ben@openssl.org>
Date: Thu, 5 Nov 2009 13:40:29 +0000
Subject: [PATCH] Disable renegotiation.

---
 CHANGES       | 9 +++++++++
 ssl/s3_srvr.c | 9 +++++++++
 ssl/ssl.h     | 1 +
 ssl/ssl_err.c | 1 +
 4 files changed, 20 insertions(+)

diff --git a/CHANGES b/CHANGES
index 04d332e338..cd445c9313 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,15 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 0.9.8k and 0.9.8l  [5 Nov 2009]
+
+  *) Disable renegotiation completely - this fixes a severe security
+     problem at the cost of breaking all renegotiation. Renegotiation
+     can be re-enabled by setting
+     OPENSSL_ENABLE_UNSAFE_LEGACY_SESSION_RENEGOTATION at
+     compile-time. This is really not recommended.
+     [Ben Laurie]
+
  Changes between 0.9.8j and 0.9.8k  [25 Mar 2009]
 
   *) Don't set val to NULL when freeing up structures, it is freed up by
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 80b45eb86f..6719ecf02e 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -718,6 +718,15 @@ int ssl3_get_client_hello(SSL *s)
 #endif
 	STACK_OF(SSL_CIPHER) *ciphers=NULL;
 
+#ifdef OPENSSL_ENABLE_UNSAFE_LEGACY_SESSION_RENEGOTATION
+	if (s->new_session)
+		{
+		al=SSL_AD_HANDSHAKE_FAILURE;
+		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_RENEGOTIATION);
+		goto f_err;
+		}
+#endif  /* ndef OPENSSL_ENABLE_UNSAFE_LEGACY_SESSION_RENEGOTATION */
+
 	/* We do this so that we will respond with our native type.
 	 * If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
 	 * This down switching should be handled by a different method.
diff --git a/ssl/ssl.h b/ssl/ssl.h
index ff8a128d3c..5ef11a3b2b 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1952,6 +1952,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_NO_PRIVATE_KEY_ASSIGNED			 190
 #define SSL_R_NO_PROTOCOLS_AVAILABLE			 191
 #define SSL_R_NO_PUBLICKEY				 192
+#define SSL_R_NO_RENEGOTIATION				 318
 #define SSL_R_NO_SHARED_CIPHER				 193
 #define SSL_R_NO_VERIFY_CALLBACK			 194
 #define SSL_R_NULL_SSL_CTX				 195
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 24a994fe01..ce2a5557a6 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -384,6 +384,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"},
 {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"},
 {ERR_REASON(SSL_R_NO_PUBLICKEY)          ,"no publickey"},
+{ERR_REASON(SSL_R_NO_RENEGOTIATION)      ,"no renegotiation"},
 {ERR_REASON(SSL_R_NO_SHARED_CIPHER)      ,"no shared cipher"},
 {ERR_REASON(SSL_R_NO_VERIFY_CALLBACK)    ,"no verify callback"},
 {ERR_REASON(SSL_R_NULL_SSL_CTX)          ,"null ssl ctx"},
-- 
2.25.1