From 949fbf073ad23fc0a25aa12011a0325901416180 Mon Sep 17 00:00:00 2001
From: Ben Laurie <ben@openssl.org>
Date: Thu, 5 Nov 2009 11:28:37 +0000
Subject: [PATCH] Disable renegotiation.

---
 CHANGES       | 7 +++++++
 ssl/s3_srvr.c | 9 +++++++++
 ssl/ssl.h     | 1 +
 ssl/ssl_err.c | 1 +
 4 files changed, 18 insertions(+)

diff --git a/CHANGES b/CHANGES
index 800288673d..73cc1dec30 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,13 @@
 
  Changes between 0.9.8k and 0.9.8l  [xx XXX xxxx]
 
+  *) Disable renegotiation completely - this fixes a severe security
+     problem at the cost of breaking all renegotiation. Renegotiation
+     can be re-enabled by setting
+     OPENSSL_ENABLE_UNSAFE_LEGACY_SESSION_RENEGOTATION at
+     compile-time. This is really not recommended.
+     [Ben Laurie]
+
   *) Fixes to stateless session resumption handling. Use initial_ctx when
      issuing and attempting to decrypt tickets in case it has changed during
      servername handling. Use a non-zero length session ID when attempting
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index c698513a09..057a9fad62 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -718,6 +718,15 @@ int ssl3_get_client_hello(SSL *s)
 #endif
 	STACK_OF(SSL_CIPHER) *ciphers=NULL;
 
+#ifndef OPENSSL_ENABLE_UNSAFE_LEGACY_SESSION_RENEGOTATION
+	if (s->new_session)
+		{
+		al=SSL_AD_HANDSHAKE_FAILURE;
+		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_RENEGOTIATION);
+		goto f_err;
+		}
+#endif  /* ndef OPENSSL_ENABLE_UNSAFE_LEGACY_SESSION_RENEGOTATION */
+
 	/* We do this so that we will respond with our native type.
 	 * If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
 	 * This down switching should be handled by a different method.
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 5982616222..f94f0f0e94 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1969,6 +1969,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_NO_PRIVATE_KEY_ASSIGNED			 190
 #define SSL_R_NO_PROTOCOLS_AVAILABLE			 191
 #define SSL_R_NO_PUBLICKEY				 192
+#define SSL_R_NO_RENEGOTIATION				 319
 #define SSL_R_NO_SHARED_CIPHER				 193
 #define SSL_R_NO_VERIFY_CALLBACK			 194
 #define SSL_R_NULL_SSL_CTX				 195
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index f965463bfa..898dc10979 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -388,6 +388,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"},
 {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"},
 {ERR_REASON(SSL_R_NO_PUBLICKEY)          ,"no publickey"},
+{ERR_REASON(SSL_R_NO_RENEGOTIATION)      ,"no renegotiation"},
 {ERR_REASON(SSL_R_NO_SHARED_CIPHER)      ,"no shared cipher"},
 {ERR_REASON(SSL_R_NO_VERIFY_CALLBACK)    ,"no verify callback"},
 {ERR_REASON(SSL_R_NULL_SSL_CTX)          ,"null ssl ctx"},
-- 
2.25.1