Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 44d3eed2bbaf18427fb38aa65a86018ac85a052a^! / . / include / openssl / ssl.h
commit44d3eed2bbaf18427fb38aa65a86018ac85a052a[log] [tgz]
authorDavid Benjamin <davidben@chromium.org>Thu May 21 01:29:55 2015 -0400
committerAdam Langley <agl@google.com>Thu May 21 20:43:56 2015 +0000
treeda7c33f935aac5e44a278a78ca754aa078fc2e20
parent3d59e04bce96474099ba76786a2337e99ae14505 [diff] [blame]
Forbid caller-initiated renegotiations and all renego as a servers.

The only case where renego is supported is if we are a client and the
server sends a HelloRequest. That is still needed to support the renego
+ client auth hack in Chrome. Beyond that, no other forms of renego will
work.

The messy logic where the handshake loop is repurposed to send
HelloRequest and the extremely confusing tri-state s->renegotiate (which
makes SSL_renegotiate_pending a lie during the initial handshake as a
server) are now gone. The next change will further simplify things by
removing ssl->s3->renegotiate and the renego deferral logic. There's
also some server-only renegotiation checks that can go now.

Also clean up ssl3_read_bytes' HelloRequest handling. The old logic relied on
the handshake state machine to reject bad HelloRequests which... actually that
code probably lets you initiate renego by sending the first four bytes of a
ServerHello and expecting the peer to read it later.

BUG=429450

Change-Id: Ie0f87d0c2b94e13811fe8e22e810ab2ffc8efa6c
Reviewed-on: https://boringssl-review.googlesource.com/4824
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 8b69613..f20201c 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -1211,7 +1211,7 @@
 /* SSL_set_reject_peer_renegotiations controls whether renegotiation attempts by
  * the peer are rejected. It may be set at any point in a connection's lifetime
  * to control future renegotiations programmatically. By default, renegotiations
- * are rejected. */
+ * are rejected. (Renegotiations requested by a client are always rejected.) */
 OPENSSL_EXPORT void SSL_set_reject_peer_renegotiations(SSL *ssl, int reject);
 
 /* the maximum length of the buffer given to callbacks containing the resulting
@@ -1450,10 +1450,6 @@
   uint8_t *alpn_client_proto_list;
   unsigned alpn_client_proto_list_len;
 
-  int renegotiate; /* 1 if we are renegotiating.
-                    * 2 if we are a server and are inside a handshake
-                    * (i.e. not just sending a HelloRequest) */
-
   /* fastradio_padding, if true, causes ClientHellos to be padded to 1024
    * bytes. This ensures that the cellular radio is fast forwarded to DCH (high
    * data rate) state in 3G networks. */
@@ -2050,8 +2046,11 @@
 OPENSSL_EXPORT STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
 
 OPENSSL_EXPORT int SSL_do_handshake(SSL *s);
-OPENSSL_EXPORT int SSL_renegotiate(SSL *s);
-OPENSSL_EXPORT int SSL_renegotiate_pending(SSL *s);
+
+/* SSL_renegotiate_pending returns one if |ssl| is in the middle of a
+ * renegotiation. */
+OPENSSL_EXPORT int SSL_renegotiate_pending(SSL *ssl);
+
 OPENSSL_EXPORT int SSL_shutdown(SSL *s);
 
 OPENSSL_EXPORT const char *SSL_alert_type_string_long(int value);
@@ -2404,6 +2403,9 @@
 /* SSL_set_read_ahead does nothing. */
 OPENSSL_EXPORT void SSL_set_read_ahead(SSL *s, int yes);
 
+/* SSL_renegotiate put an error on the error queue and returns zero. */
+OPENSSL_EXPORT int SSL_renegotiate(SSL *ssl);
+
 
 /* Android compatibility section.
  *