kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Forbid renegotiation in TLS 1.3.

Browse Source 
Change-Id: I1b34acbbb5528e7e31595ee0cbce7618890f3955
Reviewed-on: https://boringssl-review.googlesource.com/8669
Reviewed-by: David Benjamin <davidben@google.com>
This commit is contained in:
David Benjamin 2016-07-08 14:14:36 -07:00
parent 71dd6660e8
commit 397c8e6fb6
3 changed files with 37 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ssl/s3_both.c
View File

@ -574,12 +574,14 @@ again:
ssl_do_msg_callback(ssl, 0 /* read */, ssl->version, SSL3_RT_HANDSHAKE, ssl_do_msg_callback(ssl, 0 /* read */, ssl->version, SSL3_RT_HANDSHAKE,
ssl->init_buf->data, ssl->init_buf->length); ssl->init_buf->data, ssl->init_buf->length);
/* Ignore stray HelloRequest messages. Per RFC 5246, section 7.4.1.1, the
* server may send HelloRequest at any time. */
static const uint8_t kHelloRequest[4] = {SSL3_MT_HELLO_REQUEST, 0, 0, 0}; static const uint8_t kHelloRequest[4] = {SSL3_MT_HELLO_REQUEST, 0, 0, 0};
if (!ssl->server && ssl->init_buf->length == sizeof(kHelloRequest) && if (!ssl->server &&
(!ssl->s3->have_version ||
ssl3_protocol_version(ssl) < TLS1_3_VERSION) &&
ssl->init_buf->length == sizeof(kHelloRequest) &&
memcmp(kHelloRequest, ssl->init_buf->data, sizeof(kHelloRequest)) == 0) { memcmp(kHelloRequest, ssl->init_buf->data, sizeof(kHelloRequest)) == 0) {
/* The server may always send 'Hello Request' messages -- we are doing a
* handshake anyway now, so ignore them if their format is correct. Does
* not count for 'Finished' MAC. */
goto again; goto again;
} }

4
ssl/s3_pkt.c
View File

@ -353,6 +353,10 @@ void ssl3_read_close_notify(SSL *ssl) {
} }
static int ssl3_can_renegotiate(SSL *ssl) { static int ssl3_can_renegotiate(SSL *ssl) {
if (ssl->server || ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
return 0;
}
switch (ssl->renegotiate_mode) { switch (ssl->renegotiate_mode) {
case ssl_renegotiate_never: case ssl_renegotiate_never:
return 0; return 0;

29
ssl/test/runner/runner.go
View File

@ -4542,7 +4542,7 @@ func addRenegotiationTests() {
}, },
}) })
// Stray HelloRequests during the handshake are ignored. // Stray HelloRequests during the handshake are ignored in TLS 1.2.
testCases = append(testCases, testCase{ testCases = append(testCases, testCase{
name: "StrayHelloRequest", name: "StrayHelloRequest",
config: Config{ config: Config{
@ -4563,7 +4563,32 @@ func addRenegotiationTests() {
}, },
}) })
// TODO(davidben): Add a test that HelloRequests are illegal in TLS 1.3. // Renegotiation is forbidden in TLS 1.3.
testCases = append(testCases, testCase{
name: "Renegotiate-Client-TLS13",
config: Config{
MaxVersion: VersionTLS13,
},
renegotiate: 1,
flags: []string{
"-renegotiate-freely",
},
shouldFail: true,
expectedError: ":NO_RENEGOTIATION:",
})
// Stray HelloRequests during the handshake are forbidden in TLS 1.3.
testCases = append(testCases, testCase{
name: "StrayHelloRequest-TLS13",
config: Config{
MaxVersion: VersionTLS13,
Bugs: ProtocolBugs{
SendHelloRequestBeforeEveryHandshakeMessage: true,
},
},
shouldFail: true,
expectedError: ":UNEXPECTED_MESSAGE:",
})
} }
func addDTLSReplayTests() { func addDTLSReplayTests() {