Default renegotiations to off.

As of crbug.com/484543, Chromium's SSLClientSocket is not sensitive to whether renegotiation is enabled or not. Disable it by default and require consumers to opt into enabling this protocol mistake. BUG=429450 Change-Id: I2329068284dbb851da010ff1fd398df3d663bcc3 Reviewed-on: https://boringssl-review.googlesource.com/4723 Reviewed-by: Adam Langley <agl@google.com>
2015-05-12 17:03:54 -04:00 · 2015-05-12 17:03:54 -04:00 · 897e5e0013
commit 897e5e0013
parent 4690bb5fc3
4 changed files with 10 additions and 8 deletions
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@ -1165,7 +1165,8 @@ OPENSSL_EXPORT void SSL_enable_fastradio_padding(SSL *ssl, char on_off);

 /* SSL_set_reject_peer_renegotiations controls whether renegotiation attempts by
 * the peer are rejected. It may be set at any point in a connection's lifetime
- * to disallow future renegotiations programmatically. */
+ * to control future renegotiations programmatically. By default, renegotiations
+ * are rejected. */
 OPENSSL_EXPORT void SSL_set_reject_peer_renegotiations(SSL *ssl, int reject);

 /* the maximum length of the buffer given to callbacks containing the resulting
@ -1424,9 +1425,9 @@ struct ssl_st {
   * data rate) state in 3G networks. */
  char fastradio_padding;

-  /* reject_peer_renegotiations, if one, causes causes renegotiation attempts
-   * from the peer to be rejected with a fatal error. */
-  char reject_peer_renegotiations;
+  /* accept_peer_renegotiations, if one, accepts renegotiation attempts from the
+   * peer. Otherwise, they will be rejected with a fatal error. */
+  char accept_peer_renegotiations;

  /* These fields are always NULL and exist only to keep wpa_supplicant happy
   * about the change to EVP_AEAD. They are only needed for EAP-FAST, which we
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@ -869,7 +869,7 @@ start:
  if (rr->type == SSL3_RT_HANDSHAKE) {
    /* If peer renegotiations are disabled, all out-of-order handshake records
     * are fatal. */
-    if (s->reject_peer_renegotiations) {
+    if (!s->accept_peer_renegotiations) {
      al = SSL_AD_NO_RENEGOTIATION;
      OPENSSL_PUT_ERROR(SSL, ssl3_read_bytes, SSL_R_NO_RENEGOTIATION);
      goto f_err;
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@ -2929,7 +2929,7 @@ void SSL_enable_fastradio_padding(SSL *s, char on_off) {
 }

 void SSL_set_reject_peer_renegotiations(SSL *s, int reject) {
-  s->reject_peer_renegotiations = !!reject;
+  s->accept_peer_renegotiations = !reject;
 }

 const SSL_CIPHER *SSL_get_cipher_by_value(uint16_t value) {
--- a/ssl/test/bssl_shim.cc
+++ b/ssl/test/bssl_shim.cc
@ -660,8 +660,9 @@ static bool DoExchange(ScopedSSL_SESSION *out_session, SSL_CTX *ssl_ctx,
      !SSL_set_cipher_list(ssl.get(), config->cipher.c_str())) {
    return false;
  }
-  if (config->reject_peer_renegotiations) {
-    SSL_set_reject_peer_renegotiations(ssl.get(), 1);
+  if (!config->reject_peer_renegotiations) {
+    /* Renegotiations are disabled by default. */
+    SSL_set_reject_peer_renegotiations(ssl.get(), 0);
  }

  int sock = Connect(config->port);