← Back to branch summary

~ubuntu-branches/ubuntu/karmic/openssl/karmic-security

« back to all changes in this revision

Viewing changes to ssl/s3_pkt.c

  • Committer: Bazaar Package Importer
  • Author(s): Marc Deslauriers
  • Date: 2010-08-12 08:32:19 UTC
  • Revision ID: james.westby@ubuntu.com-20100812083219-9srweutpnf7hiocm
Tags: 0.9.8g-16ubuntu3.2
https://launchpad.net/bugs/616759
* SECURITY UPDATE: TLS renegotiation flaw (LP: #616759)
  - apps/{s_cb,s_client,s_server}.c, doc/ssl/SSL_CTX_set_options.pod,
    ssl/{d1_both,d1_clnt,d1_srvr,s3_both,s3_clnt,s3_pkt,s3_srvr,ssl_err,
    ssl_lib,t1_lib,t1_reneg}.c, ssl/Makefile, ssl/{ssl3,ssl,ssl_locl,
    tls1}.h: backport rfc5746 support from openssl 0.9.8m.
  - CVE-2009-3555

Show diffs side-by-side

added added

removed removed

Lines of Context:
ssl/s3_pkt.c
1013
1013
                 * now try again to obtain the (application) data we were asked for */
1014
1014
                goto start;
1015
1015
                }
1016
 
 
 
1016
        /* If we are a server and get a client hello when renegotiation isn't
 
1017
         * allowed send back a no renegotiation alert and carry on.
 
1018
         * WARNING: experimental code, needs reviewing (steve)
 
1019
         */
 
1020
        if (s->server &&
 
1021
                SSL_is_init_finished(s) &&
 
1022
                !s->s3->send_connection_binding &&
 
1023
                (s->version > SSL3_VERSION) &&
 
1024
                (s->s3->handshake_fragment_len >= 4) &&
 
1025
                (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
 
1026
                (s->session != NULL) && (s->session->cipher != NULL) &&
 
1027
                !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
 
1028
                
 
1029
                {
 
1030
                /*s->s3->handshake_fragment_len = 0;*/
 
1031
                rr->length = 0;
 
1032
                ssl3_send_alert(s,SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
 
1033
                goto start;
 
1034
                }
1017
1035
        if (s->s3->alert_fragment_len >= 2)
1018
1036
                {
1019
1037
                int alert_level = s->s3->alert_fragment[0];
1043
1061
                                s->shutdown |= SSL_RECEIVED_SHUTDOWN;
1044
1062
                                return(0);
1045
1063
                                }
 
1064
                        /* This is a warning but we receive it if we requested
 
1065
                         * renegotiation and the peer denied it. Terminate with
 
1066
                         * a fatal alert because if application tried to
 
1067
                         * renegotiatie it presumably had a good reason and
 
1068
                         * expects it to succeed.
 
1069
                         *
 
1070
                         * In future we might have a renegotiation where we
 
1071
                         * don't care if the peer refused it where we carry on.
 
1072
                         */
 
1073
                        else if (alert_descr == SSL_AD_NO_RENEGOTIATION)
 
1074
                                {
 
1075
                                al = SSL_AD_HANDSHAKE_FAILURE;
 
1076
                                SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_NO_RENEGOTIATION);
 
1077
                                goto f_err;
 
1078
                                }
1046
1079
                        }
1047
1080
                else if (alert_level == 2) /* fatal */
1048
1081
                        {