Make renegotiation a compile-time option
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 01b0aca..2017abe 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -431,11 +431,29 @@
{
int ret;
- if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
+#if defined(POLARSSL_SSL_RENEGOTIATION)
+ if( ssl->renegotiation != SSL_INITIAL_HANDSHAKE )
+ {
+ /* Check verify-data in constant-time. The length OTOH is no secret */
+ if( len != 1 + ssl->verify_data_len ||
+ buf[0] != ssl->verify_data_len ||
+ safer_memcmp( buf + 1, ssl->peer_verify_data,
+ ssl->verify_data_len ) != 0 )
+ {
+ SSL_DEBUG_MSG( 1, ( "non-matching renegotiation info" ) );
+
+ if( ( ret = ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
+ return( ret );
+
+ return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+ }
+ else
+#endif /* POLARSSL_SSL_RENEGOTIATION */
{
if( len != 1 || buf[0] != 0x0 )
{
- SSL_DEBUG_MSG( 1, ( "non-zero length renegotiated connection field" ) );
+ SSL_DEBUG_MSG( 1, ( "non-zero length renegotiation info" ) );
if( ( ret = ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
return( ret );
@@ -445,22 +463,6 @@
ssl->secure_renegotiation = SSL_SECURE_RENEGOTIATION;
}
- else
- {
- /* Check verify-data in constant-time. The length OTOH is no secret */
- if( len != 1 + ssl->verify_data_len ||
- buf[0] != ssl->verify_data_len ||
- safer_memcmp( buf + 1, ssl->peer_verify_data,
- ssl->verify_data_len ) != 0 )
- {
- SSL_DEBUG_MSG( 1, ( "non-matching renegotiated connection field" ) );
-
- if( ( ret = ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
- return( ret );
-
- return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
- }
- }
return( 0 );
}
@@ -653,11 +655,13 @@
if( len == 0 )
return( 0 );
+#if defined(POLARSSL_SSL_RENEGOTIATION)
if( ssl->renegotiation != SSL_INITIAL_HANDSHAKE )
{
SSL_DEBUG_MSG( 3, ( "ticket rejected: renegotiating" ) );
return( 0 );
}
+#endif /* POLARSSL_SSL_RENEGOTIATION */
/*
* Failures are ok: just ignore the ticket and proceed.
@@ -893,6 +897,7 @@
SSL_DEBUG_MSG( 2, ( "=> parse client hello v2" ) );
+#if defined(POLARSSL_SSL_RENEGOTIATION)
if( ssl->renegotiation != SSL_INITIAL_HANDSHAKE )
{
SSL_DEBUG_MSG( 1, ( "client hello v2 illegal for renegotiation" ) );
@@ -902,6 +907,7 @@
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
}
+#endif /* POLARSSL_SSL_RENEGOTIATION */
buf = ssl->in_hdr;
@@ -1038,15 +1044,18 @@
if( p[0] == 0 && p[1] == 0 && p[2] == SSL_EMPTY_RENEGOTIATION_INFO )
{
SSL_DEBUG_MSG( 3, ( "received TLS_EMPTY_RENEGOTIATION_INFO " ) );
+#if defined(POLARSSL_SSL_RENEGOTIATION)
if( ssl->renegotiation == SSL_RENEGOTIATION )
{
- SSL_DEBUG_MSG( 1, ( "received RENEGOTIATION SCSV during renegotiation" ) );
+ SSL_DEBUG_MSG( 1, ( "received RENEGOTIATION SCSV "
+ "during renegotiation" ) );
if( ( ret = ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
return( ret );
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
}
+#endif /* POLARSSL_SSL_RENEGOTIATION */
ssl->secure_renegotiation = SSL_SECURE_RENEGOTIATION;
break;
}
@@ -1126,8 +1135,10 @@
SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) );
- if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE &&
- ( ret = ssl_fetch_input( ssl, 5 ) ) != 0 )
+#if defined(POLARSSL_SSL_RENEGOTIATION)
+ if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
+#endif
+ if( ( ret = ssl_fetch_input( ssl, 5 ) ) != 0 )
{
SSL_DEBUG_RET( 1, "ssl_fetch_input", ret );
return( ret );
@@ -1177,18 +1188,22 @@
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
}
- if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE &&
- ( ret = ssl_fetch_input( ssl, 5 + n ) ) != 0 )
+#if defined(POLARSSL_SSL_RENEGOTIATION)
+ if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
+#endif
+ if( ( ret = ssl_fetch_input( ssl, 5 + n ) ) != 0 )
{
SSL_DEBUG_RET( 1, "ssl_fetch_input", ret );
return( ret );
}
buf = ssl->in_msg;
- if( !ssl->renegotiation )
- n = ssl->in_left - 5;
- else
+#if defined(POLARSSL_SSL_RENEGOTIATION)
+ if( ssl->renegotiation != SSL_INITIAL_HANDSHAKE )
n = ssl->in_msglen;
+ else
+#endif
+ n = ssl->in_left - 5;
ssl->handshake->update_checksum( ssl, buf, n );
@@ -1351,6 +1366,7 @@
if( p[0] == 0 && p[1] == SSL_EMPTY_RENEGOTIATION_INFO )
{
SSL_DEBUG_MSG( 3, ( "received TLS_EMPTY_RENEGOTIATION_INFO " ) );
+#if defined(POLARSSL_SSL_RENEGOTIATION)
if( ssl->renegotiation == SSL_RENEGOTIATION )
{
SSL_DEBUG_MSG( 1, ( "received RENEGOTIATION SCSV during renegotiation" ) );
@@ -1360,7 +1376,9 @@
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
}
+#endif /* POLARSSL_SSL_RENEGOTIATION */
ssl->secure_renegotiation = SSL_SECURE_RENEGOTIATION;
+ renegotiation_info_seen = 1;
break;
}
}
@@ -1405,8 +1423,10 @@
#if defined(POLARSSL_SSL_PROTO_TLS1_2)
case TLS_EXT_SIG_ALG:
SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) );
+#if defined(POLARSSL_SSL_RENEGOTIATION)
if( ssl->renegotiation == SSL_RENEGOTIATION )
break;
+#endif
ret = ssl_parse_signature_algorithms_ext( ssl, ext + 4, ext_size );
if( ret != 0 )
@@ -1491,12 +1511,13 @@
/*
* Renegotiation security checks
*/
- if( ssl->secure_renegotiation == SSL_LEGACY_RENEGOTIATION &&
+ if( ssl->secure_renegotiation != SSL_SECURE_RENEGOTIATION &&
ssl->allow_legacy_renegotiation == SSL_LEGACY_BREAK_HANDSHAKE )
{
SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) );
handshake_failure = 1;
}
+#if defined(POLARSSL_SSL_RENEGOTIATION)
else if( ssl->renegotiation == SSL_RENEGOTIATION &&
ssl->secure_renegotiation == SSL_SECURE_RENEGOTIATION &&
renegotiation_info_seen == 0 )
@@ -1518,6 +1539,7 @@
SSL_DEBUG_MSG( 1, ( "renegotiation_info extension present (legacy)" ) );
handshake_failure = 1;
}
+#endif /* POLARSSL_SSL_RENEGOTIATION */
if( handshake_failure == 1 )
{
@@ -1644,16 +1666,29 @@
*p++ = (unsigned char)( ( TLS_EXT_RENEGOTIATION_INFO >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( TLS_EXT_RENEGOTIATION_INFO ) & 0xFF );
- *p++ = 0x00;
- *p++ = ( ssl->verify_data_len * 2 + 1 ) & 0xFF;
- *p++ = ssl->verify_data_len * 2 & 0xFF;
+#if defined(POLARSSL_SSL_RENEGOTIATION)
+ if( ssl->renegotiation != SSL_INITIAL_HANDSHAKE )
+ {
+ *p++ = 0x00;
+ *p++ = ( ssl->verify_data_len * 2 + 1 ) & 0xFF;
+ *p++ = ssl->verify_data_len * 2 & 0xFF;
- memcpy( p, ssl->peer_verify_data, ssl->verify_data_len );
- p += ssl->verify_data_len;
- memcpy( p, ssl->own_verify_data, ssl->verify_data_len );
- p += ssl->verify_data_len;
+ memcpy( p, ssl->peer_verify_data, ssl->verify_data_len );
+ p += ssl->verify_data_len;
+ memcpy( p, ssl->own_verify_data, ssl->verify_data_len );
+ p += ssl->verify_data_len;
- *olen = 5 + ssl->verify_data_len * 2;
+ *olen = 5 + ssl->verify_data_len * 2;
+ }
+ else
+#endif /* POLARSSL_SSL_RENEGOTIATION */
+ {
+ *p++ = 0x00;
+ *p++ = 0x01;
+ *p++ = 0x00;
+
+ *olen = 5;
+ }
}
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
@@ -1812,7 +1847,9 @@
* If not, try looking up session ID in our cache.
*/
if( ssl->handshake->resume == 0 &&
+#if defined(POLARSSL_SSL_RENEGOTIATION)
ssl->renegotiation == SSL_INITIAL_HANDSHAKE &&
+#endif
ssl->session_negotiate->length != 0 &&
ssl->f_get_cache != NULL &&
ssl->f_get_cache( ssl->p_get_cache, ssl->session_negotiate ) == 0 )