This change makes the state machine more strict in terms of transaction
that are allowed. The benefit of this change are twofold:
- only allow renegotiations after pushed option handling is done,
to ensure that pushed options which might affect renegotiation
have been processed on both sides
This is a prerequisite for the upcoming secure renegotiation patch set
- avoids corner cases of a peer (or an attacker) trying to renegotiate the
session while the original session is not fully setup. Currently there
there are no problems known with this but it is better to avoid the
corner case in the first time.
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Heiko Hund <heiko@ist.eigentlich.net>
Message-Id: <
20220909195902.
2011798-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25162.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
ASSERT(session_id_defined(&session->session_id));
/* Should we trigger a soft reset? -- new key, keeps old key for a while */
- if (ks->state >= S_ACTIVE
+ if (ks->state >= S_GENERATED_KEYS
&& ((session->opt->renegotiate_seconds
&& now >= ks->established + session->opt->renegotiate_seconds)
|| (session->opt->renegotiate_bytes > 0
}
/*
- * Remote is requesting a key renegotiation
+ * Remote is requesting a key renegotiation. We only allow renegotiation
+ * when the previous session is fully established to avoid weird corner
+ * cases.
*/
- if (op == P_CONTROL_SOFT_RESET_V1 && TLS_AUTHENTICATED(multi, ks))
+ if (op == P_CONTROL_SOFT_RESET_V1 && ks->state >= S_GENERATED_KEYS)
{
if (!read_control_auth(buf, &session->tls_wrap, from,
session->opt))
projects / thirdparty / openvpn.git / commitdiff
