current/SOURCES/openssl-1.0.0a-CVE-2011-4619.diff


http://cvs.openssl.org/chngview?cn=21927
http://cvs.openssl.org/chngview?cn=21930

diff -Naurp openssl-1.0.0a/ssl/s3_srvr.c openssl-1.0.0a.oden/ssl/s3_srvr.c
--- openssl-1.0.0a/ssl/s3_srvr.c        2012-01-09 14:49:57.000000000 +0000
+++ openssl-1.0.0a.oden/ssl/s3_srvr.c   2012-01-09 14:53:04.000000000 +0000
@@ -258,6 +258,7 @@ int ssl3_accept(SSL *s)
                                }
 
                        s->init_num=0;
+                       s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE;
 
                        if (s->state != SSL_ST_RENEGOTIATE)
                                {
@@ -755,6 +756,14 @@ int ssl3_check_client_hello(SSL *s)
        int ok;
        long n;
 
+       /* We only allow the client to restart the handshake once per
+        * negotiation. */
+       if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE)
+               {
+               SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS);
+               return -1;
+               }
+
        /* this function is called when we really expect a Certificate message,
         * so permit appropriate message length */
        n=s->method->ssl_get_message(s,
@@ -783,6 +792,7 @@ int ssl3_check_client_hello(SSL *s)
                        s->s3->tmp.ecdh = NULL;
                        }
 #endif
+               s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE;
                return 2;
                }
        return 1;
diff -Naurp openssl-1.0.0a/ssl/ssl.h openssl-1.0.0a.oden/ssl/ssl.h
--- openssl-1.0.0a/ssl/ssl.h    2010-01-06 17:37:38.000000000 +0000
+++ openssl-1.0.0a.oden/ssl/ssl.h       2012-01-09 14:53:04.000000000 +0000
@@ -1882,6 +1882,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL3_CALLBACK_CTRL                        233
 #define SSL_F_SSL3_CHANGE_CIPHER_STATE                  129
 #define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM             130
+#define SSL_F_SSL3_CHECK_CLIENT_HELLO                   304
 #define SSL_F_SSL3_CLIENT_HELLO                                 131
 #define SSL_F_SSL3_CONNECT                              132
 #define SSL_F_SSL3_CTRL                                         213
@@ -2139,6 +2140,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_MISSING_TMP_RSA_KEY                       172
 #define SSL_R_MISSING_TMP_RSA_PKEY                      173
 #define SSL_R_MISSING_VERIFY_MESSAGE                    174
+#define SSL_R_MULTIPLE_SGC_RESTARTS                     346
 #define SSL_R_NON_SSLV2_INITIAL_PACKET                  175
 #define SSL_R_NO_CERTIFICATES_RETURNED                  176
 #define SSL_R_NO_CERTIFICATE_ASSIGNED                   177
diff -Naurp openssl-1.0.0a/ssl/ssl3.h openssl-1.0.0a.oden/ssl/ssl3.h
--- openssl-1.0.0a/ssl/ssl3.h   2010-01-06 17:37:38.000000000 +0000
+++ openssl-1.0.0a.oden/ssl/ssl3.h      2012-01-09 14:53:07.000000000 +0000
@@ -379,6 +379,17 @@ typedef struct ssl3_buffer_st
 #define SSL3_FLAGS_POP_BUFFER                  0x0004
 #define TLS1_FLAGS_TLS_PADDING_BUG             0x0008
 #define TLS1_FLAGS_SKIP_CERT_VERIFY            0x0010
+ 
+/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
+ * restart a handshake because of MS SGC and so prevents us
+ * from restarting the handshake in a loop. It's reset on a
+ * renegotiation, so effectively limits the client to one restart
+ * per negotiation. This limits the possibility of a DDoS
+ * attack where the client handshakes in a loop using SGC to
+ * restart. Servers which permit renegotiation can still be
+ * effected, but we can't prevent that.
+ */
+#define SSL3_FLAGS_SGC_RESTART_DONE            0x0040
 
 typedef struct ssl3_state_st
        {
diff -Naurp openssl-1.0.0a/ssl/ssl_err.c openssl-1.0.0a.oden/ssl/ssl_err.c
--- openssl-1.0.0a/ssl/ssl_err.c        2010-01-06 17:37:38.000000000 +0000
+++ openssl-1.0.0a.oden/ssl/ssl_err.c   2012-01-09 14:53:04.000000000 +0000
@@ -137,6 +137,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL),   "SSL3_CALLBACK_CTRL"},
 {ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE),     "SSL3_CHANGE_CIPHER_STATE"},
 {ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM),        "SSL3_CHECK_CERT_AND_ALGORITHM"},
+{ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO),      "SSL3_CHECK_CLIENT_HELLO"},
 {ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO),    "SSL3_CLIENT_HELLO"},
 {ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"},
 {ERR_FUNC(SSL_F_SSL3_CTRL),    "SSL3_CTRL"},
@@ -397,6 +398,7 @@ static ERR_STRING_DATA SSL_str_reasons[]
 {ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY)   ,"missing tmp rsa key"},
 {ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY)  ,"missing tmp rsa pkey"},
 {ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"},
+{ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS) ,"multiple sgc restarts"},
 {ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET),"non sslv2 initial packet"},
 {ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED),"no certificates returned"},
 {ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED),"no certificate assigned"},
1
2	http://cvs.openssl.org/chngview?cn=21927
3	http://cvs.openssl.org/chngview?cn=21930
4
5	diff -Naurp openssl-1.0.0a/ssl/s3_srvr.c openssl-1.0.0a.oden/ssl/s3_srvr.c
6	--- openssl-1.0.0a/ssl/s3_srvr.c 2012-01-09 14:49:57.000000000 +0000
7	+++ openssl-1.0.0a.oden/ssl/s3_srvr.c 2012-01-09 14:53:04.000000000 +0000
8	@@ -258,6 +258,7 @@ int ssl3_accept(SSL *s)
9	}
10
11	s->init_num=0;
12	+ s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE;
13
14	if (s->state != SSL_ST_RENEGOTIATE)
15	{
16	@@ -755,6 +756,14 @@ int ssl3_check_client_hello(SSL *s)
17	int ok;
18	long n;
19
20	+ /* We only allow the client to restart the handshake once per
21	+ * negotiation. */
22	+ if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE)
23	+ {
24	+ SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS);
25	+ return -1;
26	+ }
27	+
28	/* this function is called when we really expect a Certificate message,
29	* so permit appropriate message length */
30	n=s->method->ssl_get_message(s,
31	@@ -783,6 +792,7 @@ int ssl3_check_client_hello(SSL *s)
32	s->s3->tmp.ecdh = NULL;
33	}
34	#endif
35	+ s->s3->flags \|= SSL3_FLAGS_SGC_RESTART_DONE;
36	return 2;
37	}
38	return 1;
39	diff -Naurp openssl-1.0.0a/ssl/ssl.h openssl-1.0.0a.oden/ssl/ssl.h
40	--- openssl-1.0.0a/ssl/ssl.h 2010-01-06 17:37:38.000000000 +0000
41	+++ openssl-1.0.0a.oden/ssl/ssl.h 2012-01-09 14:53:04.000000000 +0000
42	@@ -1882,6 +1882,7 @@ void ERR_load_SSL_strings(void);
43	#define SSL_F_SSL3_CALLBACK_CTRL 233
44	#define SSL_F_SSL3_CHANGE_CIPHER_STATE 129
45	#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130
46	+#define SSL_F_SSL3_CHECK_CLIENT_HELLO 304
47	#define SSL_F_SSL3_CLIENT_HELLO 131
48	#define SSL_F_SSL3_CONNECT 132
49	#define SSL_F_SSL3_CTRL 213
50	@@ -2139,6 +2140,7 @@ void ERR_load_SSL_strings(void);
51	#define SSL_R_MISSING_TMP_RSA_KEY 172
52	#define SSL_R_MISSING_TMP_RSA_PKEY 173
53	#define SSL_R_MISSING_VERIFY_MESSAGE 174
54	+#define SSL_R_MULTIPLE_SGC_RESTARTS 346
55	#define SSL_R_NON_SSLV2_INITIAL_PACKET 175
56	#define SSL_R_NO_CERTIFICATES_RETURNED 176
57	#define SSL_R_NO_CERTIFICATE_ASSIGNED 177
58	diff -Naurp openssl-1.0.0a/ssl/ssl3.h openssl-1.0.0a.oden/ssl/ssl3.h
59	--- openssl-1.0.0a/ssl/ssl3.h 2010-01-06 17:37:38.000000000 +0000
60	+++ openssl-1.0.0a.oden/ssl/ssl3.h 2012-01-09 14:53:07.000000000 +0000
61	@@ -379,6 +379,17 @@ typedef struct ssl3_buffer_st
62	#define SSL3_FLAGS_POP_BUFFER 0x0004
63	#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
64	#define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010
65	+
66	+/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
67	+ * restart a handshake because of MS SGC and so prevents us
68	+ * from restarting the handshake in a loop. It's reset on a
69	+ * renegotiation, so effectively limits the client to one restart
70	+ * per negotiation. This limits the possibility of a DDoS
71	+ * attack where the client handshakes in a loop using SGC to
72	+ * restart. Servers which permit renegotiation can still be
73	+ * effected, but we can't prevent that.
74	+ */
75	+#define SSL3_FLAGS_SGC_RESTART_DONE 0x0040
76
77	typedef struct ssl3_state_st
78	{
79	diff -Naurp openssl-1.0.0a/ssl/ssl_err.c openssl-1.0.0a.oden/ssl/ssl_err.c
80	--- openssl-1.0.0a/ssl/ssl_err.c 2010-01-06 17:37:38.000000000 +0000
81	+++ openssl-1.0.0a.oden/ssl/ssl_err.c 2012-01-09 14:53:04.000000000 +0000
82	@@ -137,6 +137,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
83	{ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"},
84	{ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"},
85	{ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"},
86	+{ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO), "SSL3_CHECK_CLIENT_HELLO"},
87	{ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"},
88	{ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"},
89	{ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"},
90	@@ -397,6 +398,7 @@ static ERR_STRING_DATA SSL_str_reasons[]
91	{ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) ,"missing tmp rsa key"},
92	{ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) ,"missing tmp rsa pkey"},
93	{ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"},
94	+{ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS) ,"multiple sgc restarts"},
95	{ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET),"non sslv2 initial packet"},
96	{ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED),"no certificates returned"},
97	{ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED),"no certificate assigned"},