1 |
|
2 |
http://cvs.openssl.org/chngview?cn=21927 |
3 |
http://cvs.openssl.org/chngview?cn=21930 |
4 |
|
5 |
diff -Naurp openssl-1.0.0a/ssl/s3_srvr.c openssl-1.0.0a.oden/ssl/s3_srvr.c |
6 |
--- openssl-1.0.0a/ssl/s3_srvr.c 2012-01-09 14:49:57.000000000 +0000 |
7 |
+++ openssl-1.0.0a.oden/ssl/s3_srvr.c 2012-01-09 14:53:04.000000000 +0000 |
8 |
@@ -258,6 +258,7 @@ int ssl3_accept(SSL *s) |
9 |
} |
10 |
|
11 |
s->init_num=0; |
12 |
+ s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE; |
13 |
|
14 |
if (s->state != SSL_ST_RENEGOTIATE) |
15 |
{ |
16 |
@@ -755,6 +756,14 @@ int ssl3_check_client_hello(SSL *s) |
17 |
int ok; |
18 |
long n; |
19 |
|
20 |
+ /* We only allow the client to restart the handshake once per |
21 |
+ * negotiation. */ |
22 |
+ if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE) |
23 |
+ { |
24 |
+ SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS); |
25 |
+ return -1; |
26 |
+ } |
27 |
+ |
28 |
/* this function is called when we really expect a Certificate message, |
29 |
* so permit appropriate message length */ |
30 |
n=s->method->ssl_get_message(s, |
31 |
@@ -783,6 +792,7 @@ int ssl3_check_client_hello(SSL *s) |
32 |
s->s3->tmp.ecdh = NULL; |
33 |
} |
34 |
#endif |
35 |
+ s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE; |
36 |
return 2; |
37 |
} |
38 |
return 1; |
39 |
diff -Naurp openssl-1.0.0a/ssl/ssl.h openssl-1.0.0a.oden/ssl/ssl.h |
40 |
--- openssl-1.0.0a/ssl/ssl.h 2010-01-06 17:37:38.000000000 +0000 |
41 |
+++ openssl-1.0.0a.oden/ssl/ssl.h 2012-01-09 14:53:04.000000000 +0000 |
42 |
@@ -1882,6 +1882,7 @@ void ERR_load_SSL_strings(void); |
43 |
#define SSL_F_SSL3_CALLBACK_CTRL 233 |
44 |
#define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 |
45 |
#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 |
46 |
+#define SSL_F_SSL3_CHECK_CLIENT_HELLO 304 |
47 |
#define SSL_F_SSL3_CLIENT_HELLO 131 |
48 |
#define SSL_F_SSL3_CONNECT 132 |
49 |
#define SSL_F_SSL3_CTRL 213 |
50 |
@@ -2139,6 +2140,7 @@ void ERR_load_SSL_strings(void); |
51 |
#define SSL_R_MISSING_TMP_RSA_KEY 172 |
52 |
#define SSL_R_MISSING_TMP_RSA_PKEY 173 |
53 |
#define SSL_R_MISSING_VERIFY_MESSAGE 174 |
54 |
+#define SSL_R_MULTIPLE_SGC_RESTARTS 346 |
55 |
#define SSL_R_NON_SSLV2_INITIAL_PACKET 175 |
56 |
#define SSL_R_NO_CERTIFICATES_RETURNED 176 |
57 |
#define SSL_R_NO_CERTIFICATE_ASSIGNED 177 |
58 |
diff -Naurp openssl-1.0.0a/ssl/ssl3.h openssl-1.0.0a.oden/ssl/ssl3.h |
59 |
--- openssl-1.0.0a/ssl/ssl3.h 2010-01-06 17:37:38.000000000 +0000 |
60 |
+++ openssl-1.0.0a.oden/ssl/ssl3.h 2012-01-09 14:53:07.000000000 +0000 |
61 |
@@ -379,6 +379,17 @@ typedef struct ssl3_buffer_st |
62 |
#define SSL3_FLAGS_POP_BUFFER 0x0004 |
63 |
#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 |
64 |
#define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 |
65 |
+ |
66 |
+/* SSL3_FLAGS_SGC_RESTART_DONE is set when we |
67 |
+ * restart a handshake because of MS SGC and so prevents us |
68 |
+ * from restarting the handshake in a loop. It's reset on a |
69 |
+ * renegotiation, so effectively limits the client to one restart |
70 |
+ * per negotiation. This limits the possibility of a DDoS |
71 |
+ * attack where the client handshakes in a loop using SGC to |
72 |
+ * restart. Servers which permit renegotiation can still be |
73 |
+ * effected, but we can't prevent that. |
74 |
+ */ |
75 |
+#define SSL3_FLAGS_SGC_RESTART_DONE 0x0040 |
76 |
|
77 |
typedef struct ssl3_state_st |
78 |
{ |
79 |
diff -Naurp openssl-1.0.0a/ssl/ssl_err.c openssl-1.0.0a.oden/ssl/ssl_err.c |
80 |
--- openssl-1.0.0a/ssl/ssl_err.c 2010-01-06 17:37:38.000000000 +0000 |
81 |
+++ openssl-1.0.0a.oden/ssl/ssl_err.c 2012-01-09 14:53:04.000000000 +0000 |
82 |
@@ -137,6 +137,7 @@ static ERR_STRING_DATA SSL_str_functs[]= |
83 |
{ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"}, |
84 |
{ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"}, |
85 |
{ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"}, |
86 |
+{ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO), "SSL3_CHECK_CLIENT_HELLO"}, |
87 |
{ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"}, |
88 |
{ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"}, |
89 |
{ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"}, |
90 |
@@ -397,6 +398,7 @@ static ERR_STRING_DATA SSL_str_reasons[] |
91 |
{ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) ,"missing tmp rsa key"}, |
92 |
{ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) ,"missing tmp rsa pkey"}, |
93 |
{ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"}, |
94 |
+{ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS) ,"multiple sgc restarts"}, |
95 |
{ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET),"non sslv2 initial packet"}, |
96 |
{ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED),"no certificates returned"}, |
97 |
{ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED),"no certificate assigned"}, |