|
 |
c4366c |
diff -up openssl-fips-0.9.8e/ssl/s3_srvr.c.sgc-dos openssl-fips-0.9.8e/ssl/s3_srvr.c
|
|
|
c4366c |
--- openssl-fips-0.9.8e/ssl/s3_srvr.c.sgc-dos 2012-03-19 17:42:34.490429863 +0100
|
|
|
c4366c |
+++ openssl-fips-0.9.8e/ssl/s3_srvr.c 2012-03-19 17:44:42.928114348 +0100
|
|
|
c4366c |
@@ -236,6 +236,7 @@ int ssl3_accept(SSL *s)
|
|
|
c4366c |
}
|
|
|
c4366c |
|
|
|
c4366c |
s->init_num=0;
|
|
|
c4366c |
+ s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE;
|
|
|
c4366c |
|
|
|
c4366c |
if (s->state != SSL_ST_RENEGOTIATE)
|
|
|
c4366c |
{
|
|
|
c4366c |
@@ -655,6 +656,13 @@ int ssl3_check_client_hello(SSL *s)
|
|
|
c4366c |
s->s3->tmp.reuse_message = 1;
|
|
|
c4366c |
if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)
|
|
|
c4366c |
{
|
|
|
c4366c |
+ /* We only allow the client to restart the handshake once per
|
|
|
c4366c |
+ * negotiation. */
|
|
|
c4366c |
+ if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE)
|
|
|
c4366c |
+ {
|
|
|
c4366c |
+ SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS);
|
|
|
c4366c |
+ return -1;
|
|
|
c4366c |
+ }
|
|
|
c4366c |
/* Throw away what we have done so far in the current handshake,
|
|
|
c4366c |
* which will now be aborted. (A full SSL_clear would be too much.)
|
|
|
c4366c |
* I hope that tmp.dh is the only thing that may need to be cleared
|
|
|
c4366c |
@@ -666,6 +674,7 @@ int ssl3_check_client_hello(SSL *s)
|
|
|
c4366c |
s->s3->tmp.dh = NULL;
|
|
|
c4366c |
}
|
|
|
c4366c |
#endif
|
|
|
c4366c |
+ s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE;
|
|
|
c4366c |
return 2;
|
|
|
c4366c |
}
|
|
|
c4366c |
return 1;
|
|
|
c4366c |
diff -up openssl-fips-0.9.8e/ssl/ssl3.h.sgc-dos openssl-fips-0.9.8e/ssl/ssl3.h
|
|
|
c4366c |
--- openssl-fips-0.9.8e/ssl/ssl3.h.sgc-dos 2012-03-19 17:42:34.465429341 +0100
|
|
|
c4366c |
+++ openssl-fips-0.9.8e/ssl/ssl3.h 2012-03-19 17:42:34.532430741 +0100
|
|
|
c4366c |
@@ -333,6 +333,17 @@ typedef struct ssl3_buffer_st
|
|
|
c4366c |
#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002
|
|
|
c4366c |
#define SSL3_FLAGS_POP_BUFFER 0x0004
|
|
|
c4366c |
#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
|
|
|
c4366c |
+
|
|
|
c4366c |
+/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
|
|
|
c4366c |
+ * restart a handshake because of MS SGC and so prevents us
|
|
|
c4366c |
+ * from restarting the handshake in a loop. It's reset on a
|
|
|
c4366c |
+ * renegotiation, so effectively limits the client to one restart
|
|
|
c4366c |
+ * per negotiation. This limits the possibility of a DDoS
|
|
|
c4366c |
+ * attack where the client handshakes in a loop using SGC to
|
|
|
c4366c |
+ * restart. Servers which permit renegotiation can still be
|
|
|
c4366c |
+ * effected, but we can't prevent that.
|
|
|
c4366c |
+ */
|
|
|
c4366c |
+#define SSL3_FLAGS_SGC_RESTART_DONE 0x0040
|
|
|
c4366c |
|
|
|
c4366c |
typedef struct ssl3_state_st
|
|
|
c4366c |
{
|
|
|
c4366c |
diff -up openssl-fips-0.9.8e/ssl/ssl_err.c.sgc-dos openssl-fips-0.9.8e/ssl/ssl_err.c
|
|
|
c4366c |
--- openssl-fips-0.9.8e/ssl/ssl_err.c.sgc-dos 2012-03-19 17:42:34.462429280 +0100
|
|
|
c4366c |
+++ openssl-fips-0.9.8e/ssl/ssl_err.c 2012-03-19 17:42:34.532430741 +0100
|
|
|
c4366c |
@@ -134,6 +134,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
|
|
|
c4366c |
{ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"},
|
|
|
c4366c |
{ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"},
|
|
|
c4366c |
{ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"},
|
|
|
c4366c |
+{ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO), "SSL3_CHECK_CLIENT_HELLO"},
|
|
|
c4366c |
{ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"},
|
|
|
c4366c |
{ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"},
|
|
|
c4366c |
{ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"},
|
|
|
c4366c |
@@ -361,6 +362,7 @@ static ERR_STRING_DATA SSL_str_reasons[]
|
|
|
c4366c |
{ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) ,"missing tmp rsa key"},
|
|
|
c4366c |
{ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) ,"missing tmp rsa pkey"},
|
|
|
c4366c |
{ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"},
|
|
|
c4366c |
+{ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS) ,"multiple sgc restarts"},
|
|
|
c4366c |
{ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET),"non sslv2 initial packet"},
|
|
|
c4366c |
{ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED),"no certificates returned"},
|
|
|
c4366c |
{ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED),"no certificate assigned"},
|
|
|
c4366c |
diff -up openssl-fips-0.9.8e/ssl/ssl.h.sgc-dos openssl-fips-0.9.8e/ssl/ssl.h
|
|
|
c4366c |
--- openssl-fips-0.9.8e/ssl/ssl.h.sgc-dos 2012-03-19 17:42:34.488429820 +0100
|
|
|
c4366c |
+++ openssl-fips-0.9.8e/ssl/ssl.h 2012-03-19 17:42:34.533430762 +0100
|
|
|
c4366c |
@@ -1634,6 +1634,7 @@ void ERR_load_SSL_strings(void);
|
|
|
c4366c |
#define SSL_F_SSL3_CALLBACK_CTRL 233
|
|
|
c4366c |
#define SSL_F_SSL3_CHANGE_CIPHER_STATE 129
|
|
|
c4366c |
#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130
|
|
|
c4366c |
+#define SSL_F_SSL3_CHECK_CLIENT_HELLO 293
|
|
|
c4366c |
#define SSL_F_SSL3_CLIENT_HELLO 131
|
|
|
c4366c |
#define SSL_F_SSL3_CONNECT 132
|
|
|
c4366c |
#define SSL_F_SSL3_CTRL 213
|
|
|
c4366c |
@@ -1858,6 +1859,7 @@ void ERR_load_SSL_strings(void);
|
|
|
c4366c |
#define SSL_R_MISSING_TMP_RSA_KEY 172
|
|
|
c4366c |
#define SSL_R_MISSING_TMP_RSA_PKEY 173
|
|
|
c4366c |
#define SSL_R_MISSING_VERIFY_MESSAGE 174
|
|
|
c4366c |
+#define SSL_R_MULTIPLE_SGC_RESTARTS 325
|
|
|
c4366c |
#define SSL_R_NON_SSLV2_INITIAL_PACKET 175
|
|
|
c4366c |
#define SSL_R_NO_CERTIFICATES_RETURNED 176
|
|
|
c4366c |
#define SSL_R_NO_CERTIFICATE_ASSIGNED 177
|