Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
d0dc991c
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
9 个月 前同步成功
通知
8
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
d0dc991c
编写于
1月 04, 2012
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)
上级
2ec0497f
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
25 addition
and
0 deletion
+25
-0
ssl/s3_srvr.c
ssl/s3_srvr.c
+10
-0
ssl/ssl.h
ssl/ssl.h
+2
-0
ssl/ssl3.h
ssl/ssl3.h
+11
-0
ssl/ssl_err.c
ssl/ssl_err.c
+2
-0
未找到文件。
ssl/s3_srvr.c
浏览文件 @
d0dc991c
...
...
@@ -297,6 +297,7 @@ int ssl3_accept(SSL *s)
}
s
->
init_num
=
0
;
s
->
s3
->
flags
&=
~
SSL3_FLAGS_SGC_RESTART_DONE
;
if
(
s
->
state
!=
SSL_ST_RENEGOTIATE
)
{
...
...
@@ -871,6 +872,14 @@ int ssl3_check_client_hello(SSL *s)
int
ok
;
long
n
;
/* We only allow the client to restart the handshake once per
* negotiation. */
if
(
s
->
s3
->
flags
&
SSL3_FLAGS_SGC_RESTART_DONE
)
{
SSLerr
(
SSL_F_SSL3_CHECK_CLIENT_HELLO
,
SSL_R_MULTIPLE_SGC_RESTARTS
);
return
-
1
;
}
/* this function is called when we really expect a Certificate message,
* so permit appropriate message length */
n
=
s
->
method
->
ssl_get_message
(
s
,
...
...
@@ -899,6 +908,7 @@ int ssl3_check_client_hello(SSL *s)
s
->
s3
->
tmp
.
ecdh
=
NULL
;
}
#endif
s
->
s3
->
flags
|=
SSL3_FLAGS_SGC_RESTART_DONE
;
return
2
;
}
return
1
;
...
...
ssl/ssl.h
浏览文件 @
d0dc991c
...
...
@@ -2133,6 +2133,7 @@ void ERR_load_SSL_strings(void);
#define SSL_F_SSL3_CALLBACK_CTRL 233
#define SSL_F_SSL3_CHANGE_CIPHER_STATE 129
#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130
#define SSL_F_SSL3_CHECK_CLIENT_HELLO 315
#define SSL_F_SSL3_CLIENT_HELLO 131
#define SSL_F_SSL3_CONNECT 132
#define SSL_F_SSL3_CTRL 213
...
...
@@ -2412,6 +2413,7 @@ void ERR_load_SSL_strings(void);
#define SSL_R_MISSING_TMP_RSA_KEY 172
#define SSL_R_MISSING_TMP_RSA_PKEY 173
#define SSL_R_MISSING_VERIFY_MESSAGE 174
#define SSL_R_MULTIPLE_SGC_RESTARTS 370
#define SSL_R_NON_SSLV2_INITIAL_PACKET 175
#define SSL_R_NO_CERTIFICATES_RETURNED 176
#define SSL_R_NO_CERTIFICATE_ASSIGNED 177
...
...
ssl/ssl3.h
浏览文件 @
d0dc991c
...
...
@@ -388,6 +388,17 @@ typedef struct ssl3_buffer_st
#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
#define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010
#define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020
/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
* restart a handshake because of MS SGC and so prevents us
* from restarting the handshake in a loop. It's reset on a
* renegotiation, so effectively limits the client to one restart
* per negotiation. This limits the possibility of a DDoS
* attack where the client handshakes in a loop using SGC to
* restart. Servers which permit renegotiation can still be
* effected, but we can't prevent that.
*/
#define SSL3_FLAGS_SGC_RESTART_DONE 0x0040
#ifndef OPENSSL_NO_SSL_INTERN
...
...
ssl/ssl_err.c
浏览文件 @
d0dc991c
...
...
@@ -138,6 +138,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
{
ERR_FUNC
(
SSL_F_SSL3_CALLBACK_CTRL
),
"SSL3_CALLBACK_CTRL"
},
{
ERR_FUNC
(
SSL_F_SSL3_CHANGE_CIPHER_STATE
),
"SSL3_CHANGE_CIPHER_STATE"
},
{
ERR_FUNC
(
SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM
),
"SSL3_CHECK_CERT_AND_ALGORITHM"
},
{
ERR_FUNC
(
SSL_F_SSL3_CHECK_CLIENT_HELLO
),
"SSL3_CHECK_CLIENT_HELLO"
},
{
ERR_FUNC
(
SSL_F_SSL3_CLIENT_HELLO
),
"SSL3_CLIENT_HELLO"
},
{
ERR_FUNC
(
SSL_F_SSL3_CONNECT
),
"SSL3_CONNECT"
},
{
ERR_FUNC
(
SSL_F_SSL3_CTRL
),
"SSL3_CTRL"
},
...
...
@@ -420,6 +421,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
{
ERR_REASON
(
SSL_R_MISSING_TMP_RSA_KEY
)
,
"missing tmp rsa key"
},
{
ERR_REASON
(
SSL_R_MISSING_TMP_RSA_PKEY
)
,
"missing tmp rsa pkey"
},
{
ERR_REASON
(
SSL_R_MISSING_VERIFY_MESSAGE
),
"missing verify message"
},
{
ERR_REASON
(
SSL_R_MULTIPLE_SGC_RESTARTS
)
,
"multiple sgc restarts"
},
{
ERR_REASON
(
SSL_R_NON_SSLV2_INITIAL_PACKET
),
"non sslv2 initial packet"
},
{
ERR_REASON
(
SSL_R_NO_CERTIFICATES_RETURNED
),
"no certificates returned"
},
{
ERR_REASON
(
SSL_R_NO_CERTIFICATE_ASSIGNED
),
"no certificate assigned"
},
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录