diff options
Diffstat (limited to 'openssl0.9.8/patches/CVE-2011-4619.patch')
| -rw-r--r-- | openssl0.9.8/patches/CVE-2011-4619.patch | 104 |
1 files changed, 104 insertions, 0 deletions
diff --git a/openssl0.9.8/patches/CVE-2011-4619.patch b/openssl0.9.8/patches/CVE-2011-4619.patch new file mode 100644 index 0000000..9e51777 --- /dev/null +++ b/openssl0.9.8/patches/CVE-2011-4619.patch @@ -0,0 +1,104 @@ +Index: openssl-0.9.8o/ssl/s3_srvr.c +=================================================================== +--- openssl-0.9.8o.orig/ssl/s3_srvr.c 2012-03-13 21:44:39.000000000 +0100 ++++ openssl-0.9.8o/ssl/s3_srvr.c 2012-03-13 21:44:42.000000000 +0100 +@@ -235,6 +235,7 @@ + } + + s->init_num=0; ++ s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE; + + if (s->state != SSL_ST_RENEGOTIATE) + { +@@ -709,6 +710,13 @@ + s->s3->tmp.reuse_message = 1; + if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO) + { ++ /* We only allow the client to restart the handshake once per ++ * negotiation. */ ++ if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE) ++ { ++ SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS); ++ return -1; ++ } + /* Throw away what we have done so far in the current handshake, + * which will now be aborted. (A full SSL_clear would be too much.) */ + #ifndef OPENSSL_NO_DH +@@ -725,6 +733,7 @@ + s->s3->tmp.ecdh = NULL; + } + #endif ++ s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE; + return 2; + } + return 1; +Index: openssl-0.9.8o/ssl/ssl.h +=================================================================== +--- openssl-0.9.8o.orig/ssl/ssl.h 2012-03-13 21:44:39.000000000 +0100 ++++ openssl-0.9.8o/ssl/ssl.h 2012-03-13 21:44:42.000000000 +0100 +@@ -1739,6 +1739,7 @@ + #define SSL_F_SSL3_CALLBACK_CTRL 233 + #define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 + #define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 ++#define SSL_F_SSL3_CHECK_CLIENT_HELLO 292 + #define SSL_F_SSL3_CLIENT_HELLO 131 + #define SSL_F_SSL3_CONNECT 132 + #define SSL_F_SSL3_CTRL 213 +@@ -1974,6 +1975,7 @@ + #define SSL_R_MISSING_TMP_RSA_KEY 172 + #define SSL_R_MISSING_TMP_RSA_PKEY 173 + #define SSL_R_MISSING_VERIFY_MESSAGE 174 ++#define SSL_R_MULTIPLE_SGC_RESTARTS 325 + #define SSL_R_NON_SSLV2_INITIAL_PACKET 175 + #define SSL_R_NO_CERTIFICATES_RETURNED 176 + #define SSL_R_NO_CERTIFICATE_ASSIGNED 177 +Index: openssl-0.9.8o/ssl/ssl3.h +=================================================================== +--- openssl-0.9.8o.orig/ssl/ssl3.h 2012-03-13 21:44:39.000000000 +0100 ++++ openssl-0.9.8o/ssl/ssl3.h 2012-03-13 21:44:42.000000000 +0100 +@@ -333,6 +333,17 @@ + #define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 + #define SSL3_FLAGS_POP_BUFFER 0x0004 + #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 ++ ++/* SSL3_FLAGS_SGC_RESTART_DONE is set when we ++ * restart a handshake because of MS SGC and so prevents us ++ * from restarting the handshake in a loop. It's reset on a ++ * renegotiation, so effectively limits the client to one restart ++ * per negotiation. This limits the possibility of a DDoS ++ * attack where the client handshakes in a loop using SGC to ++ * restart. Servers which permit renegotiation can still be ++ * effected, but we can't prevent that. ++ */ ++#define SSL3_FLAGS_SGC_RESTART_DONE 0x0040 + + typedef struct ssl3_state_st + { +Index: openssl-0.9.8o/ssl/ssl_err.c +=================================================================== +--- openssl-0.9.8o.orig/ssl/ssl_err.c 2012-03-13 21:44:39.000000000 +0100 ++++ openssl-0.9.8o/ssl/ssl_err.c 2012-03-13 21:44:42.000000000 +0100 +@@ -1,6 +1,6 @@ + /* ssl/ssl_err.c */ + /* ==================================================================== +- * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -137,6 +137,7 @@ + {ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"}, + {ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"}, + {ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"}, ++{ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO), "SSL3_CHECK_CLIENT_HELLO"}, + {ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"}, + {ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"}, + {ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"}, +@@ -375,6 +376,7 @@ + {ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) ,"missing tmp rsa key"}, + {ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) ,"missing tmp rsa pkey"}, + {ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"}, ++{ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS) ,"multiple sgc restarts"}, + {ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET),"non sslv2 initial packet"}, + {ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED),"no certificates returned"}, + {ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED),"no certificate assigned"}, |