-/* $OpenBSD: d1_srvr.c,v 1.54 2015/06/18 22:30:47 doug Exp $ */
+/* $OpenBSD: d1_srvr.c,v 1.55 2015/06/18 22:51:05 doug Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
case SSL3_ST_SR_CERT_A:
case SSL3_ST_SR_CERT_B:
- /* Check for second client hello (MS SGC) */
- ret = ssl3_check_client_hello(s);
- if (ret <= 0)
- goto end;
- if (ret == 2) {
- dtls1_stop_timer(s);
- s->state = SSL3_ST_SR_CLNT_HELLO_C;
- } else {
- if (s->s3->tmp.cert_request) {
- ret = ssl3_get_client_certificate(s);
- if (ret <= 0)
- goto end;
- }
- s->init_num = 0;
- s->state = SSL3_ST_SR_KEY_EXCH_A;
+ if (s->s3->tmp.cert_request) {
+ ret = ssl3_get_client_certificate(s);
+ if (ret <= 0)
+ goto end;
}
+ s->init_num = 0;
+ s->state = SSL3_ST_SR_KEY_EXCH_A;
break;
case SSL3_ST_SR_KEY_EXCH_A:
.\"
-.\" $OpenBSD: BIO_f_ssl.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
+.\" $OpenBSD: BIO_f_ssl.3,v 1.3 2015/06/18 22:51:05 doug Exp $
.\"
-.Dd $Mdocdate: December 2 2014 $
+.Dd $Mdocdate: June 18 2015 $
.Dt BIO_F_SSL 3
.Os
.Sh NAME
Specifically this will happen if a session renegotiation takes place during a
.Xr BIO_read 3
operation.
-One case where this happens is when SGC or step up occurs.
+One case where this happens is when step up occurs.
.Pp
In OpenSSL 0.9.6 and later the SSL flag
.Dv SSL_AUTO_RETRY
.\"
-.\" $OpenBSD: SSL_accept.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
+.\" $OpenBSD: SSL_accept.3,v 1.3 2015/06/18 22:51:05 doug Exp $
.\"
-.Dd $Mdocdate: December 2 2014 $
+.Dd $Mdocdate: June 18 2015 $
.Dt SSL_ACCEPT 3
.Os
.Sh NAME
is
.Em blocking ,
.Fn SSL_accept
-will only return once the handshake has been finished or an error occurred,
-except for SGC (Server Gated Cryptography).
-For SGC,
-.Fn SSL_accept
-may return with \(mi1, but
-.Fn SSL_get_error
-will yield
-.Dv SSL_ERROR_WANT_READ/WRITE
-and
-.Fn SSL_accept
-should be called again.
+will only return once the handshake has been finished or an error occurred.
.Pp
If the underlying
.Vt BIO
.\"
-.\" $OpenBSD: SSL_do_handshake.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
+.\" $OpenBSD: SSL_do_handshake.3,v 1.3 2015/06/18 22:51:05 doug Exp $
.\"
-.Dd $Mdocdate: December 2 2014 $
+.Dd $Mdocdate: June 18 2015 $
.Dt SSL_DO_HANDSHAKE 3
.Os
.Sh NAME
is
.Em blocking ,
.Fn SSL_do_handshake
-will only return once the handshake has been finished or an error occurred,
-except for SGC (Server Gated Cryptography).
-For SGC,
-.Fn SSL_do_handshake
-may return with \(mi1, but
-.Xr SSL_get_error 3
-will yield
-.Dv SSL_ERROR_WANT_READ
-or
-.Dv SSL_ERROR_WANT_WRITE
-and
-.Fn SSL_do_handshake
-should be called again.
+will only return once the handshake has been finished or an error occurred.
.Pp
If the underlying
.Vt BIO
-/* $OpenBSD: s3_both.c,v 1.38 2015/03/27 12:29:54 jsing Exp $ */
+/* $OpenBSD: s3_both.c,v 1.39 2015/06/18 22:51:05 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
goto f_err;
}
- if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) &&
- (st1 == SSL3_ST_SR_CERT_A) && (stn == SSL3_ST_SR_CERT_B)) {
- /* At this point we have got an MS SGC second client
- * hello (maybe we should always allow the client to
- * start a new handshake?). We need to restart the mac.
- * Don't increment {num,total}_renegotiations because
- * we have not completed the handshake. */
- if (!ssl3_init_finished_mac(s)) {
- SSLerr(SSL_F_SSL3_GET_MESSAGE,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
- }
-
s->s3->tmp.message_type= *(p++);
n2l3(p, l);
-/* $OpenBSD: s3_srvr.c,v 1.107 2015/06/17 07:29:33 doug Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.108 2015/06/18 22:51:05 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
}
s->init_num = 0;
- s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE;
if (s->state != SSL_ST_RENEGOTIATE) {
/*
case SSL3_ST_SR_CERT_A:
case SSL3_ST_SR_CERT_B:
- /* Check for second client hello (MS SGC) */
- ret = ssl3_check_client_hello(s);
- if (ret <= 0)
- goto end;
- if (ret == 2)
- s->state = SSL3_ST_SR_CLNT_HELLO_C;
- else {
- if (s->s3->tmp.cert_request) {
- ret = ssl3_get_client_certificate(s);
- if (ret <= 0)
- goto end;
- }
- s->init_num = 0;
- s->state = SSL3_ST_SR_KEY_EXCH_A;
+ if (s->s3->tmp.cert_request) {
+ ret = ssl3_get_client_certificate(s);
+ if (ret <= 0)
+ goto end;
}
+ s->init_num = 0;
+ s->state = SSL3_ST_SR_KEY_EXCH_A;
break;
case SSL3_ST_SR_KEY_EXCH_A:
return (ssl3_handshake_write(s));
}
-int
-ssl3_check_client_hello(SSL *s)
-{
- int ok;
- long n;
-
- /*
- * This function is called when we really expect a Certificate message,
- * so permit appropriate message length
- */
- n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_A,
- SSL3_ST_SR_CERT_B, -1, s->max_cert_list, &ok);
- if (!ok)
- return ((int)n);
- s->s3->tmp.reuse_message = 1;
- if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO) {
- /*
- * We only allow the client to restart the handshake once per
- * negotiation.
- */
- if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE) {
- SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO,
- SSL_R_MULTIPLE_SGC_RESTARTS);
- return (-1);
- }
- /*
- * Throw away what we have done so far in the current handshake,
- * which will now be aborted. (A full SSL_clear would be too
- * much.)
- */
- DH_free(s->s3->tmp.dh);
- s->s3->tmp.dh = NULL;
- EC_KEY_free(s->s3->tmp.ecdh);
- s->s3->tmp.ecdh = NULL;
- s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE;
- return (2);
- }
- return (1);
-}
-
int
ssl3_get_client_hello(SSL *s)
{
.\"
-.\" $OpenBSD: BIO_f_ssl.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
+.\" $OpenBSD: BIO_f_ssl.3,v 1.3 2015/06/18 22:51:05 doug Exp $
.\"
-.Dd $Mdocdate: December 2 2014 $
+.Dd $Mdocdate: June 18 2015 $
.Dt BIO_F_SSL 3
.Os
.Sh NAME
Specifically this will happen if a session renegotiation takes place during a
.Xr BIO_read 3
operation.
-One case where this happens is when SGC or step up occurs.
+One case where this happens is when step up occurs.
.Pp
In OpenSSL 0.9.6 and later the SSL flag
.Dv SSL_AUTO_RETRY
.\"
-.\" $OpenBSD: SSL_accept.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
+.\" $OpenBSD: SSL_accept.3,v 1.3 2015/06/18 22:51:05 doug Exp $
.\"
-.Dd $Mdocdate: December 2 2014 $
+.Dd $Mdocdate: June 18 2015 $
.Dt SSL_ACCEPT 3
.Os
.Sh NAME
is
.Em blocking ,
.Fn SSL_accept
-will only return once the handshake has been finished or an error occurred,
-except for SGC (Server Gated Cryptography).
-For SGC,
-.Fn SSL_accept
-may return with \(mi1, but
-.Fn SSL_get_error
-will yield
-.Dv SSL_ERROR_WANT_READ/WRITE
-and
-.Fn SSL_accept
-should be called again.
+will only return once the handshake has been finished or an error occurred.
.Pp
If the underlying
.Vt BIO
.\"
-.\" $OpenBSD: SSL_do_handshake.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
+.\" $OpenBSD: SSL_do_handshake.3,v 1.3 2015/06/18 22:51:05 doug Exp $
.\"
-.Dd $Mdocdate: December 2 2014 $
+.Dd $Mdocdate: June 18 2015 $
.Dt SSL_DO_HANDSHAKE 3
.Os
.Sh NAME
is
.Em blocking ,
.Fn SSL_do_handshake
-will only return once the handshake has been finished or an error occurred,
-except for SGC (Server Gated Cryptography).
-For SGC,
-.Fn SSL_do_handshake
-may return with \(mi1, but
-.Xr SSL_get_error 3
-will yield
-.Dv SSL_ERROR_WANT_READ
-or
-.Dv SSL_ERROR_WANT_WRITE
-and
-.Fn SSL_do_handshake
-should be called again.
+will only return once the handshake has been finished or an error occurred.
.Pp
If the underlying
.Vt BIO
-/* $OpenBSD: d1_srvr.c,v 1.54 2015/06/18 22:30:47 doug Exp $ */
+/* $OpenBSD: d1_srvr.c,v 1.55 2015/06/18 22:51:05 doug Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
case SSL3_ST_SR_CERT_A:
case SSL3_ST_SR_CERT_B:
- /* Check for second client hello (MS SGC) */
- ret = ssl3_check_client_hello(s);
- if (ret <= 0)
- goto end;
- if (ret == 2) {
- dtls1_stop_timer(s);
- s->state = SSL3_ST_SR_CLNT_HELLO_C;
- } else {
- if (s->s3->tmp.cert_request) {
- ret = ssl3_get_client_certificate(s);
- if (ret <= 0)
- goto end;
- }
- s->init_num = 0;
- s->state = SSL3_ST_SR_KEY_EXCH_A;
+ if (s->s3->tmp.cert_request) {
+ ret = ssl3_get_client_certificate(s);
+ if (ret <= 0)
+ goto end;
}
+ s->init_num = 0;
+ s->state = SSL3_ST_SR_KEY_EXCH_A;
break;
case SSL3_ST_SR_KEY_EXCH_A:
-/* $OpenBSD: s3_both.c,v 1.38 2015/03/27 12:29:54 jsing Exp $ */
+/* $OpenBSD: s3_both.c,v 1.39 2015/06/18 22:51:05 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
goto f_err;
}
- if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) &&
- (st1 == SSL3_ST_SR_CERT_A) && (stn == SSL3_ST_SR_CERT_B)) {
- /* At this point we have got an MS SGC second client
- * hello (maybe we should always allow the client to
- * start a new handshake?). We need to restart the mac.
- * Don't increment {num,total}_renegotiations because
- * we have not completed the handshake. */
- if (!ssl3_init_finished_mac(s)) {
- SSLerr(SSL_F_SSL3_GET_MESSAGE,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
- }
-
s->s3->tmp.message_type= *(p++);
n2l3(p, l);
-/* $OpenBSD: s3_srvr.c,v 1.107 2015/06/17 07:29:33 doug Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.108 2015/06/18 22:51:05 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
}
s->init_num = 0;
- s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE;
if (s->state != SSL_ST_RENEGOTIATE) {
/*
case SSL3_ST_SR_CERT_A:
case SSL3_ST_SR_CERT_B:
- /* Check for second client hello (MS SGC) */
- ret = ssl3_check_client_hello(s);
- if (ret <= 0)
- goto end;
- if (ret == 2)
- s->state = SSL3_ST_SR_CLNT_HELLO_C;
- else {
- if (s->s3->tmp.cert_request) {
- ret = ssl3_get_client_certificate(s);
- if (ret <= 0)
- goto end;
- }
- s->init_num = 0;
- s->state = SSL3_ST_SR_KEY_EXCH_A;
+ if (s->s3->tmp.cert_request) {
+ ret = ssl3_get_client_certificate(s);
+ if (ret <= 0)
+ goto end;
}
+ s->init_num = 0;
+ s->state = SSL3_ST_SR_KEY_EXCH_A;
break;
case SSL3_ST_SR_KEY_EXCH_A:
return (ssl3_handshake_write(s));
}
-int
-ssl3_check_client_hello(SSL *s)
-{
- int ok;
- long n;
-
- /*
- * This function is called when we really expect a Certificate message,
- * so permit appropriate message length
- */
- n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_A,
- SSL3_ST_SR_CERT_B, -1, s->max_cert_list, &ok);
- if (!ok)
- return ((int)n);
- s->s3->tmp.reuse_message = 1;
- if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO) {
- /*
- * We only allow the client to restart the handshake once per
- * negotiation.
- */
- if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE) {
- SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO,
- SSL_R_MULTIPLE_SGC_RESTARTS);
- return (-1);
- }
- /*
- * Throw away what we have done so far in the current handshake,
- * which will now be aborted. (A full SSL_clear would be too
- * much.)
- */
- DH_free(s->s3->tmp.dh);
- s->s3->tmp.dh = NULL;
- EC_KEY_free(s->s3->tmp.ecdh);
- s->s3->tmp.ecdh = NULL;
- s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE;
- return (2);
- }
- return (1);
-}
-
int
ssl3_get_client_hello(SSL *s)
{
-/* $OpenBSD: ssl3.h,v 1.36 2015/02/22 15:54:27 jsing Exp $ */
+/* $OpenBSD: ssl3.h,v 1.37 2015/06/18 22:51:05 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
#define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020
#define SSL3_FLAGS_CCS_OK 0x0080
-/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
- * restart a handshake because of MS SGC and so prevents us
- * from restarting the handshake in a loop. It's reset on a
- * renegotiation, so effectively limits the client to one restart
- * per negotiation. This limits the possibility of a DDoS
- * attack where the client handshakes in a loop using SGC to
- * restart. Servers which permit renegotiation can still be
- * effected, but we can't prevent that.
- */
-#define SSL3_FLAGS_SGC_RESTART_DONE 0x0040
-
#ifndef OPENSSL_NO_SSL_INTERN
typedef struct ssl3_state_st {
-/* $OpenBSD: ssl_locl.h,v 1.90 2015/04/15 16:25:43 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.91 2015/06/18 22:51:05 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
int ssl3_send_server_key_exchange(SSL *s);
int ssl3_send_certificate_request(SSL *s);
int ssl3_send_server_done(SSL *s);
-int ssl3_check_client_hello(SSL *s);
int ssl3_get_client_certificate(SSL *s);
int ssl3_get_client_key_exchange(SSL *s);
int ssl3_get_cert_verify(SSL *s);
-/* $OpenBSD: ssl3.h,v 1.36 2015/02/22 15:54:27 jsing Exp $ */
+/* $OpenBSD: ssl3.h,v 1.37 2015/06/18 22:51:05 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
#define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020
#define SSL3_FLAGS_CCS_OK 0x0080
-/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
- * restart a handshake because of MS SGC and so prevents us
- * from restarting the handshake in a loop. It's reset on a
- * renegotiation, so effectively limits the client to one restart
- * per negotiation. This limits the possibility of a DDoS
- * attack where the client handshakes in a loop using SGC to
- * restart. Servers which permit renegotiation can still be
- * effected, but we can't prevent that.
- */
-#define SSL3_FLAGS_SGC_RESTART_DONE 0x0040
-
#ifndef OPENSSL_NO_SSL_INTERN
typedef struct ssl3_state_st {
-/* $OpenBSD: ssl_locl.h,v 1.90 2015/04/15 16:25:43 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.91 2015/06/18 22:51:05 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
int ssl3_send_server_key_exchange(SSL *s);
int ssl3_send_certificate_request(SSL *s);
int ssl3_send_server_done(SSL *s);
-int ssl3_check_client_hello(SSL *s);
int ssl3_get_client_certificate(SSL *s);
int ssl3_get_client_key_exchange(SSL *s);
int ssl3_get_cert_verify(SSL *s);
projects / openbsd / commitdiff