Skip to content

O
openssl

btwise / openssl

通知 1
Star 0
Fork 0
O
openssl

体验新版 GitCode,发现更多精彩内容 >>

提交 b3720c34 编写于 作者: D Dr. Stephen Henson
浏览文件
操作

oops, revert wrong patch

上级 5733919d
隐藏空白更改
内联 并排
Showing with 0 addition and 25 deletion
ssl/s3_srvr.c
浏览文件 @ b3720c34
...@@ -297,7 +297,6 @@ int ssl3_accept(SSL *s) ...@@ -297,7 +297,6 @@ int ssl3_accept(SSL *s)
} }
s->init_num=0; s->init_num=0;
s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE;
if (s->state != SSL_ST_RENEGOTIATE) if (s->state != SSL_ST_RENEGOTIATE)
{ {
...@@ -872,14 +871,6 @@ int ssl3_check_client_hello(SSL *s) ...@@ -872,14 +871,6 @@ int ssl3_check_client_hello(SSL *s)
int ok; int ok;
long n; long n;
/* We only allow the client to restart the handshake once per
* negotiation. */
if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE)
{
SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS);
return -1;
}
/* this function is called when we really expect a Certificate message, /* this function is called when we really expect a Certificate message,
* so permit appropriate message length */ * so permit appropriate message length */
n=s->method->ssl_get_message(s, n=s->method->ssl_get_message(s,
...@@ -908,7 +899,6 @@ int ssl3_check_client_hello(SSL *s) ...@@ -908,7 +899,6 @@ int ssl3_check_client_hello(SSL *s)
s->s3->tmp.ecdh = NULL; s->s3->tmp.ecdh = NULL;
} }
#endif #endif
s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE;
return 2; return 2;
} }
return 1; return 1;
......
ssl/ssl.h
浏览文件 @ b3720c34
...@@ -2133,7 +2133,6 @@ void ERR_load_SSL_strings(void); ...@@ -2133,7 +2133,6 @@ void ERR_load_SSL_strings(void);
#define SSL_F_SSL3_CALLBACK_CTRL 233 #define SSL_F_SSL3_CALLBACK_CTRL 233
#define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 #define SSL_F_SSL3_CHANGE_CIPHER_STATE 129
#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 #define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130
#define SSL_F_SSL3_CHECK_CLIENT_HELLO 315
#define SSL_F_SSL3_CLIENT_HELLO 131 #define SSL_F_SSL3_CLIENT_HELLO 131
#define SSL_F_SSL3_CONNECT 132 #define SSL_F_SSL3_CONNECT 132
#define SSL_F_SSL3_CTRL 213 #define SSL_F_SSL3_CTRL 213
...@@ -2413,7 +2412,6 @@ void ERR_load_SSL_strings(void); ...@@ -2413,7 +2412,6 @@ void ERR_load_SSL_strings(void);
#define SSL_R_MISSING_TMP_RSA_KEY 172 #define SSL_R_MISSING_TMP_RSA_KEY 172
#define SSL_R_MISSING_TMP_RSA_PKEY 173 #define SSL_R_MISSING_TMP_RSA_PKEY 173
#define SSL_R_MISSING_VERIFY_MESSAGE 174 #define SSL_R_MISSING_VERIFY_MESSAGE 174
#define SSL_R_MULTIPLE_SGC_RESTARTS 370
#define SSL_R_NON_SSLV2_INITIAL_PACKET 175 #define SSL_R_NON_SSLV2_INITIAL_PACKET 175
#define SSL_R_NO_CERTIFICATES_RETURNED 176 #define SSL_R_NO_CERTIFICATES_RETURNED 176
#define SSL_R_NO_CERTIFICATE_ASSIGNED 177 #define SSL_R_NO_CERTIFICATE_ASSIGNED 177
......
ssl/ssl3.h
浏览文件 @ b3720c34
...@@ -389,17 +389,6 @@ typedef struct ssl3_buffer_st ...@@ -389,17 +389,6 @@ typedef struct ssl3_buffer_st
#define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010
#define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 #define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020
/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
* restart a handshake because of MS SGC and so prevents us
* from restarting the handshake in a loop. It's reset on a
* renegotiation, so effectively limits the client to one restart
* per negotiation. This limits the possibility of a DDoS
* attack where the client handshakes in a loop using SGC to
* restart. Servers which permit renegotiation can still be
* effected, but we can't prevent that.
*/
#define SSL3_FLAGS_SGC_RESTART_DONE 0x0040
#ifndef OPENSSL_NO_SSL_INTERN #ifndef OPENSSL_NO_SSL_INTERN
typedef struct ssl3_state_st typedef struct ssl3_state_st
......
ssl/ssl_err.c
浏览文件 @ b3720c34
...@@ -138,7 +138,6 @@ static ERR_STRING_DATA SSL_str_functs[]= ...@@ -138,7 +138,6 @@ static ERR_STRING_DATA SSL_str_functs[]=
{ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"}, {ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"},
{ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"}, {ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"},
{ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"}, {ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"},
{ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO), "SSL3_CHECK_CLIENT_HELLO"},
{ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"}, {ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"},
{ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"}, {ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"},
{ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"}, {ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"},
...@@ -421,7 +420,6 @@ static ERR_STRING_DATA SSL_str_reasons[]= ...@@ -421,7 +420,6 @@ static ERR_STRING_DATA SSL_str_reasons[]=
{ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) ,"missing tmp rsa key"}, {ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) ,"missing tmp rsa key"},
{ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) ,"missing tmp rsa pkey"}, {ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) ,"missing tmp rsa pkey"},
{ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"}, {ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"},
{ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS) ,"multiple sgc restarts"},
{ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET),"non sslv2 initial packet"}, {ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET),"non sslv2 initial packet"},
{ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED),"no certificates returned"}, {ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED),"no certificates returned"},
{ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED),"no certificate assigned"}, {ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED),"no certificate assigned"},
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册