Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)

author: Dr. Stephen Henson <steve@openssl.org> 2012-01-04 18:52:18 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2012-01-04 18:52:18 +0000
commit: 21c4b259598efe3ea8c834c1568e8b762be120c4 (patch)
tree: d3699bb0651684b955720bcf9f132c69e79bc6a2 /ssl/ssl3.h
parent: 41cf2c3aefcfb892896c3b5be3a56474d46dde14 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index 2f579c253b..b9a85effa0 100644
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -333,6 +333,17 @@ typedef struct ssl3_buffer_st
 #define SSL3_FLAGS_DELAY_CLIENT_FINISHED	0x0002
 #define SSL3_FLAGS_POP_BUFFER			0x0004
 #define TLS1_FLAGS_TLS_PADDING_BUG		0x0008
+ 
+/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
+ * restart a handshake because of MS SGC and so prevents us
+ * from restarting the handshake in a loop. It's reset on a
+ * renegotiation, so effectively limits the client to one restart
+ * per negotiation. This limits the possibility of a DDoS
+ * attack where the client handshakes in a loop using SGC to
+ * restart. Servers which permit renegotiation can still be
+ * effected, but we can't prevent that.
+ */
+#define SSL3_FLAGS_SGC_RESTART_DONE		0x0040
 
 typedef struct ssl3_state_st
 	{
author	Dr. Stephen Henson <steve@openssl.org>	2012-01-04 18:52:18 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2012-01-04 18:52:18 +0000
commit	21c4b259598efe3ea8c834c1568e8b762be120c4 (patch)
tree	d3699bb0651684b955720bcf9f132c69e79bc6a2 /ssl/ssl3.h
parent	41cf2c3aefcfb892896c3b5be3a56474d46dde14 (diff)