Google Git
Sign in
boringssl / boringssl / 92909a6206037f8266d93979028215a8b7f20614^! / .
commit92909a6206037f8266d93979028215a8b7f20614[log] [tgz]
authorDavid Benjamin <davidben@chromium.org>Wed Aug 20 11:40:03 2014 -0400
committerAdam Langley <agl@google.com>Wed Aug 20 19:06:01 2014 +0000
tree4c5b5424b7f804f9815048ca73e914d0ccb64306
parentb52e3dded27318addcc49ff2d39cf1891be6ca35 [diff]
Remove MS SGC support on the the server.

It doesn't appear to have ever been implemented on the client. The server code
stopped working anyway because it now skips the ssl_get_message call, so we
never cash in on the reuse_message, attempt to reprocess the repeated
ClientHello, and reject it thinking it's a second MS SGC restart.

Change-Id: Id536846e08460143f6fc0a550bdcc1b26b506b04
Reviewed-on: https://boringssl-review.googlesource.com/1580
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h
index 665f2c6..a470b89 100644
--- a/include/openssl/ssl3.h
+++ b/include/openssl/ssl3.h

@@ -345,17 +345,6 @@
 /* TODO(davidben): This flag can probably be merged into s3->change_cipher_spec
  * to something tri-state. (Normal / Expect CCS / Between CCS and Finished). */
 #define SSL3_FLAGS_EXPECT_CCS			0x0080
- 
-/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
- * restart a handshake because of MS SGC and so prevents us
- * from restarting the handshake in a loop. It's reset on a
- * renegotiation, so effectively limits the client to one restart
- * per negotiation. This limits the possibility of a DDoS
- * attack where the client handshakes in a loop using SGC to
- * restart. Servers which permit renegotiation can still be
- * effected, but we can't prevent that.
- */
-#define SSL3_FLAGS_SGC_RESTART_DONE		0x0040
 
 #ifndef OPENSSL_NO_SSL_INTERN
 

diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index e499f8b..fe8001d 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c

@@ -469,24 +469,13 @@
 
 		case SSL3_ST_SR_CERT_A:
 		case SSL3_ST_SR_CERT_B:
-			/* Check for second client hello (MS SGC) */
-			ret = ssl3_check_client_hello(s);
-			if (ret <= 0)
-				goto end;
-			if (ret == 2)
+			if (s->s3->tmp.cert_request)
 				{
-				dtls1_stop_timer(s);
-				s->state = SSL3_ST_SR_CLNT_HELLO_C;
+				ret=ssl3_get_client_certificate(s);
+				if (ret <= 0) goto end;
 				}
-			else {
-				if (s->s3->tmp.cert_request)
-					{
-					ret=ssl3_get_client_certificate(s);
-					if (ret <= 0) goto end;
-					}
-				s->init_num=0;
-				s->state=SSL3_ST_SR_KEY_EXCH_A;
-			}
+			s->init_num=0;
+			s->state=SSL3_ST_SR_KEY_EXCH_A;
 			break;
 
 		case SSL3_ST_SR_KEY_EXCH_A:

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index c014ac3..9ec6885 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c

@@ -258,7 +258,6 @@
 				}
 
 			s->init_num=0;
-			s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE;
 
 			if (s->state != SSL_ST_RENEGOTIATE)
 				{
@@ -470,21 +469,13 @@
 
 		case SSL3_ST_SR_CERT_A:
 		case SSL3_ST_SR_CERT_B:
-			/* Check for second client hello (MS SGC) */
-			ret = ssl3_check_client_hello(s);
-			if (ret <= 0)
-				goto end;
-			if (ret == 2)
-				s->state = SSL3_ST_SR_CLNT_HELLO_C;
-			else {
-				if (s->s3->tmp.cert_request)
-					{
-					ret=ssl3_get_client_certificate(s);
-					if (ret <= 0) goto end;
-					}
-				s->init_num=0;
-				s->state=SSL3_ST_SR_KEY_EXCH_A;
-			}
+			if (s->s3->tmp.cert_request)
+				{
+				ret=ssl3_get_client_certificate(s);
+				if (ret <= 0) goto end;
+				}
+			s->init_num=0;
+			s->state=SSL3_ST_SR_KEY_EXCH_A;
 			break;
 
 		case SSL3_ST_SR_KEY_EXCH_A:
@@ -761,52 +752,6 @@
 	return ssl_do_write(s);
 	}
 
-int ssl3_check_client_hello(SSL *s)
-	{
-	int ok;
-	long n;
-
-	/* this function is called when we really expect a Certificate message,
-	 * so permit appropriate message length */
-	n=s->method->ssl_get_message(s,
-		SSL3_ST_SR_CERT_A,
-		SSL3_ST_SR_CERT_B,
-		-1,
-		s->max_cert_list,
-		&ok);
-	if (!ok) return((int)n);
-	s->s3->tmp.reuse_message = 1;
-	if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)
-		{
-		/* We only allow the client to restart the handshake once per
-		 * negotiation. */
-		if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE)
-			{
-			OPENSSL_PUT_ERROR(SSL, ssl3_check_client_hello, SSL_R_MULTIPLE_SGC_RESTARTS);
-			return -1;
-			}
-		/* Throw away what we have done so far in the current handshake,
-		 * which will now be aborted. (A full SSL_clear would be too much.) */
-#ifndef OPENSSL_NO_DH
-		if (s->s3->tmp.dh != NULL)
-			{
-			DH_free(s->s3->tmp.dh);
-			s->s3->tmp.dh = NULL;
-			}
-#endif
-#ifndef OPENSSL_NO_ECDH
-		if (s->s3->tmp.ecdh != NULL)
-			{
-			EC_KEY_free(s->s3->tmp.ecdh);
-			s->s3->tmp.ecdh = NULL;
-			}
-#endif
-		s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE;
-		return 2;
-		}
-	return 1;
-}
-
 int ssl3_get_client_hello(SSL *s)
 	{
 	int i,ok,al=SSL_AD_INTERNAL_ERROR,ret= -1;

diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 3bc618e..55f1aaf 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h

@@ -988,7 +988,6 @@
 int ssl3_send_server_key_exchange(SSL *s);
 int ssl3_send_certificate_request(SSL *s);
 int ssl3_send_server_done(SSL *s);
-int ssl3_check_client_hello(SSL *s);
 int ssl3_get_client_certificate(SSL *s);
 int ssl3_get_client_key_exchange(SSL *s);
 int ssl3_get_cert_verify(SSL *s);