diff options
| author | Matt Caswell <matt@openssl.org> | 2017-02-03 14:06:20 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2017-02-16 09:35:56 +0000 |
| commit | 28a31a0a10f41ef855cabab4e18c994c44225125 (patch) | |
| tree | d2a9083211d227c585de916921dcbe14d0dbbd21 /test/dtls_mtu_test.c | |
| parent | cc22cd546bd0b0e1b55c1835403ab564d5f30581 (diff) | |
| download | openssl-28a31a0a10f41ef855cabab4e18c994c44225125.tar.gz | |
Don't change the state of the ETM flags until CCS processing
In 1.1.0 changing the ciphersuite during a renegotiation can result in
a crash leading to a DoS attack. In master this does not occur with TLS
(instead you get an internal error, which is still wrong but not a security
issue) - but the problem still exists in the DTLS code.
The problem is caused by changing the flag indicating whether to use ETM
or not immediately on negotiation of ETM, rather than at CCS. Therefore,
during a renegotiation, if the ETM state is changing (usually due to a
change of ciphersuite), then an error/crash will occur.
Due to the fact that there are separate CCS messages for read and write
we actually now need two flags to determine whether to use ETM or not.
CVE-2017-3733
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'test/dtls_mtu_test.c')
| -rw-r--r-- | test/dtls_mtu_test.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/test/dtls_mtu_test.c b/test/dtls_mtu_test.c index da970a7fa7..1a05c541f7 100644 --- a/test/dtls_mtu_test.c +++ b/test/dtls_mtu_test.c @@ -16,7 +16,7 @@ #include "ssltestlib.h" -/* for SSL_USE_ETM() */ +/* for SSL_READ_ETM() */ #include "../ssl/ssl_locl.h" static int debug = 0; @@ -133,7 +133,7 @@ static int mtu_test(SSL_CTX *ctx, const char *cs, int no_etm) } } rv = 1; - if (SSL_USE_ETM(clnt_ssl)) + if (SSL_READ_ETM(clnt_ssl)) rv = 2; out: SSL_free(clnt_ssl); |