Provide a test for the Encrypt-Then-Mac renegotiation crash

In 1.1.0 changing the ciphersuite during a renegotiation can result in a crash leading to a DoS attack. In master this does not occur with TLS (instead you get an internal error, which is still wrong but not a security issue) - but the problem still exists in the DTLS code. This commit provides a test for the issue. CVE-2017-3733 Reviewed-by: Richard Levitte <levitte@openssl.org>
author: Matt Caswell <matt@openssl.org> 2017-02-03 11:21:07 +0000
committer: Matt Caswell <matt@openssl.org> 2017-02-16 09:35:56 +0000
commit: cc22cd546bd0b0e1b55c1835403ab564d5f30581 (patch)
tree: 3cf928045ffeb0b8b5638286a6f414681d54ccce /test/ssl_test_ctx.h
parent: 7b3a4d610731929d4fde15411f9be9b883974980 (diff)
download: openssl-cc22cd546bd0b0e1b55c1835403ab564d5f30581.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/test/ssl_test_ctx.h b/test/ssl_test_ctx.h
index 13652b0528..6036a02bc9 100644
--- a/test/ssl_test_ctx.h
+++ b/test/ssl_test_ctx.h
@@ -84,6 +84,8 @@ typedef struct {
     char *npn_protocols;
     char *alpn_protocols;
     ssl_ct_validation_t ct_validation;
+    /* Ciphersuites to set on a renegotiation */
+    char *reneg_ciphers;
 } SSL_TEST_CLIENT_CONF;
 
 typedef struct {
author	Matt Caswell <matt@openssl.org>	2017-02-03 11:21:07 +0000
committer	Matt Caswell <matt@openssl.org>	2017-02-16 09:35:56 +0000
commit	cc22cd546bd0b0e1b55c1835403ab564d5f30581 (patch)
tree	3cf928045ffeb0b8b5638286a6f414681d54ccce /test/ssl_test_ctx.h
parent	7b3a4d610731929d4fde15411f9be9b883974980 (diff)
download	openssl-cc22cd546bd0b0e1b55c1835403ab564d5f30581.tar.gz