diff options
author | Matt Caswell <matt@openssl.org> | 2017-02-03 11:21:07 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-02-16 09:35:56 +0000 |
commit | cc22cd546bd0b0e1b55c1835403ab564d5f30581 (patch) | |
tree | 3cf928045ffeb0b8b5638286a6f414681d54ccce /test/ssl_test_ctx.h | |
parent | 7b3a4d610731929d4fde15411f9be9b883974980 (diff) | |
download | openssl-cc22cd546bd0b0e1b55c1835403ab564d5f30581.tar.gz |
Provide a test for the Encrypt-Then-Mac renegotiation crash
In 1.1.0 changing the ciphersuite during a renegotiation can result in
a crash leading to a DoS attack. In master this does not occur with TLS
(instead you get an internal error, which is still wrong but not a security
issue) - but the problem still exists in the DTLS code.
This commit provides a test for the issue.
CVE-2017-3733
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'test/ssl_test_ctx.h')
-rw-r--r-- | test/ssl_test_ctx.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/test/ssl_test_ctx.h b/test/ssl_test_ctx.h index 13652b0528..6036a02bc9 100644 --- a/test/ssl_test_ctx.h +++ b/test/ssl_test_ctx.h @@ -84,6 +84,8 @@ typedef struct { char *npn_protocols; char *alpn_protocols; ssl_ct_validation_t ct_validation; + /* Ciphersuites to set on a renegotiation */ + char *reneg_ciphers; } SSL_TEST_CLIENT_CONF; typedef struct { |