openssl/ssl
Matt Caswell 28a31a0a10 Don't change the state of the ETM flags until CCS processing
In 1.1.0 changing the ciphersuite during a renegotiation can result in
a crash leading to a DoS attack. In master this does not occur with TLS
(instead you get an internal error, which is still wrong but not a security
issue) - but the problem still exists in the DTLS code.

The problem is caused by changing the flag indicating whether to use ETM
or not immediately on negotiation of ETM, rather than at CCS. Therefore,
during a renegotiation, if the ETM state is changing (usually due to a
change of ciphersuite), then an error/crash will occur.

Due to the fact that there are separate CCS messages for read and write
we actually now need two flags to determine whether to use ETM or not.

CVE-2017-3733

Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-02-16 09:35:56 +00:00
..
record Don't change the state of the ETM flags until CCS processing 2017-02-16 09:35:56 +00:00
statem Don't change the state of the ETM flags until CCS processing 2017-02-16 09:35:56 +00:00
bio_ssl.c
build.info
d1_lib.c Don't change the state of the ETM flags until CCS processing 2017-02-16 09:35:56 +00:00
d1_msg.c
d1_srtp.c
methods.c
packet_locl.h Miscellaneous style tweaks based on feedback received 2017-01-30 10:18:23 +00:00
packet.c Use for loop in WPACKET_fill_lengths instead of do...while 2017-01-30 10:18:24 +00:00
pqueue.c
s3_cbc.c
s3_enc.c fix a memory leak in ssl3_generate_key_block fix the error handling in ssl3_change_cipher_state 2017-01-23 11:41:59 +01:00
s3_lib.c Use CERT_PKEY pointer instead of index 2017-02-15 02:23:54 +00:00
s3_msg.c
ssl_asn1.c Fix <= TLS1.2 break 2017-01-30 10:18:24 +00:00
ssl_cert.c Replace SSL_PKEY_RSA_ENC, SSL_PKEY_RSA_SIGN 2017-02-10 20:08:35 +00:00
ssl_ciph.c mem leak on error path and error propagation fix 2017-02-14 10:19:50 +00:00
ssl_conf.c
ssl_err.c Change tls_choose_sigalg so it can set errors and alerts. 2017-02-15 02:23:54 +00:00
ssl_init.c
ssl_lib.c Use CERT_PKEY pointer instead of index 2017-02-15 02:23:54 +00:00
ssl_locl.h Don't change the state of the ETM flags until CCS processing 2017-02-16 09:35:56 +00:00
ssl_mcnf.c
ssl_rsa.c
ssl_sess.c Various style fixes following review feedback 2017-01-30 10:18:25 +00:00
ssl_stat.c
ssl_txt.c Move extension data into sub-structs 2017-01-09 22:26:47 -05:00
ssl_utst.c
t1_enc.c Don't change the state of the ETM flags until CCS processing 2017-02-16 09:35:56 +00:00
t1_ext.c Rework error handling of custom_ext_meth_add towards strong exception safety. 2017-02-15 08:37:52 -05:00
t1_lib.c Fix warning 2017-02-16 01:44:28 +00:00
t1_trce.c Add trace support for HelloRetryRequest 2017-02-14 13:14:25 +00:00
tls13_enc.c Add CCM mode support for TLS 1.3 2017-02-08 02:16:27 +00:00
tls_srp.c