openssl/ssl
Matt Caswell 28a31a0a10 Don't change the state of the ETM flags until CCS processing
In 1.1.0 changing the ciphersuite during a renegotiation can result in
a crash leading to a DoS attack. In master this does not occur with TLS
(instead you get an internal error, which is still wrong but not a security
issue) - but the problem still exists in the DTLS code.

The problem is caused by changing the flag indicating whether to use ETM
or not immediately on negotiation of ETM, rather than at CCS. Therefore,
during a renegotiation, if the ETM state is changing (usually due to a
change of ciphersuite), then an error/crash will occur.

Due to the fact that there are separate CCS messages for read and write
we actually now need two flags to determine whether to use ETM or not.

CVE-2017-3733

Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-02-16 09:35:56 +00:00
..
record Don't change the state of the ETM flags until CCS processing 2017-02-16 09:35:56 +00:00
statem Don't change the state of the ETM flags until CCS processing 2017-02-16 09:35:56 +00:00
bio_ssl.c Test the size_t constant time functions 2016-11-04 12:09:46 +00:00
build.info Move client parsing of ServerHello extensions into new framework 2016-12-08 17:18:25 +00:00
d1_lib.c Don't change the state of the ETM flags until CCS processing 2017-02-16 09:35:56 +00:00
d1_msg.c Convert libssl writing for size_t 2016-11-04 12:09:45 +00:00
d1_srtp.c Move client parsing of ServerHello extensions into new framework 2016-12-08 17:18:25 +00:00
methods.c Add the SSL_METHOD for TLSv1.3 and all other base changes required 2016-11-02 13:08:21 +00:00
packet_locl.h Miscellaneous style tweaks based on feedback received 2017-01-30 10:18:23 +00:00
packet.c Use for loop in WPACKET_fill_lengths instead of do...while 2017-01-30 10:18:24 +00:00
pqueue.c Fix a missed size_t variable declaration 2016-11-04 12:09:46 +00:00
s3_cbc.c Provide some constant time functions for dealing with size_t values 2016-11-04 12:09:46 +00:00
s3_enc.c fix a memory leak in ssl3_generate_key_block fix the error handling in ssl3_change_cipher_state 2017-01-23 11:41:59 +01:00
s3_lib.c Use CERT_PKEY pointer instead of index 2017-02-15 02:23:54 +00:00
s3_msg.c Fix some missed size_t updates 2016-11-04 12:09:45 +00:00
ssl_asn1.c Fix <= TLS1.2 break 2017-01-30 10:18:24 +00:00
ssl_cert.c Replace SSL_PKEY_RSA_ENC, SSL_PKEY_RSA_SIGN 2017-02-10 20:08:35 +00:00
ssl_ciph.c mem leak on error path and error propagation fix 2017-02-14 10:19:50 +00:00
ssl_conf.c Test mac-then-encrypt 2016-11-28 12:23:36 +01:00
ssl_err.c Change tls_choose_sigalg so it can set errors and alerts. 2017-02-15 02:23:54 +00:00
ssl_init.c Indent ssl/ 2016-08-18 14:02:29 +02:00
ssl_lib.c Use CERT_PKEY pointer instead of index 2017-02-15 02:23:54 +00:00
ssl_locl.h Don't change the state of the ETM flags until CCS processing 2017-02-16 09:35:56 +00:00
ssl_mcnf.c Fix misc size_t issues causing Windows warnings in 64 bit 2016-11-04 12:09:46 +00:00
ssl_rsa.c Indent ssl/ 2016-08-18 14:02:29 +02:00
ssl_sess.c Various style fixes following review feedback 2017-01-30 10:18:25 +00:00
ssl_stat.c Add missing debug strings. 2016-09-07 16:08:38 -04:00
ssl_txt.c Move extension data into sub-structs 2017-01-09 22:26:47 -05:00
ssl_utst.c Remove heartbeat support 2016-11-13 16:24:02 -05:00
t1_enc.c Don't change the state of the ETM flags until CCS processing 2017-02-16 09:35:56 +00:00
t1_ext.c Rework error handling of custom_ext_meth_add towards strong exception safety. 2017-02-15 08:37:52 -05:00
t1_lib.c Fix warning 2017-02-16 01:44:28 +00:00
t1_trce.c Add trace support for HelloRetryRequest 2017-02-14 13:14:25 +00:00
tls13_enc.c Add CCM mode support for TLS 1.3 2017-02-08 02:16:27 +00:00
tls_srp.c Indent ssl/ 2016-08-18 14:02:29 +02:00