Provide a test for the Encrypt-Then-Mac renegotiation crash

Changing the ciphersuite during a renegotiation can result in a crash leading to a DoS attack. ETM has not been implemented in 1.1.0 for DTLS so this is TLS only. This commit provides a test for the issue. CVE-2017-3733 Reviewed-by: Richard Levitte <levitte@openssl.org>
author: Matt Caswell <matt@openssl.org> 2017-02-03 11:21:07 +0000
committer: Matt Caswell <matt@openssl.org> 2017-02-16 09:39:05 +0000
commit: 9c5a691d578a4debfd6ecacc030a85900906bf0d (patch)
tree: 5f87c146078aa84fb1cc8d41c4410093062447f9 /test/ssl_test_ctx.h
parent: 3bdc1dc8fcc97a8945ddbc2748e7059207ea3914 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/test/ssl_test_ctx.h b/test/ssl_test_ctx.h
index 995d518ed3..28a4566716 100644
--- a/test/ssl_test_ctx.h
+++ b/test/ssl_test_ctx.h
@@ -84,6 +84,8 @@ typedef struct {
     char *npn_protocols;
     char *alpn_protocols;
     ssl_ct_validation_t ct_validation;
+    /* Ciphersuites to set on a renegotiation */
+    char *reneg_ciphers;
 } SSL_TEST_CLIENT_CONF;
 
 typedef struct {
author	Matt Caswell <matt@openssl.org>	2017-02-03 11:21:07 +0000
committer	Matt Caswell <matt@openssl.org>	2017-02-16 09:39:05 +0000
commit	9c5a691d578a4debfd6ecacc030a85900906bf0d (patch)
tree	5f87c146078aa84fb1cc8d41c4410093062447f9 /test/ssl_test_ctx.h
parent	3bdc1dc8fcc97a8945ddbc2748e7059207ea3914 (diff)