openssl/ssl
Matt Caswell 82f992cbe0 Limit the number of KeyUpdate messages we can process
Too many KeyUpdate message could be inicative of a problem (e.g. an
infinite KeyUpdate loop if the peer always responds to a KeyUpdate message
with an "update_requested" KeyUpdate response), or (conceivably) an attack.
Either way we limit the number of KeyUpdate messages we are prepared to
handle.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2609)
2017-02-17 10:28:00 +00:00
..
record Remove an OPENSSL_assert() and replace with a soft assert and check 2017-02-16 09:35:56 +00:00
statem Limit the number of KeyUpdate messages we can process 2017-02-17 10:28:00 +00:00
bio_ssl.c Test the size_t constant time functions 2016-11-04 12:09:46 +00:00
build.info Move client parsing of ServerHello extensions into new framework 2016-12-08 17:18:25 +00:00
d1_lib.c Don't change the state of the ETM flags until CCS processing 2017-02-16 09:35:56 +00:00
d1_msg.c Convert libssl writing for size_t 2016-11-04 12:09:45 +00:00
d1_srtp.c Move client parsing of ServerHello extensions into new framework 2016-12-08 17:18:25 +00:00
methods.c Add the SSL_METHOD for TLSv1.3 and all other base changes required 2016-11-02 13:08:21 +00:00
packet.c Use for loop in WPACKET_fill_lengths instead of do...while 2017-01-30 10:18:24 +00:00
packet_locl.h Miscellaneous style tweaks based on feedback received 2017-01-30 10:18:23 +00:00
pqueue.c Fix a missed size_t variable declaration 2016-11-04 12:09:46 +00:00
s3_cbc.c Provide some constant time functions for dealing with size_t values 2016-11-04 12:09:46 +00:00
s3_enc.c fix a memory leak in ssl3_generate_key_block fix the error handling in ssl3_change_cipher_state 2017-01-23 11:41:59 +01:00
s3_lib.c Use CERT_PKEY pointer instead of index 2017-02-15 02:23:54 +00:00
s3_msg.c Fix some missed size_t updates 2016-11-04 12:09:45 +00:00
ssl_asn1.c Fix <= TLS1.2 break 2017-01-30 10:18:24 +00:00
ssl_cert.c Replace SSL_PKEY_RSA_ENC, SSL_PKEY_RSA_SIGN 2017-02-10 20:08:35 +00:00
ssl_ciph.c mem leak on error path and error propagation fix 2017-02-14 10:19:50 +00:00
ssl_conf.c Test mac-then-encrypt 2016-11-28 12:23:36 +01:00
ssl_err.c Limit the number of KeyUpdate messages we can process 2017-02-17 10:28:00 +00:00
ssl_init.c Indent ssl/ 2016-08-18 14:02:29 +02:00
ssl_lib.c Add a SSL_get_key_update_type() function 2017-02-17 10:28:00 +00:00
ssl_locl.h Limit the number of KeyUpdate messages we can process 2017-02-17 10:28:00 +00:00
ssl_mcnf.c Fix misc size_t issues causing Windows warnings in 64 bit 2016-11-04 12:09:46 +00:00
ssl_rsa.c Indent ssl/ 2016-08-18 14:02:29 +02:00
ssl_sess.c Various style fixes following review feedback 2017-01-30 10:18:25 +00:00
ssl_stat.c Add missing debug strings. 2016-09-07 16:08:38 -04:00
ssl_txt.c Move extension data into sub-structs 2017-01-09 22:26:47 -05:00
ssl_utst.c Remove heartbeat support 2016-11-13 16:24:02 -05:00
t1_enc.c Don't change the state of the ETM flags until CCS processing 2017-02-16 09:35:56 +00:00
t1_ext.c Rework error handling of custom_ext_meth_add towards strong exception safety. 2017-02-15 08:37:52 -05:00
t1_lib.c Use tls_choose_sigalg for client auth. 2017-02-16 16:43:44 +00:00
t1_trce.c Add SSL_trace() support for KeyUpdate messages 2017-02-17 10:28:00 +00:00
tls13_enc.c Actually update the keys when a KeyUpdate message is sent or received 2017-02-17 10:28:00 +00:00
tls_srp.c Indent ssl/ 2016-08-18 14:02:29 +02:00