Fix DTLS retransmission from previous session.

For DTLS we might need to retransmit messages from the previous session so keep a copy of write context in DTLS retransmission buffers instead of replacing it after sending CCS. CVE-2013-6450. (cherry picked from commit 34628967f1e65dc8f34e000f0f5518e21afbfc7b)
author: Dr. Stephen Henson <steve@openssl.org> 2013-12-20 15:26:50 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2013-12-20 23:46:16 +0000
commit: 20b82b514d81a64f5b240788e5051167456af379 (patch)
tree: b0b77dd1f987e0930e9ac2980d474198fce2c3f9 /CHANGES
parent: 560b34f2b016038209c7a67791613d0eb0381536 (diff)
download: openssl-20b82b514d81a64f5b240788e5051167456af379.zip
openssl-20b82b514d81a64f5b240788e5051167456af379.tar.gz
openssl-20b82b514d81a64f5b240788e5051167456af379.tar.bz2
1 files changed, 5 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 2602cfa..111db93 100644
--- a/CHANGES
+++ b/CHANGES
@@ -273,6 +273,11 @@
 
  Changes between 1.0.1e and 1.0.2 [xx XXX xxxx]
 
+  *) Keep original DTLS digest and encryption contexts in retransmission
+     structures so we can use the previous session parameters if they need
+     to be resent. (CVE-2013-6450)
+     [Steve Henson]
+
   *) TLS pad extension: draft-agl-tls-padding-02
 
      Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the
author	Dr. Stephen Henson <steve@openssl.org>	2013-12-20 15:26:50 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2013-12-20 23:46:16 +0000
commit	20b82b514d81a64f5b240788e5051167456af379 (patch)
tree	b0b77dd1f987e0930e9ac2980d474198fce2c3f9 /CHANGES
parent	560b34f2b016038209c7a67791613d0eb0381536 (diff)
download	openssl-20b82b514d81a64f5b240788e5051167456af379.zip openssl-20b82b514d81a64f5b240788e5051167456af379.tar.gz openssl-20b82b514d81a64f5b240788e5051167456af379.tar.bz2