diff options
| author | jsing <> | 2014-06-05 15:46:24 +0000 |
|---|---|---|
| committer | jsing <> | 2014-06-05 15:46:24 +0000 |
| commit | a1aa52709d3c53d1664e282da9d9833869ffcf47 (patch) | |
| tree | 645cbc9565ca3ee2061f628e95849ce560cf786f /src/lib/libssl/ssl3.h | |
| parent | d874ba6e9641314de878a6d18eaefe826cbe532b (diff) | |
| download | openbsd-a1aa52709d3c53d1664e282da9d9833869ffcf47.tar.gz openbsd-a1aa52709d3c53d1664e282da9d9833869ffcf47.tar.bz2 openbsd-a1aa52709d3c53d1664e282da9d9833869ffcf47.zip | |
Be selective as to when ChangeCipherSpec messages will be accepted.
Without this an early ChangeCipherSpec message would result in session
keys being generated, along with the Finished hash for the handshake,
using an empty master secret.
For a detailed analysis see:
https://www.imperialviolet.org/2014/06/05/earlyccs.html
This is a fix for CVE-2014-0224, from OpenSSL.
This issue was reported to OpenSSL by KIKUCHI Masashi. Unfortunately the
recent OpenSSL commit was the first we were made aware of the issue.
ok deraadt@ sthen@
Diffstat (limited to 'src/lib/libssl/ssl3.h')
| -rw-r--r-- | src/lib/libssl/ssl3.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h index 1d2bc2f5c0..8444ccb57d 100644 --- a/src/lib/libssl/ssl3.h +++ b/src/lib/libssl/ssl3.h | |||
| @@ -370,6 +370,7 @@ typedef struct ssl3_buffer_st { | |||
| 370 | #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 | 370 | #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 |
| 371 | #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 | 371 | #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 |
| 372 | #define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 | 372 | #define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 |
| 373 | #define SSL3_FLAGS_CCS_OK 0x0080 | ||
| 373 | 374 | ||
| 374 | /* SSL3_FLAGS_SGC_RESTART_DONE is set when we | 375 | /* SSL3_FLAGS_SGC_RESTART_DONE is set when we |
| 375 | * restart a handshake because of MS SGC and so prevents us | 376 | * restart a handshake because of MS SGC and so prevents us |