Be selective as to when ChangeCipherSpec messages will be accepted. - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	jsing <jsing@openbsd.org>	2014-06-05 15:46:24 +0000
committer	jsing <jsing@openbsd.org>	2014-06-05 15:46:24 +0000
commit	80be6061e6dcd27b6153a0ce89043646d5ef4f73 (patch)
tree	95bbffdcaa593dedc8d34e59a21ed55a23c4f3a1 /lib/libssl/src/ssl/d1_both.c
parent	Reduce code running as root by trying to create all needed sockets (diff)
download	wireguard-openbsd-80be6061e6dcd27b6153a0ce89043646d5ef4f73.tar.xz wireguard-openbsd-80be6061e6dcd27b6153a0ce89043646d5ef4f73.zip

Be selective as to when ChangeCipherSpec messages will be accepted.

Without this an early ChangeCipherSpec message would result in session keys being generated, along with the Finished hash for the handshake, using an empty master secret. For a detailed analysis see: https://www.imperialviolet.org/2014/06/05/earlyccs.html This is a fix for CVE-2014-0224, from OpenSSL. This issue was reported to OpenSSL by KIKUCHI Masashi. Unfortunately the recent OpenSSL commit was the first we were made aware of the issue. ok deraadt@ sthen@

Diffstat (limited to 'lib/libssl/src/ssl/d1_both.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: