Fix for CVE-2014-0224

Only accept change cipher spec when it is expected instead of at any time. This prevents premature setting of session keys before the master secret is determined which an attacker could use as a MITM attack. Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for reporting this issue and providing the initial fix this patch is based on.
author: Dr. Stephen Henson <steve@openssl.org> 2014-05-16 12:49:48 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2014-06-03 16:30:23 +0100
commit: 410a49a4fa1d2a1a9775ee29f9e40cbbda79c149 (patch)
tree: 778046d20f87601d63cd20f69e600e4a97f74a93 /ssl/ssl3.h
parent: 82ba68c42d6a9cf245afa489471005b2a0377c10 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index 3aab0800c1..de5e559a59 100644
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -333,6 +333,7 @@ typedef struct ssl3_buffer_st
 #define SSL3_FLAGS_DELAY_CLIENT_FINISHED	0x0002
 #define SSL3_FLAGS_POP_BUFFER			0x0004
 #define TLS1_FLAGS_TLS_PADDING_BUG		0x0008
+#define SSL3_FLAGS_CCS_OK			0x0080
  
 /* SSL3_FLAGS_SGC_RESTART_DONE is set when we
  * restart a handshake because of MS SGC and so prevents us
author	Dr. Stephen Henson <steve@openssl.org>	2014-05-16 12:49:48 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2014-06-03 16:30:23 +0100
commit	410a49a4fa1d2a1a9775ee29f9e40cbbda79c149 (patch)
tree	778046d20f87601d63cd20f69e600e4a97f74a93 /ssl/ssl3.h
parent	82ba68c42d6a9cf245afa489471005b2a0377c10 (diff)