diff options
author | simon <simon@FreeBSD.org> | 2007-10-18 20:19:33 +0000 |
---|---|---|
committer | simon <simon@FreeBSD.org> | 2007-10-18 20:19:33 +0000 |
commit | 8f21bfc1756ff75fb4caf97e5c9612a4d7106243 (patch) | |
tree | 18668034f47decf1b245c279a6825a76c0eb0425 /crypto/openssl/ssl/dtls1.h | |
parent | 8e9898839e1cab4cb5affa37125bb12602040d78 (diff) | |
download | FreeBSD-src-8f21bfc1756ff75fb4caf97e5c9612a4d7106243.zip FreeBSD-src-8f21bfc1756ff75fb4caf97e5c9612a4d7106243.tar.gz |
Import DTLS security fix from upstream OpenSSL_0_9_8-stable branch.
From the OpenSSL advisory:
Andy Polyakov discovered a flaw in OpenSSL's DTLS
implementation which could lead to the compromise of clients
and servers with DTLS enabled.
DTLS is a datagram variant of TLS specified in RFC 4347 first
supported in OpenSSL version 0.9.8. Note that the
vulnerabilities do not affect SSL and TLS so only clients and
servers explicitly using DTLS are affected.
We believe this flaw will permit remote code execution.
Security: CVE-2007-4995
Security: http://www.openssl.org/news/secadv_20071012.txt
Diffstat (limited to 'crypto/openssl/ssl/dtls1.h')
-rw-r--r-- | crypto/openssl/ssl/dtls1.h | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/crypto/openssl/ssl/dtls1.h b/crypto/openssl/ssl/dtls1.h index b377cc5..a663cf8 100644 --- a/crypto/openssl/ssl/dtls1.h +++ b/crypto/openssl/ssl/dtls1.h @@ -67,9 +67,8 @@ extern "C" { #endif -#define DTLS1_VERSION 0x0100 -#define DTLS1_VERSION_MAJOR 0x01 -#define DTLS1_VERSION_MINOR 0x00 +#define DTLS1_VERSION 0xFEFF +#define DTLS1_BAD_VER 0x0100 #define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110 @@ -83,7 +82,7 @@ extern "C" { #define DTLS1_HM_BAD_FRAGMENT -2 #define DTLS1_HM_FRAGMENT_RETRY -3 -#define DTLS1_CCS_HEADER_LENGTH 3 +#define DTLS1_CCS_HEADER_LENGTH 1 #define DTLS1_AL_HEADER_LENGTH 7 |