merge CVE-2014-3510; Fix DTLS anonymous EC(DH) denial of service

author deraadt <deraadt@openbsd.org>

Thu, 7 Aug 2014 01:24:10 +0000 (01:24 +0000)

committer deraadt <deraadt@openbsd.org>

Thu, 7 Aug 2014 01:24:10 +0000 (01:24 +0000)
author deraadt <deraadt@openbsd.org>
Thu, 7 Aug 2014 01:24:10 +0000 (01:24 +0000)
committer deraadt <deraadt@openbsd.org>
Thu, 7 Aug 2014 01:24:10 +0000 (01:24 +0000)
diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c

index 8dbeb5c..af6c81d 100644 (file)
--- a/lib/libssl/s3_clnt.c
+++ b/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.84 2014/07/17 11:32:21 miod Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.85 2014/08/07 01:24:10 deraadt Exp $ */
  /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
   * All rights reserved.
   *
@@ -1945,6 +1945,14 @@ ssl3_send_client_key_exchange(SSL *s)
                         RSA *rsa;
                         unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
  
+                       if (s->session->sess_cert == NULL) {
+                               /* We should always have a server
+                                * certificate with SSL_kRSA. */
+                               SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                                   ERR_R_INTERNAL_ERROR);
+                               goto err;
+                       }
+
                         if (s->session->sess_cert->peer_rsa_tmp != NULL)
                                 rsa = s->session->sess_cert->peer_rsa_tmp;
                         else {
diff --git a/lib/libssl/src/ssl/s3_clnt.c b/lib/libssl/src/ssl/s3_clnt.c

index 8dbeb5c..af6c81d 100644 (file)
--- a/lib/libssl/src/ssl/s3_clnt.c
+++ b/lib/libssl/src/ssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.84 2014/07/17 11:32:21 miod Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.85 2014/08/07 01:24:10 deraadt Exp $ */
  /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
   * All rights reserved.
   *
@@ -1945,6 +1945,14 @@ ssl3_send_client_key_exchange(SSL *s)
                         RSA *rsa;
                         unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
  
+                       if (s->session->sess_cert == NULL) {
+                               /* We should always have a server
+                                * certificate with SSL_kRSA. */
+                               SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                                   ERR_R_INTERNAL_ERROR);
+                               goto err;
+                       }
+
                         if (s->session->sess_cert->peer_rsa_tmp != NULL)
                                 rsa = s->session->sess_cert->peer_rsa_tmp;
                         else {
author	deraadt <deraadt@openbsd.org>
	Thu, 7 Aug 2014 01:24:10 +0000 (01:24 +0000)
committer	deraadt <deraadt@openbsd.org>
	Thu, 7 Aug 2014 01:24:10 +0000 (01:24 +0000)
lib/libssl/s3_clnt.c		patch \| blob \| history
lib/libssl/src/ssl/s3_clnt.c		patch \| blob \| history