From cce471d34d8d2e83721f593d949d2027933756e1 Mon Sep 17 00:00:00 2001 From: deraadt Date: Thu, 7 Aug 2014 01:24:10 +0000 Subject: [PATCH] merge CVE-2014-3510; Fix DTLS anonymous EC(DH) denial of service https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=17160033765480453be0a41335fa6b833691c049 ok bcook --- lib/libssl/s3_clnt.c | 10 +++++++++- lib/libssl/src/ssl/s3_clnt.c | 10 +++++++++- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c index 8dbeb5ce800..af6c81dae5a 100644 --- a/lib/libssl/s3_clnt.c +++ b/lib/libssl/s3_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_clnt.c,v 1.84 2014/07/17 11:32:21 miod Exp $ */ +/* $OpenBSD: s3_clnt.c,v 1.85 2014/08/07 01:24:10 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1945,6 +1945,14 @@ ssl3_send_client_key_exchange(SSL *s) RSA *rsa; unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; + if (s->session->sess_cert == NULL) { + /* We should always have a server + * certificate with SSL_kRSA. */ + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + goto err; + } + if (s->session->sess_cert->peer_rsa_tmp != NULL) rsa = s->session->sess_cert->peer_rsa_tmp; else { diff --git a/lib/libssl/src/ssl/s3_clnt.c b/lib/libssl/src/ssl/s3_clnt.c index 8dbeb5ce800..af6c81dae5a 100644 --- a/lib/libssl/src/ssl/s3_clnt.c +++ b/lib/libssl/src/ssl/s3_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_clnt.c,v 1.84 2014/07/17 11:32:21 miod Exp $ */ +/* $OpenBSD: s3_clnt.c,v 1.85 2014/08/07 01:24:10 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1945,6 +1945,14 @@ ssl3_send_client_key_exchange(SSL *s) RSA *rsa; unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; + if (s->session->sess_cert == NULL) { + /* We should always have a server + * certificate with SSL_kRSA. */ + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + goto err; + } + if (s->session->sess_cert->peer_rsa_tmp != NULL) rsa = s->session->sess_cert->peer_rsa_tmp; else { -- 2.20.1