Fix several crash causing defects from OpenSSL.

These include:
CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error
CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp
CVE-2015-0287 - ASN.1 structure reuse memory corruption
CVE-2015-0289 - PKCS7 NULL pointer dereferences

Several other issues did not apply or were already fixed.
Refer to https://www.openssl.org/news/secadv_20150319.txt

joint work with beck, doug, guenther, jsing, miod

1 files changed, 4 insertions, 1 deletions

diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c
index 9d9a90d76a..dd789ccc70 100644
--- a/src/lib/libssl/d1_lib.c
+++ b/src/lib/libssl/d1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_lib.c,v 1.27 2015/02/09 10:53:28 jsing Exp $ */
+/* $OpenBSD: d1_lib.c,v 1.28 2015/03/19 14:00:22 tedu Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -443,6 +443,9 @@ dtls1_listen(SSL *s, struct sockaddr *client)
 {
         int ret;
 
+        /* Ensure there is no state left over from a previous invocation */
+        SSL_clear(s);
+
         SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
         s->d1->listen = 1;