diff options
| author | deraadt <> | 2014-08-07 01:24:10 +0000 |
|---|---|---|
| committer | deraadt <> | 2014-08-07 01:24:10 +0000 |
| commit | 43f5d1f3bd255cb997b91514a2993b278a7b4216 (patch) | |
| tree | 0c1ab456ca21e793771ef86bc2715058cd0988a1 /src/lib | |
| parent | a9ff92451b90fe858e2d46c1c53fc7b0c49a346b (diff) | |
| download | openbsd-43f5d1f3bd255cb997b91514a2993b278a7b4216.tar.gz openbsd-43f5d1f3bd255cb997b91514a2993b278a7b4216.tar.bz2 openbsd-43f5d1f3bd255cb997b91514a2993b278a7b4216.zip | |
merge CVE-2014-3510; Fix DTLS anonymous EC(DH) denial of service
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=17160033765480453be0a41335fa6b833691c049
ok bcook
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libssl/s3_clnt.c | 10 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_clnt.c | 10 |
2 files changed, 18 insertions, 2 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 8dbeb5ce80..af6c81dae5 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_clnt.c,v 1.84 2014/07/17 11:32:21 miod Exp $ */ | 1 | /* $OpenBSD: s3_clnt.c,v 1.85 2014/08/07 01:24:10 deraadt Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1945,6 +1945,14 @@ ssl3_send_client_key_exchange(SSL *s) | |||
| 1945 | RSA *rsa; | 1945 | RSA *rsa; |
| 1946 | unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; | 1946 | unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; |
| 1947 | 1947 | ||
| 1948 | if (s->session->sess_cert == NULL) { | ||
| 1949 | /* We should always have a server | ||
| 1950 | * certificate with SSL_kRSA. */ | ||
| 1951 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 1952 | ERR_R_INTERNAL_ERROR); | ||
| 1953 | goto err; | ||
| 1954 | } | ||
| 1955 | |||
| 1948 | if (s->session->sess_cert->peer_rsa_tmp != NULL) | 1956 | if (s->session->sess_cert->peer_rsa_tmp != NULL) |
| 1949 | rsa = s->session->sess_cert->peer_rsa_tmp; | 1957 | rsa = s->session->sess_cert->peer_rsa_tmp; |
| 1950 | else { | 1958 | else { |
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c index 8dbeb5ce80..af6c81dae5 100644 --- a/src/lib/libssl/src/ssl/s3_clnt.c +++ b/src/lib/libssl/src/ssl/s3_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_clnt.c,v 1.84 2014/07/17 11:32:21 miod Exp $ */ | 1 | /* $OpenBSD: s3_clnt.c,v 1.85 2014/08/07 01:24:10 deraadt Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1945,6 +1945,14 @@ ssl3_send_client_key_exchange(SSL *s) | |||
| 1945 | RSA *rsa; | 1945 | RSA *rsa; |
| 1946 | unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; | 1946 | unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; |
| 1947 | 1947 | ||
| 1948 | if (s->session->sess_cert == NULL) { | ||
| 1949 | /* We should always have a server | ||
| 1950 | * certificate with SSL_kRSA. */ | ||
| 1951 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 1952 | ERR_R_INTERNAL_ERROR); | ||
| 1953 | goto err; | ||
| 1954 | } | ||
| 1955 | |||
| 1948 | if (s->session->sess_cert->peer_rsa_tmp != NULL) | 1956 | if (s->session->sess_cert->peer_rsa_tmp != NULL) |
| 1949 | rsa = s->session->sess_cert->peer_rsa_tmp; | 1957 | rsa = s->session->sess_cert->peer_rsa_tmp; |
| 1950 | else { | 1958 | else { |