From 43f5d1f3bd255cb997b91514a2993b278a7b4216 Mon Sep 17 00:00:00 2001
From: deraadt <>
Date: Thu, 7 Aug 2014 01:24:10 +0000
Subject: merge CVE-2014-3510; Fix DTLS anonymous EC(DH) denial of service
 https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=17160033765480453be0a41335fa6b833691c049
 ok bcook

---
 src/lib/libssl/s3_clnt.c         | 10 +++++++++-
 src/lib/libssl/src/ssl/s3_clnt.c | 10 +++++++++-
 2 files changed, 18 insertions(+), 2 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 8dbeb5ce80..af6c81dae5 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.84 2014/07/17 11:32:21 miod Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.85 2014/08/07 01:24:10 deraadt Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1945,6 +1945,14 @@ ssl3_send_client_key_exchange(SSL *s)
 			RSA *rsa;
 			unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
 
+			if (s->session->sess_cert == NULL) {
+				/* We should always have a server
+				 * certificate with SSL_kRSA. */
+				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+				    ERR_R_INTERNAL_ERROR);
+				goto err;
+			}
+
 			if (s->session->sess_cert->peer_rsa_tmp != NULL)
 				rsa = s->session->sess_cert->peer_rsa_tmp;
 			else {
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index 8dbeb5ce80..af6c81dae5 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.84 2014/07/17 11:32:21 miod Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.85 2014/08/07 01:24:10 deraadt Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1945,6 +1945,14 @@ ssl3_send_client_key_exchange(SSL *s)
 			RSA *rsa;
 			unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
 
+			if (s->session->sess_cert == NULL) {
+				/* We should always have a server
+				 * certificate with SSL_kRSA. */
+				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+				    ERR_R_INTERNAL_ERROR);
+				goto err;
+			}
+
 			if (s->session->sess_cert->peer_rsa_tmp != NULL)
 				rsa = s->session->sess_cert->peer_rsa_tmp;
 			else {
-- 
cgit v1.2.3-55-g6feb