openssl/sme8/openssl-fips-0.9.8e-cve-2014-3510.patch

diff -up openssl-fips-0.9.8e/ssl/d1_clnt.c.adh-dos openssl-fips-0.9.8e/ssl/d1_clnt.c
--- openssl-fips-0.9.8e/ssl/d1_clnt.c.adh-dos   2014-08-08 10:53:54.843106757 +0200
+++ openssl-fips-0.9.8e/ssl/d1_clnt.c   2014-08-08 11:45:44.900665548 +0200
@@ -727,6 +727,13 @@ int dtls1_send_client_key_exchange(SSL *
                        RSA *rsa;
                        unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
 
+                       if (s->session->sess_cert == NULL)
+                               {
+                               /* We should always have a server certificate with SSL_kRSA. */
+                               SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
+                               goto err;
+                               }
+
                        if (s->session->sess_cert->peer_rsa_tmp != NULL)
                                rsa=s->session->sess_cert->peer_rsa_tmp;
                        else
@@ -917,6 +924,13 @@ int dtls1_send_client_key_exchange(SSL *
                        {
                        DH *dh_srvr,*dh_clnt;
 
+                       if (s->session->sess_cert == NULL)
+                               {
+                               ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
+                               SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
+                               goto err;
+                               }
+
                        if (s->session->sess_cert->peer_dh_tmp != NULL)
                                dh_srvr=s->session->sess_cert->peer_dh_tmp;
                        else
@@ -1158,5 +1172,3 @@ int dtls1_send_client_certificate(SSL *s
        /* SSL3_ST_CW_CERT_D */
        return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
        }
-
-
diff -up openssl-fips-0.9.8e/ssl/s3_clnt.c.adh-dos openssl-fips-0.9.8e/ssl/s3_clnt.c
--- openssl-fips-0.9.8e/ssl/s3_clnt.c.adh-dos   2014-08-08 10:53:54.897107025 +0200
+++ openssl-fips-0.9.8e/ssl/s3_clnt.c   2014-08-08 11:45:44.901665552 +0200
@@ -1675,6 +1675,13 @@ int ssl3_send_client_key_exchange(SSL *s
                        RSA *rsa;
                        unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
 
+                       if (s->session->sess_cert == NULL)
+                               {
+                               /* We should always have a server certificate with SSL_kRSA. */
+                               SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
+                               goto err;
+                               }
+
                        if (s->session->sess_cert->peer_rsa_tmp != NULL)
                                rsa=s->session->sess_cert->peer_rsa_tmp;
                        else
1	charliebrady	1.1	diff -up openssl-fips-0.9.8e/ssl/d1_clnt.c.adh-dos openssl-fips-0.9.8e/ssl/d1_clnt.c
2			--- openssl-fips-0.9.8e/ssl/d1_clnt.c.adh-dos 2014-08-08 10:53:54.843106757 +0200
3			+++ openssl-fips-0.9.8e/ssl/d1_clnt.c 2014-08-08 11:45:44.900665548 +0200
4			@@ -727,6 +727,13 @@ int dtls1_send_client_key_exchange(SSL *
5			RSA *rsa;
6			unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
7
8			+ if (s->session->sess_cert == NULL)
9			+ {
10			+ /* We should always have a server certificate with SSL_kRSA. */
11			+ SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
12			+ goto err;
13			+ }
14			+
15			if (s->session->sess_cert->peer_rsa_tmp != NULL)
16			rsa=s->session->sess_cert->peer_rsa_tmp;
17			else
18			@@ -917,6 +924,13 @@ int dtls1_send_client_key_exchange(SSL *
19			{
20			DH dh_srvr,dh_clnt;
21
22			+ if (s->session->sess_cert == NULL)
23			+ {
24			+ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
25			+ SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
26			+ goto err;
27			+ }
28			+
29			if (s->session->sess_cert->peer_dh_tmp != NULL)
30			dh_srvr=s->session->sess_cert->peer_dh_tmp;
31			else
32			@@ -1158,5 +1172,3 @@ int dtls1_send_client_certificate(SSL *s
33			/* SSL3_ST_CW_CERT_D */
34			return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
35			}
36			-
37			-
38			diff -up openssl-fips-0.9.8e/ssl/s3_clnt.c.adh-dos openssl-fips-0.9.8e/ssl/s3_clnt.c
39			--- openssl-fips-0.9.8e/ssl/s3_clnt.c.adh-dos 2014-08-08 10:53:54.897107025 +0200
40			+++ openssl-fips-0.9.8e/ssl/s3_clnt.c 2014-08-08 11:45:44.901665552 +0200
41			@@ -1675,6 +1675,13 @@ int ssl3_send_client_key_exchange(SSL *s
42			RSA *rsa;
43			unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
44
45			+ if (s->session->sess_cert == NULL)
46			+ {
47			+ /* We should always have a server certificate with SSL_kRSA. */
48			+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
49			+ goto err;
50			+ }
51			+
52			if (s->session->sess_cert->peer_rsa_tmp != NULL)
53			rsa=s->session->sess_cert->peer_rsa_tmp;
54			else