/[smeserver]/rpms/openssl/sme8/openssl-fips-0.9.8e-cve-2014-3510.patch
ViewVC logotype

Annotation of /rpms/openssl/sme8/openssl-fips-0.9.8e-cve-2014-3510.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Tue Sep 2 22:20:54 2014 UTC (10 years, 3 months ago) by charliebrady
Branch: MAIN
CVS Tags: openssl-0_9_8e-28_el5_sme, openssl-0_9_8e-32_1_el5_sme, openssl-0_9_8e-31_1_el5_sme, openssl-0_9_8e-33_1_el5_sme, HEAD
Extracted from openssl-0.9.8e-27.el5_10.4.src.rpm

1 charliebrady 1.1 diff -up openssl-fips-0.9.8e/ssl/d1_clnt.c.adh-dos openssl-fips-0.9.8e/ssl/d1_clnt.c
2     --- openssl-fips-0.9.8e/ssl/d1_clnt.c.adh-dos 2014-08-08 10:53:54.843106757 +0200
3     +++ openssl-fips-0.9.8e/ssl/d1_clnt.c 2014-08-08 11:45:44.900665548 +0200
4     @@ -727,6 +727,13 @@ int dtls1_send_client_key_exchange(SSL *
5     RSA *rsa;
6     unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
7    
8     + if (s->session->sess_cert == NULL)
9     + {
10     + /* We should always have a server certificate with SSL_kRSA. */
11     + SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
12     + goto err;
13     + }
14     +
15     if (s->session->sess_cert->peer_rsa_tmp != NULL)
16     rsa=s->session->sess_cert->peer_rsa_tmp;
17     else
18     @@ -917,6 +924,13 @@ int dtls1_send_client_key_exchange(SSL *
19     {
20     DH *dh_srvr,*dh_clnt;
21    
22     + if (s->session->sess_cert == NULL)
23     + {
24     + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
25     + SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
26     + goto err;
27     + }
28     +
29     if (s->session->sess_cert->peer_dh_tmp != NULL)
30     dh_srvr=s->session->sess_cert->peer_dh_tmp;
31     else
32     @@ -1158,5 +1172,3 @@ int dtls1_send_client_certificate(SSL *s
33     /* SSL3_ST_CW_CERT_D */
34     return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
35     }
36     -
37     -
38     diff -up openssl-fips-0.9.8e/ssl/s3_clnt.c.adh-dos openssl-fips-0.9.8e/ssl/s3_clnt.c
39     --- openssl-fips-0.9.8e/ssl/s3_clnt.c.adh-dos 2014-08-08 10:53:54.897107025 +0200
40     +++ openssl-fips-0.9.8e/ssl/s3_clnt.c 2014-08-08 11:45:44.901665552 +0200
41     @@ -1675,6 +1675,13 @@ int ssl3_send_client_key_exchange(SSL *s
42     RSA *rsa;
43     unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
44    
45     + if (s->session->sess_cert == NULL)
46     + {
47     + /* We should always have a server certificate with SSL_kRSA. */
48     + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
49     + goto err;
50     + }
51     +
52     if (s->session->sess_cert->peer_rsa_tmp != NULL)
53     rsa=s->session->sess_cert->peer_rsa_tmp;
54     else

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed