summaryrefslogtreecommitdiff
path: root/external
diff options
context:
space:
mode:
authorCaolán McNamara <caolanm@redhat.com>2014-06-06 12:46:05 +0100
committerAndras Timar <andras.timar@collabora.com>2014-06-10 22:11:08 +0200
commit26d1dccab78a136a6b92674fbf3edbe2ff0c8586 (patch)
treee2df573a3ce24206b76f9b1dad909e39e72157c5 /external
parent139c19320881d79c4493112c3dd9813104af8e80 (diff)
various recent openssl CVEs
Change-Id: Ib8989682690a73e5d09fb06617ad9d0938d76ccc Reviewed-on: https://gerrit.libreoffice.org/9666 Tested-by: Michael Stahl <mstahl@redhat.com> Reviewed-by: Michael Stahl <mstahl@redhat.com>
Diffstat (limited to 'external')
-rw-r--r--external/openssl/CVE-2010-5298.patch21
-rw-r--r--external/openssl/CVE-2013-4353.patch21
-rw-r--r--external/openssl/CVE-2013-6449.patch111
-rw-r--r--external/openssl/CVE-2013-6450.patch85
-rw-r--r--external/openssl/CVE-2014-0195.patch36
-rw-r--r--external/openssl/CVE-2014-0198.patch33
-rw-r--r--external/openssl/CVE-2014-0221.patch34
-rw-r--r--external/openssl/CVE-2014-0224.patch88
-rw-r--r--external/openssl/CVE-2014-3470.patch26
-rw-r--r--external/openssl/UnpackedTarball_openssl.mk9
10 files changed, 464 insertions, 0 deletions
diff --git a/external/openssl/CVE-2010-5298.patch b/external/openssl/CVE-2010-5298.patch
new file mode 100644
index 000000000000..55251b3c4596
--- /dev/null
+++ b/external/openssl/CVE-2010-5298.patch
@@ -0,0 +1,21 @@
+From: Ben Laurie <ben@links.org>
+Date: Wed, 23 Apr 2014 06:24:03 +0000 (+0100)
+Subject: Fix use after free.
+X-Git-Url: https://git.openssl.org/gitweb/b/?p=openssl.git;a=commitdiff_plain;h=94d1f4b
+
+Fix use after free.
+---
+
+diff --git a/a/ssl/s3_pkt.c b/b/ssl/s3_pkt.c
+index b9e45c7..d601a18 100644
+--- a/a/ssl/s3_pkt.c
++++ b/b/ssl/s3_pkt.c
+@@ -1334,7 +1334,7 @@ start:
+ {
+ s->rstate=SSL_ST_READ_HEADER;
+ rr->off=0;
+- if (s->mode & SSL_MODE_RELEASE_BUFFERS)
++ if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0)
+ ssl3_release_read_buffer(s);
+ }
+ }
diff --git a/external/openssl/CVE-2013-4353.patch b/external/openssl/CVE-2013-4353.patch
new file mode 100644
index 000000000000..be7cf4c3b06e
--- /dev/null
+++ b/external/openssl/CVE-2013-4353.patch
@@ -0,0 +1,21 @@
+Fix for TLS record tampering bug. A carefully crafted invalid
+handshake could crash OpenSSL with a NULL pointer exception.
+Thanks to Anton Johansson for reporting this issues.
+(CVE-2013-4353)
+diff --git a/a/ssl/s3_both.c b/b/ssl/s3_both.c
+index 1e5dcab..53b9390 100644
+--- a/a/ssl/s3_both.c
++++ b/b/ssl/s3_both.c
+@@ -210,7 +210,11 @@ static void ssl3_take_mac(SSL *s)
+ {
+ const char *sender;
+ int slen;
+-
++ /* If no new cipher setup return immediately: other functions will
++ * set the appropriate error.
++ */
++ if (s->s3->tmp.new_cipher == NULL)
++ return;
+ if (s->state & SSL_ST_CONNECT)
+ {
+ sender=s->method->ssl3_enc->server_finished_label;
diff --git a/external/openssl/CVE-2013-6449.patch b/external/openssl/CVE-2013-6449.patch
new file mode 100644
index 000000000000..3da064699dfb
--- /dev/null
+++ b/external/openssl/CVE-2013-6449.patch
@@ -0,0 +1,111 @@
+Use version in SSL_METHOD not SSL structure.
+
+When deciding whether to use TLS 1.2 PRF and record hash algorithms
+use the version number in the corresponding SSL_METHOD structure
+instead of the SSL structure. The SSL structure version is sometimes
+inaccurate. Note: OpenSSL 1.0.2 and later effectively do this already.
+(CVE-2013-6449)
+
+Also preventively check EVP errors for handshake digests.
+
+diff --git a/a/ssl/s3_lib.c b/b/ssl/s3_lib.c
+index bf832bb..c4ef273 100644
+--- a/a/ssl/s3_lib.c
++++ b/b/ssl/s3_lib.c
+@@ -4286,7 +4286,7 @@ need to go to SSL_ST_ACCEPT.
+ long ssl_get_algorithm2(SSL *s)
+ {
+ long alg2 = s->s3->tmp.new_cipher->algorithm2;
+- if (TLS1_get_version(s) >= TLS1_2_VERSION &&
++ if (s->method->version == TLS1_2_VERSION &&
+ alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
+ return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
+ return alg2;
+diff --git a/a/ssl/s3_both.c b/b/ssl/s3_both.c
+index ead01c8..1e5dcab 100644
+--- a/a/ssl/s3_both.c
++++ b/b/ssl/s3_both.c
+@@ -161,6 +161,8 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
+
+ i=s->method->ssl3_enc->final_finish_mac(s,
+ sender,slen,s->s3->tmp.finish_md);
++ if (i == 0)
++ return 0;
+ s->s3->tmp.finish_md_len = i;
+ memcpy(p, s->s3->tmp.finish_md, i);
+ p+=i;
+diff --git a/a/ssl/s3_pkt.c b/b/ssl/s3_pkt.c
+index 804291e..c4bc4e7 100644
+--- a/a/ssl/s3_pkt.c
++++ b/b/ssl/s3_pkt.c
+@@ -335,7 +335,7 @@ fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
+ if (version != s->version)
+ {
+ SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
+- if ((s->version & 0xFF00) == (version & 0xFF00))
++ if ((s->version & 0xFF00) == (version & 0xFF00) && !s->enc_write_ctx && !s->write_hash)
+ /* Send back error using their minor version number :-) */
+ s->version = (unsigned short)version;
+ al=SSL_AD_PROTOCOL_VERSION;
+@@ -1459,8 +1459,14 @@ int ssl3_do_change_cipher_spec(SSL *s)
+ slen=s->method->ssl3_enc->client_finished_label_len;
+ }
+
+- s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
++ i = s->method->ssl3_enc->final_finish_mac(s,
+ sender,slen,s->s3->tmp.peer_finish_md);
++ if (i == 0)
++ {
++ SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);
++ return 0;
++ }
++ s->s3->tmp.peer_finish_md_len = i;
+
+ return(1);
+ }
+diff --git a/a/ssl/s3_srvr.c b/b/ssl/s3_srvr.c
+index e5a8b3f..52efed3 100644
+--- a/a/ssl/s3_srvr.c
++++ b/b/ssl/s3_srvr.c
+@@ -958,7 +958,8 @@ int ssl3_get_client_hello(SSL *s)
+ (s->version != DTLS1_VERSION && s->client_version < s->version))
+ {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
+- if ((s->client_version>>8) == SSL3_VERSION_MAJOR)
++ if ((s->client_version>>8) == SSL3_VERSION_MAJOR &&
++ !s->enc_write_ctx && !s->write_hash)
+ {
+ /* similar to ssl3_get_record, send alert using remote version number */
+ s->version = s->client_version;
+diff --git a/a/ssl/t1_enc.c b/b/ssl/t1_enc.c
+index 809ad2e..72015f5 100644
+--- a/a/ssl/t1_enc.c
++++ b/b/ssl/t1_enc.c
+@@ -915,18 +915,19 @@ int tls1_final_finish_mac(SSL *s,
+ if (mask & ssl_get_algorithm2(s))
+ {
+ int hashsize = EVP_MD_size(md);
+- if (hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf)))
++ EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx];
++ if (!hdgst || hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf)))
+ {
+ /* internal error: 'buf' is too small for this cipersuite! */
+ err = 1;
+ }
+ else
+ {
+- EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[idx]);
+- EVP_DigestFinal_ex(&ctx,q,&i);
+- if (i != (unsigned int)hashsize) /* can't really happen */
++ if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) ||
++ !EVP_DigestFinal_ex(&ctx,q,&i) ||
++ (i != (unsigned int)hashsize))
+ err = 1;
+- q+=i;
++ q+=hashsize;
+ }
+ }
+ }
+--
+1.8.3.1
+
diff --git a/external/openssl/CVE-2013-6450.patch b/external/openssl/CVE-2013-6450.patch
new file mode 100644
index 000000000000..ba45785d996b
--- /dev/null
+++ b/external/openssl/CVE-2013-6450.patch
@@ -0,0 +1,85 @@
+Fix DTLS retransmission from previous session.
+
+For DTLS we might need to retransmit messages from the previous session
+so keep a copy of write context in DTLS retransmission buffers instead
+of replacing it after sending CCS. CVE-2013-6450.
+
+diff --git a/a/ssl/d1_both.c b/b/ssl/d1_both.c
+index 65ec001..7a5596a 100644
+--- a/a/ssl/d1_both.c
++++ b/b/ssl/d1_both.c
+@@ -214,6 +214,12 @@ dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
+ static void
+ dtls1_hm_fragment_free(hm_fragment *frag)
+ {
++
++ if (frag->msg_header.is_ccs)
++ {
++ EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx);
++ EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash);
++ }
+ if (frag->fragment) OPENSSL_free(frag->fragment);
+ if (frag->reassembly) OPENSSL_free(frag->reassembly);
+ OPENSSL_free(frag);
+diff --git a/a/ssl/ssl_locl.h b/b/ssl/ssl_locl.h
+index 96ce9a7..e485907 100644
+--- a/a/ssl/ssl_locl.h
++++ b/b/ssl/ssl_locl.h
+@@ -621,6 +621,8 @@ extern SSL3_ENC_METHOD TLSv1_enc_data;
+ extern SSL3_ENC_METHOD SSLv3_enc_data;
+ extern SSL3_ENC_METHOD DTLSv1_enc_data;
+
++#define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION)
++
+ #define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \
+ s_get_meth) \
+ const SSL_METHOD *func_name(void) \
+diff --git a/a/ssl/t1_enc.c b/b/ssl/t1_enc.c
+index 72015f5..56db834 100644
+--- a/a/ssl/t1_enc.c
++++ b/b/ssl/t1_enc.c
+@@ -414,15 +414,20 @@ int tls1_change_cipher_state(SSL *s, int which)
+ s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
+ else
+ s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
+- if (s->enc_write_ctx != NULL)
++ if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s))
+ reuse_dd = 1;
+- else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
++ else if ((s->enc_write_ctx=EVP_CIPHER_CTX_new()) == NULL)
+ goto err;
+- else
+- /* make sure it's intialized in case we exit later with an error */
+- EVP_CIPHER_CTX_init(s->enc_write_ctx);
+ dd= s->enc_write_ctx;
+- mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
++ if (SSL_IS_DTLS(s))
++ {
++ mac_ctx = EVP_MD_CTX_create();
++ if (!mac_ctx)
++ goto err;
++ s->write_hash = mac_ctx;
++ }
++ else
++ mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
+ #ifndef OPENSSL_NO_COMP
+ if (s->compress != NULL)
+ {
+diff --git a/a/crypto/evp/digest.c b/b/crypto/evp/digest.c
+index 6fc469f..d14e8e4 100644
+--- a/a/crypto/evp/digest.c
++++ b/b/crypto/evp/digest.c
+@@ -366,8 +366,11 @@ int EVP_Digest(const void *data, size_t count,
+
+ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
+ {
+- EVP_MD_CTX_cleanup(ctx);
+- OPENSSL_free(ctx);
++ if (ctx)
++ {
++ EVP_MD_CTX_cleanup(ctx);
++ OPENSSL_free(ctx);
++ }
+ }
+
+ /* This call frees resources associated with the context */
diff --git a/external/openssl/CVE-2014-0195.patch b/external/openssl/CVE-2014-0195.patch
new file mode 100644
index 000000000000..d9aaa83acd2a
--- /dev/null
+++ b/external/openssl/CVE-2014-0195.patch
@@ -0,0 +1,36 @@
+commit 208d54db20d58c9a5e45e856a0650caadd7d9612
+Author: Dr. Stephen Henson <steve@openssl.org>
+Date: Tue May 13 18:48:31 2014 +0100
+
+ Fix for CVE-2014-0195
+
+ A buffer overrun attack can be triggered by sending invalid DTLS fragments
+ to an OpenSSL DTLS client or server. This is potentially exploitable to
+ run arbitrary code on a vulnerable client or server.
+
+ Fixed by adding consistency check for DTLS fragments.
+
+ Thanks to Jüri Aedla for reporting this issue.
+
+diff --git a/a/ssl/d1_both.c b/b/ssl/d1_both.c
+index 2e8cf68..07f67f8 100644
+--- a/a/ssl/d1_both.c
++++ b/b/ssl/d1_both.c
+@@ -627,7 +627,16 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
+ frag->msg_header.frag_off = 0;
+ }
+ else
++ {
+ frag = (hm_fragment*) item->data;
++ if (frag->msg_header.msg_len != msg_hdr->msg_len)
++ {
++ item = NULL;
++ frag = NULL;
++ goto err;
++ }
++ }
++
+
+ /* If message is already reassembled, this must be a
+ * retransmit and can be dropped.
+
diff --git a/external/openssl/CVE-2014-0198.patch b/external/openssl/CVE-2014-0198.patch
new file mode 100644
index 000000000000..0cffb79c7faa
--- /dev/null
+++ b/external/openssl/CVE-2014-0198.patch
@@ -0,0 +1,33 @@
+From: Matt Caswell <matt@openssl.org>
+Date: Sun, 11 May 2014 23:38:37 +0000 (+0100)
+Subject: Fixed NULL pointer dereference. See PR#3321
+X-Git-Url: https://git.openssl.org/gitweb/b/?p=openssl.git;a=commitdiff_plain;h=b107586
+
+Fixed NULL pointer dereference. See PR#3321
+---
+
+diff --git a/a/ssl/s3_pkt.c b/b/ssl/s3_pkt.c
+index 40eb0dd..d961d12 100644
+--- a/a/ssl/s3_pkt.c
++++ b/b/ssl/s3_pkt.c
+@@ -657,9 +657,6 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+ SSL3_BUFFER *wb=&(s->s3->wbuf);
+ SSL_SESSION *sess;
+
+- if (wb->buf == NULL)
+- if (!ssl3_setup_write_buffer(s))
+- return -1;
+
+ /* first check if there is a SSL3_BUFFER still being written
+ * out. This will happen with non blocking IO */
+@@ -675,6 +672,10 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+ /* if it went, fall through and send more stuff */
+ }
+
++ if (wb->buf == NULL)
++ if (!ssl3_setup_write_buffer(s))
++ return -1;
++
+ if (len == 0 && !create_empty_fragment)
+ return 0;
+
diff --git a/external/openssl/CVE-2014-0221.patch b/external/openssl/CVE-2014-0221.patch
new file mode 100644
index 000000000000..68186f742908
--- /dev/null
+++ b/external/openssl/CVE-2014-0221.patch
@@ -0,0 +1,34 @@
+commit d30e582446b027868cdabd0994681643682045a4
+Author: Dr. Stephen Henson <steve@openssl.org>
+Date: Fri May 16 13:00:45 2014 +0100
+
+ Fix CVE-2014-0221
+
+ Unnecessary recursion when receiving a DTLS hello request can be used to
+ crash a DTLS client. Fixed by handling DTLS hello request without recursion.
+
+ Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
+
+diff --git a/a/ssl/d1_both.c b/b/ssl/d1_both.c
+index 07f67f8..4c2fd03 100644
+--- a/a/ssl/d1_both.c
++++ b/b/ssl/d1_both.c
+@@ -793,6 +793,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
+ int i,al;
+ struct hm_header_st msg_hdr;
+
++ redo:
+ /* see if we have the required fragment already */
+ if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok)
+ {
+@@ -851,8 +852,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
+ s->msg_callback_arg);
+
+ s->init_num = 0;
+- return dtls1_get_message_fragment(s, st1, stn,
+- max, ok);
++ goto redo;
+ }
+ else /* Incorrectly formated Hello request */
+ {
+
diff --git a/external/openssl/CVE-2014-0224.patch b/external/openssl/CVE-2014-0224.patch
new file mode 100644
index 000000000000..8a7aaa78f358
--- /dev/null
+++ b/external/openssl/CVE-2014-0224.patch
@@ -0,0 +1,88 @@
+diff -up openssl-1.0.1e/ssl/ssl3.h.keying-mitm openssl-1.0.1e/ssl/ssl3.h
+--- a/a/ssl/ssl3.h.keying-mitm 2014-06-02 19:48:04.518100562 +0200
+--- b/b/ssl/ssl3.h 2014-06-02 19:48:04.642103429 +0200
+@@ -388,6 +388,7 @@ typedef struct ssl3_buffer_st
+ #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
+ #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010
+ #define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020
++#define SSL3_FLAGS_CCS_OK 0x0080
+
+ /* SSL3_FLAGS_SGC_RESTART_DONE is set when we
+ * restart a handshake because of MS SGC and so prevents us
+diff -up openssl-1.0.1e/ssl/s3_clnt.c.keying-mitm openssl-1.0.1e/ssl/s3_clnt.c
+--- a/a/ssl/s3_clnt.c.keying-mitm 2013-02-11 16:26:04.000000000 +0100
+--- b/b/ssl/s3_clnt.c 2014-06-02 19:49:57.042701985 +0200
+@@ -559,6 +559,7 @@ int ssl3_connect(SSL *s)
+ case SSL3_ST_CR_FINISHED_A:
+ case SSL3_ST_CR_FINISHED_B:
+
++ s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
+ SSL3_ST_CR_FINISHED_B);
+ if (ret <= 0) goto end;
+@@ -916,6 +917,7 @@ int ssl3_get_server_hello(SSL *s)
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
+ goto f_err;
+ }
++ s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ s->hit=1;
+ }
+ else /* a miss or crap from the other end */
+diff -up openssl-1.0.1e/ssl/s3_pkt.c.keying-mitm openssl-1.0.1e/ssl/s3_pkt.c
+--- a/a/ssl/s3_pkt.c.keying-mitm 2014-06-02 19:48:04.640103383 +0200
+--- b/b/ssl/s3_pkt.c 2014-06-02 19:48:04.643103452 +0200
+@@ -1298,6 +1298,15 @@ start:
+ goto f_err;
+ }
+
++ if (!(s->s3->flags & SSL3_FLAGS_CCS_OK))
++ {
++ al=SSL_AD_UNEXPECTED_MESSAGE;
++ SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY);
++ goto f_err;
++ }
++
++ s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
++
+ rr->length=0;
+
+ if (s->msg_callback)
+@@ -1432,7 +1441,7 @@ int ssl3_do_change_cipher_spec(SSL *s)
+
+ if (s->s3->tmp.key_block == NULL)
+ {
+- if (s->session == NULL)
++ if (s->session == NULL || s->session->master_key_length == 0)
+ {
+ /* might happen if dtls1_read_bytes() calls this */
+ SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);
+diff -up openssl-1.0.1e/ssl/s3_srvr.c.keying-mitm openssl-1.0.1e/ssl/s3_srvr.c
+--- a/a/ssl/s3_srvr.c.keying-mitm 2014-06-02 19:48:04.630103151 +0200
+--- b/b/ssl/s3_srvr.c 2014-06-02 19:48:04.643103452 +0200
+@@ -673,6 +673,7 @@ int ssl3_accept(SSL *s)
+ case SSL3_ST_SR_CERT_VRFY_A:
+ case SSL3_ST_SR_CERT_VRFY_B:
+
++ s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ /* we should decide if we expected this one */
+ ret=ssl3_get_cert_verify(s);
+ if (ret <= 0) goto end;
+@@ -700,6 +701,7 @@ int ssl3_accept(SSL *s)
+
+ case SSL3_ST_SR_FINISHED_A:
+ case SSL3_ST_SR_FINISHED_B:
++ s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
+ SSL3_ST_SR_FINISHED_B);
+ if (ret <= 0) goto end;
+@@ -770,7 +772,10 @@ int ssl3_accept(SSL *s)
+ s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
+ #else
+ if (s->s3->next_proto_neg_seen)
++ {
++ s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PROTO_A;
++ }
+ else
+ s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
+ #endif
diff --git a/external/openssl/CVE-2014-3470.patch b/external/openssl/CVE-2014-3470.patch
new file mode 100644
index 000000000000..da123eef3822
--- /dev/null
+++ b/external/openssl/CVE-2014-3470.patch
@@ -0,0 +1,26 @@
+commit 4ad43d511f6cf064c66eb4bfd0fb0919b5dd8a86
+Author: Dr. Stephen Henson <steve@openssl.org>
+Date: Thu May 29 15:00:05 2014 +0100
+
+ Fix CVE-2014-3470
+
+ Check session_cert is not NULL before dereferencing it.
+
+diff --git a/a/ssl/s3_clnt.c b/b/ssl/s3_clnt.c
+index d35376d..4324f8d 100644
+--- a/a/ssl/s3_clnt.c
++++ b/b/ssl/s3_clnt.c
+@@ -2511,6 +2511,13 @@ int ssl3_send_client_key_exchange(SSL *s)
+ int ecdh_clnt_cert = 0;
+ int field_size = 0;
+
++ if (s->session->sess_cert == NULL)
++ {
++ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
++ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
++ goto err;
++ }
++
+ /* Did we send out the client's
+ * ECDH share for use in premaster
+ * computation as part of client certificate?
diff --git a/external/openssl/UnpackedTarball_openssl.mk b/external/openssl/UnpackedTarball_openssl.mk
index 869a74e11b14..07a775e38930 100644
--- a/external/openssl/UnpackedTarball_openssl.mk
+++ b/external/openssl/UnpackedTarball_openssl.mk
@@ -91,7 +91,16 @@ $(eval $(call gb_UnpackedTarball_fix_end_of_line,openssl,\
))
$(eval $(call gb_UnpackedTarball_add_patches,openssl,\
+ external/openssl/CVE-2013-6449.patch \
+ external/openssl/CVE-2013-6450.patch \
+ external/openssl/CVE-2013-4353.patch \
external/openssl/CVE-2014-0160.patch \
+ external/openssl/CVE-2010-5298.patch \
+ external/openssl/CVE-2014-0195.patch \
+ external/openssl/CVE-2014-0198.patch \
+ external/openssl/CVE-2014-0221.patch \
+ external/openssl/CVE-2014-0224.patch \
+ external/openssl/CVE-2014-3470.patch \
$(if $(filter LINUX FREEBSD ANDROID,$(OS)),external/openssl/openssllnx.patch) \
$(if $(filter WNTGCC,$(OS)$(COM)),external/openssl/opensslmingw.patch) \
$(if $(filter MSC,$(COM)),external/openssl/opensslwnt.patch) \