File openssl-CVE-2014-5139.patch of Package openssl1

commit 83764a989dcc87fbea337da5f8f86806fe767b7e
Author: Dr. Stephen Henson <steve@openssl.org>
Date:   Tue Jul 29 21:23:30 2014 +0100

Fix SRP ciphersuite DoS vulnerability.
    
    If a client attempted to use an SRP ciphersuite and it had not been
    set up correctly it would crash with a null pointer read. A malicious
    server could exploit this in a DoS attack.
    
    Thanks to Joonas Kuorilehto and Riku Hietamäki from Codenomicon
    for reporting this issue.
    
    CVE-2014-5139
    Reviewed-by: Tim Hudson <tjh@openssl.org>

Index: openssl-1.0.1g/ssl/s3_clnt.c
===================================================================
--- openssl-1.0.1g.orig/ssl/s3_clnt.c	2014-08-11 14:00:24.029298684 +0200
+++ openssl-1.0.1g/ssl/s3_clnt.c	2014-08-11 14:00:24.045298876 +0200
@@ -951,6 +951,15 @@ int ssl3_get_server_hello(SSL *s)
 		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED);
 		goto f_err;
 		}
+#ifndef OPENSSL_NO_SRP
+	if (((c->algorithm_mkey & SSL_kSRP) || (c->algorithm_auth & SSL_aSRP)) &&
+		    !(s->srp_ctx.srp_Mask & SSL_kSRP))
+		{
+		al=SSL_AD_ILLEGAL_PARAMETER;
+		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED);
+		goto f_err;
+		}
+#endif /* OPENSSL_NO_SRP */
 	p+=ssl_put_cipher_by_char(s,NULL,NULL);
 
 	sk=ssl_get_ciphers_by_id(s);
Index: openssl-1.0.1g/ssl/ssl_lib.c
===================================================================
--- openssl-1.0.1g.orig/ssl/ssl_lib.c	2014-03-17 17:14:20.000000000 +0100
+++ openssl-1.0.1g/ssl/ssl_lib.c	2014-08-11 14:00:24.046298888 +0200
@@ -1402,6 +1402,11 @@ int ssl_cipher_list_to_bytes(SSL *s,STAC
 		    s->psk_client_callback == NULL)
 			continue;
 #endif /* OPENSSL_NO_PSK */
+#ifndef OPENSSL_NO_SRP
+		if (((c->algorithm_mkey & SSL_kSRP) || (c->algorithm_auth & SSL_aSRP)) &&
+		    !(s->srp_ctx.srp_Mask & SSL_kSRP))
+		    continue;
+#endif /* OPENSSL_NO_SRP */
 		j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
 		p+=j;
 		}
Index: openssl-1.0.1g/ssl/ssl_ciph.c
===================================================================
--- openssl-1.0.1g.orig/ssl/ssl_ciph.c	2014-08-11 14:00:23.919297363 +0200
+++ openssl-1.0.1g/ssl/ssl_ciph.c	2014-08-11 14:02:19.988691538 +0200
@@ -270,6 +270,7 @@ static const SSL_CIPHER cipher_aliases[]
 	{0,SSL_TXT_aGOST94,0,0,SSL_aGOST94,0,0,0,0,0,0,0},
 	{0,SSL_TXT_aGOST01,0,0,SSL_aGOST01,0,0,0,0,0,0,0},
 	{0,SSL_TXT_aGOST,0,0,SSL_aGOST94|SSL_aGOST01,0,0,0,0,0,0,0},
+	{0,SSL_TXT_aSRP,0,    0,SSL_aSRP,  0,0,0,0,0,0,0},
 
 	/* aliases combining key exchange and server authentication */
 	{0,SSL_TXT_EDH,0,     SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0},
@@ -1634,6 +1635,9 @@ char *SSL_CIPHER_description(const SSL_C
 	case SSL_aPSK:
 		au="PSK";
 		break;
+	case SSL_aSRP:
+		au="SRP";
+		break;
 	default:
 		au="unknown";
 		break;
Index: openssl-1.0.1g/ssl/ssl.h
===================================================================
--- openssl-1.0.1g.orig/ssl/ssl.h	2014-03-17 17:14:20.000000000 +0100
+++ openssl-1.0.1g/ssl/ssl.h	2014-08-11 14:02:19.988691538 +0200
@@ -264,6 +264,7 @@ extern "C" {
 #define SSL_TXT_aGOST94	"aGOST94"
 #define SSL_TXT_aGOST01 "aGOST01"
 #define SSL_TXT_aGOST  "aGOST"
+#define SSL_TXT_aSRP            "aSRP"
 
 #define	SSL_TXT_DSS		"DSS"
 #define SSL_TXT_DH		"DH"
Index: openssl-1.0.1g/ssl/ssl_locl.h
===================================================================
--- openssl-1.0.1g.orig/ssl/ssl_locl.h	2014-08-11 14:00:23.924297423 +0200
+++ openssl-1.0.1g/ssl/ssl_locl.h	2014-08-11 14:02:19.988691538 +0200
@@ -315,6 +315,7 @@
 #define SSL_aPSK                0x00000080L /* PSK auth */
 #define SSL_aGOST94				0x00000100L /* GOST R 34.10-94 signature auth */
 #define SSL_aGOST01 			0x00000200L /* GOST R 34.10-2001 signature auth */
+#define SSL_aSRP 		0x00000400L /* SRP auth */
 
 
 /* Bits for algorithm_enc (symmetric encryption) */
Index: openssl-1.0.1g/ssl/s3_lib.c
===================================================================
--- openssl-1.0.1g.orig/ssl/s3_lib.c	2014-03-17 17:14:20.000000000 +0100
+++ openssl-1.0.1g/ssl/s3_lib.c	2014-08-11 14:02:19.987691495 +0200
@@ -2426,7 +2426,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
 	TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
 	TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
 	SSL_kSRP,
-	SSL_aNULL,
+	SSL_aSRP,
 	SSL_3DES,
 	SSL_SHA1,
 	SSL_TLSV1,
@@ -2474,7 +2474,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
 	TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
 	TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
 	SSL_kSRP,
-	SSL_aNULL,
+	SSL_aSRP,
 	SSL_AES128,
 	SSL_SHA1,
 	SSL_TLSV1,
@@ -2522,7 +2522,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
 	TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
 	TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
 	SSL_kSRP,
-	SSL_aNULL,
+	SSL_aSRP,
 	SSL_AES256,
 	SSL_SHA1,
 	SSL_TLSV1,