openssl/CVE-2013-6449.patch

Index: openssl-1.0.1e/ssl/s3_lib.c
===================================================================
--- openssl-1.0.1e.orig/ssl/s3_lib.c
+++ openssl-1.0.1e/ssl/s3_lib.c
@@ -4274,7 +4274,7 @@ need to go to SSL_ST_ACCEPT.
 long ssl_get_algorithm2(SSL *s)
 	{
 	long alg2 = s->s3->tmp.new_cipher->algorithm2;
-	if (TLS1_get_version(s) >= TLS1_2_VERSION &&
+	if (s->method->version == TLS1_2_VERSION &&
 	    alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
 		return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
 	return alg2;
Index: openssl-1.0.1e/ssl/s3_both.c
===================================================================
--- openssl-1.0.1e.orig/ssl/s3_both.c
+++ openssl-1.0.1e/ssl/s3_both.c
@@ -161,6 +161,10 @@ int ssl3_send_finished(SSL *s, int a, in
 
 		i=s->method->ssl3_enc->final_finish_mac(s,
 			sender,slen,s->s3->tmp.finish_md);
+
+               if (i == 0)
+                       return 0;
+
 		s->s3->tmp.finish_md_len = i;
 		memcpy(p, s->s3->tmp.finish_md, i);
 		p+=i;
Index: openssl-1.0.1e/ssl/s3_pkt.c
===================================================================
--- openssl-1.0.1e.orig/ssl/s3_pkt.c
+++ openssl-1.0.1e/ssl/s3_pkt.c
@@ -1459,8 +1459,14 @@ int ssl3_do_change_cipher_spec(SSL *s)
 		slen=s->method->ssl3_enc->client_finished_label_len;
 		}
 
-	s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
+       i = s->method->ssl3_enc->final_finish_mac(s,
 		sender,slen,s->s3->tmp.peer_finish_md);
+       if (i == 0)
+               {
+               SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);
+               return 0;
+               }
+       s->s3->tmp.peer_finish_md_len = i;
 
 	return(1);
 	}
Index: openssl-1.0.1e/ssl/t1_enc.c
===================================================================
--- openssl-1.0.1e.orig/ssl/t1_enc.c
+++ openssl-1.0.1e/ssl/t1_enc.c
@@ -915,18 +915,19 @@ int tls1_final_finish_mac(SSL *s,
 		if (mask & ssl_get_algorithm2(s))
 			{
 			int hashsize = EVP_MD_size(md);
-			if (hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf)))
+                       EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx];
+                       if (!hdgst || hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf)))
 				{
 				/* internal error: 'buf' is too small for this cipersuite! */
 				err = 1;
 				}
 			else
 				{
-				EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[idx]);
-				EVP_DigestFinal_ex(&ctx,q,&i);
-				if (i != (unsigned int)hashsize) /* can't really happen */
+                               if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) ||
+                                       !EVP_DigestFinal_ex(&ctx,q,&i) ||
+                                       (i != (unsigned int)hashsize))
 					err = 1;
-				q+=i;
+                               q+=hashsize;
 				}
 			}
 		}