File openssl-CVE-2014-3572.patch of Package compat-openssl098.3237

commit e42a2abadc90664e2615dc63ba7f79cf163f780a
Author: Dr. Stephen Henson <steve@openssl.org>
Date:   Fri Oct 24 12:30:33 2014 +0100

    ECDH downgrade bug fix.
    
    Fix bug where an OpenSSL client would accept a handshake using an
    ephemeral ECDH ciphersuites with the server key exchange message omitted.
    
    Thanks to Karthikeyan Bhargavan for reporting this issue.
    
    CVE-2014-3572
    Reviewed-by: Matt Caswell <matt@openssl.org>
    
    (cherry picked from commit b15f8769644b00ef7283521593360b7b2135cb63)
    
    Conflicts:
    	CHANGES
    	ssl/s3_clnt.c

Index: openssl-0.9.8j/ssl/s3_clnt.c
===================================================================
--- openssl-0.9.8j.orig/ssl/s3_clnt.c	2015-01-08 14:25:23.608531470 +0100
+++ openssl-0.9.8j/ssl/s3_clnt.c	2015-01-08 14:25:24.833546429 +0100
@@ -1109,8 +1109,21 @@ int ssl3_get_key_exchange(SSL *s)
 
 	if (!ok) return((int)n);
 
+	alg=s->s3->tmp.new_cipher->algorithms;
+	EVP_MD_CTX_init(&md_ctx);
+
 	if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE)
 		{
+		/*
+		 * Can't skip server key exchange if this is an ephemeral
+		 * ciphersuite.
+		 */
+		if (alg & (SSL_kEDH|SSL_kECDHE))
+			{
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
+			al = SSL_AD_UNEXPECTED_MESSAGE;
+			goto f_err;
+			}
 		s->s3->tmp.reuse_message=1;
 		return(1);
 		}
@@ -1147,8 +1160,6 @@ int ssl3_get_key_exchange(SSL *s)
 		}
 
 	param_len=0;
-	alg=s->s3->tmp.new_cipher->algorithms;
-	EVP_MD_CTX_init(&md_ctx);
 
 #ifndef OPENSSL_NO_RSA
 	if (alg & SSL_kRSA)