[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
Kurt Roeckx
kurt at openssl.org
Tue Nov 24 21:15:41 UTC 2015
The branch OpenSSL_1_0_2-stable has been updated
via 296f7bd1ace9383648795b24bf2f3c10d0b9ca47 (commit)
via a5b63f80736862809a0f76ce22f7c0cc8163d6ae (commit)
via 3a9328e3f7adfb0e5ccfb5375c98f4ef304f8554 (commit)
from 943c4ca62b3f5a160340d57aecb9413407a06e15 (commit)
- Log -----------------------------------------------------------------
commit 296f7bd1ace9383648795b24bf2f3c10d0b9ca47
Author: Marcus Meissner <meissner at suse.de>
Date: Tue Nov 24 22:03:58 2015 +0100
mark openssl configuration as loaded at end of OPENSSL_config
Signed-off-by: Kurt Roeckx <kurt at roeckx.be>
Reviewed-by: Rich Salz <rsalz at akamai.com>
GH: #466
(cherry picked from commit 434b58457c8cca4d09f77a1774d6d2c446604bae)
commit a5b63f80736862809a0f76ce22f7c0cc8163d6ae
Author: Pascal Cuoq <cuoq at trust-in-soft.com>
Date: Mon Nov 23 00:13:15 2015 +0100
ssl3_free(): Return if it wasn't created
If somewhere in SSL_new() there is a memory allocation failure, ssl3_free() can
get called with s->s3 still being NULL.
Patch also provided by Willy Tarreau <wtarreau at haproxy.com>
Signed-off-by: Kurt Roeckx <kurt at roeckx.be>
Reviewed-by: Viktor Dukhovni <openssl-users at dukhovni.org>
(cherry picked from commit 3e7bd2ce0b16f8611298175d6dc7cb35ee06ea6d)
commit 3a9328e3f7adfb0e5ccfb5375c98f4ef304f8554
Author: Kurt Roeckx <kurt at roeckx.be>
Date: Mon Nov 23 00:07:28 2015 +0100
Set reference count earlier
Backport of 0e04674e964b905e67e3d215bcf888932c92765f
Reviewed-by: Steve Henson <steve at openssl.org>
RT #4047, #4110, MR #1356
-----------------------------------------------------------------------
Summary of changes:
crypto/conf/conf_sap.c | 1 +
ssl/s3_lib.c | 2 +-
ssl/ssl_cert.c | 2 +-
ssl/ssl_lib.c | 2 +-
4 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c
index 544fe97..c042cf2 100644
--- a/crypto/conf/conf_sap.c
+++ b/crypto/conf/conf_sap.c
@@ -90,6 +90,7 @@ void OPENSSL_config(const char *config_name)
CONF_modules_load_file(NULL, config_name,
CONF_MFLAGS_DEFAULT_SECTION |
CONF_MFLAGS_IGNORE_MISSING_FILE);
+ openssl_configured = 1;
}
void OPENSSL_no_config()
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index ad9eeb6..64793d6 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -2983,7 +2983,7 @@ int ssl3_new(SSL *s)
void ssl3_free(SSL *s)
{
- if (s == NULL)
+ if (s == NULL || s->s3 == NULL)
return;
#ifdef TLSEXT_TYPE_opaque_prf_input
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 93a1eb9..a73f866 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -227,6 +227,7 @@ CERT *ssl_cert_dup(CERT *cert)
memset(ret, 0, sizeof(CERT));
+ ret->references = 1;
ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]];
/*
* or ret->key = ret->pkeys + (cert->key - cert->pkeys), if you find that
@@ -325,7 +326,6 @@ CERT *ssl_cert_dup(CERT *cert)
#endif
}
- ret->references = 1;
/*
* Set digests to defaults. NB: we don't copy existing values as they
* will be set during handshake.
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 9ddc591..f2071db 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -307,6 +307,7 @@ SSL *SSL_new(SSL_CTX *ctx)
s->options = ctx->options;
s->mode = ctx->mode;
s->max_cert_list = ctx->max_cert_list;
+ s->references = 1;
if (ctx->cert != NULL) {
/*
@@ -405,7 +406,6 @@ SSL *SSL_new(SSL_CTX *ctx)
if (!s->method->ssl_new(s))
goto err;
- s->references = 1;
s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;
SSL_clear(s);
More information about the openssl-commits
mailing list