[openssl-commits] [openssl] OpenSSL_1_0_1-stable update
Kurt Roeckx
kurt at openssl.org
Tue Nov 24 21:15:48 UTC 2015
The branch OpenSSL_1_0_1-stable has been updated
via 844de56ed6e96042d364da6020bd29a816293a0a (commit)
via 784934498fac88eaeff106e22bcab44c272e2cc9 (commit)
via 0b5f9ce37bd0e4030faf6af9e1b6356693239576 (commit)
from fc45da053535ee4de573aeb4d895ef6d6f7b72c9 (commit)
- Log -----------------------------------------------------------------
commit 844de56ed6e96042d364da6020bd29a816293a0a
Author: Marcus Meissner <meissner at suse.de>
Date: Tue Nov 24 22:03:58 2015 +0100
mark openssl configuration as loaded at end of OPENSSL_config
Signed-off-by: Kurt Roeckx <kurt at roeckx.be>
Reviewed-by: Rich Salz <rsalz at akamai.com>
GH: #466
(cherry picked from commit 434b58457c8cca4d09f77a1774d6d2c446604bae)
commit 784934498fac88eaeff106e22bcab44c272e2cc9
Author: Pascal Cuoq <cuoq at trust-in-soft.com>
Date: Mon Nov 23 00:13:15 2015 +0100
ssl3_free(): Return if it wasn't created
If somewhere in SSL_new() there is a memory allocation failure, ssl3_free() can
get called with s->s3 still being NULL.
Patch also provided by Willy Tarreau <wtarreau at haproxy.com>
Signed-off-by: Kurt Roeckx <kurt at roeckx.be>
Reviewed-by: Viktor Dukhovni <openssl-users at dukhovni.org>
(cherry picked from commit 3e7bd2ce0b16f8611298175d6dc7cb35ee06ea6d)
commit 0b5f9ce37bd0e4030faf6af9e1b6356693239576
Author: Kurt Roeckx <kurt at roeckx.be>
Date: Tue Nov 24 21:53:40 2015 +0100
Set reference count earlier
Backport of 0e04674e964b905e67e3d215bcf888932c92765f
Reviewed-by: Steve Henson <steve at openssl.org>
RT #4047, #4110, MR #1356
-----------------------------------------------------------------------
Summary of changes:
crypto/conf/conf_sap.c | 1 +
ssl/s3_lib.c | 2 +-
ssl/ssl_cert.c | 2 +-
ssl/ssl_lib.c | 2 +-
4 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c
index 544fe97..c042cf2 100644
--- a/crypto/conf/conf_sap.c
+++ b/crypto/conf/conf_sap.c
@@ -90,6 +90,7 @@ void OPENSSL_config(const char *config_name)
CONF_modules_load_file(NULL, config_name,
CONF_MFLAGS_DEFAULT_SECTION |
CONF_MFLAGS_IGNORE_MISSING_FILE);
+ openssl_configured = 1;
}
void OPENSSL_no_config()
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index de917d3..f716d77 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -2955,7 +2955,7 @@ int ssl3_new(SSL *s)
void ssl3_free(SSL *s)
{
- if (s == NULL)
+ if (s == NULL || s->s3 == NULL)
return;
#ifdef TLSEXT_TYPE_opaque_prf_input
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 5df2413..9a4e104 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -206,6 +206,7 @@ CERT *ssl_cert_dup(CERT *cert)
memset(ret, 0, sizeof(CERT));
+ ret->references = 1;
ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]];
/*
* or ret->key = ret->pkeys + (cert->key - cert->pkeys), if you find that
@@ -282,7 +283,6 @@ CERT *ssl_cert_dup(CERT *cert)
* chain is held inside SSL_CTX
*/
- ret->references = 1;
/*
* Set digests to defaults. NB: we don't copy existing values as they
* will be set during handshake.
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 9cfeaf3..93d1cbe 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -307,6 +307,7 @@ SSL *SSL_new(SSL_CTX *ctx)
s->options = ctx->options;
s->mode = ctx->mode;
s->max_cert_list = ctx->max_cert_list;
+ s->references = 1;
if (ctx->cert != NULL) {
/*
@@ -375,7 +376,6 @@ SSL *SSL_new(SSL_CTX *ctx)
if (!s->method->ssl_new(s))
goto err;
- s->references = 1;
s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;
SSL_clear(s);
More information about the openssl-commits
mailing list