[openssl-commits] [openssl] OpenSSL_1_0_1-stable update

Kurt Roeckx kurt at openssl.org
Tue Nov 24 21:15:48 UTC 2015


The branch OpenSSL_1_0_1-stable has been updated
       via  844de56ed6e96042d364da6020bd29a816293a0a (commit)
       via  784934498fac88eaeff106e22bcab44c272e2cc9 (commit)
       via  0b5f9ce37bd0e4030faf6af9e1b6356693239576 (commit)
      from  fc45da053535ee4de573aeb4d895ef6d6f7b72c9 (commit)


- Log -----------------------------------------------------------------
commit 844de56ed6e96042d364da6020bd29a816293a0a
Author: Marcus Meissner <meissner at suse.de>
Date:   Tue Nov 24 22:03:58 2015 +0100

    mark openssl configuration as loaded at end of OPENSSL_config
    
    Signed-off-by: Kurt Roeckx <kurt at roeckx.be>
    Reviewed-by: Rich Salz <rsalz at akamai.com>
    
    GH: #466
    (cherry picked from commit 434b58457c8cca4d09f77a1774d6d2c446604bae)

commit 784934498fac88eaeff106e22bcab44c272e2cc9
Author: Pascal Cuoq <cuoq at trust-in-soft.com>
Date:   Mon Nov 23 00:13:15 2015 +0100

    ssl3_free(): Return if it wasn't created
    
    If somewhere in SSL_new() there is a memory allocation failure, ssl3_free() can
    get called with s->s3 still being NULL.
    
    Patch also provided by Willy Tarreau <wtarreau at haproxy.com>
    
    Signed-off-by: Kurt Roeckx <kurt at roeckx.be>
    Reviewed-by: Viktor Dukhovni <openssl-users at dukhovni.org>
    (cherry picked from commit 3e7bd2ce0b16f8611298175d6dc7cb35ee06ea6d)

commit 0b5f9ce37bd0e4030faf6af9e1b6356693239576
Author: Kurt Roeckx <kurt at roeckx.be>
Date:   Tue Nov 24 21:53:40 2015 +0100

    Set reference count earlier
    
    Backport of 0e04674e964b905e67e3d215bcf888932c92765f
    
    Reviewed-by: Steve Henson <steve at openssl.org>
    
    RT #4047, #4110, MR #1356

-----------------------------------------------------------------------

Summary of changes:
 crypto/conf/conf_sap.c | 1 +
 ssl/s3_lib.c           | 2 +-
 ssl/ssl_cert.c         | 2 +-
 ssl/ssl_lib.c          | 2 +-
 4 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c
index 544fe97..c042cf2 100644
--- a/crypto/conf/conf_sap.c
+++ b/crypto/conf/conf_sap.c
@@ -90,6 +90,7 @@ void OPENSSL_config(const char *config_name)
     CONF_modules_load_file(NULL, config_name,
                                CONF_MFLAGS_DEFAULT_SECTION |
                                CONF_MFLAGS_IGNORE_MISSING_FILE);
+    openssl_configured = 1;
 }
 
 void OPENSSL_no_config()
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index de917d3..f716d77 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -2955,7 +2955,7 @@ int ssl3_new(SSL *s)
 
 void ssl3_free(SSL *s)
 {
-    if (s == NULL)
+    if (s == NULL || s->s3 == NULL)
         return;
 
 #ifdef TLSEXT_TYPE_opaque_prf_input
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 5df2413..9a4e104 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -206,6 +206,7 @@ CERT *ssl_cert_dup(CERT *cert)
 
     memset(ret, 0, sizeof(CERT));
 
+    ret->references = 1;
     ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]];
     /*
      * or ret->key = ret->pkeys + (cert->key - cert->pkeys), if you find that
@@ -282,7 +283,6 @@ CERT *ssl_cert_dup(CERT *cert)
      * chain is held inside SSL_CTX
      */
 
-    ret->references = 1;
     /*
      * Set digests to defaults. NB: we don't copy existing values as they
      * will be set during handshake.
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 9cfeaf3..93d1cbe 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -307,6 +307,7 @@ SSL *SSL_new(SSL_CTX *ctx)
     s->options = ctx->options;
     s->mode = ctx->mode;
     s->max_cert_list = ctx->max_cert_list;
+    s->references = 1;
 
     if (ctx->cert != NULL) {
         /*
@@ -375,7 +376,6 @@ SSL *SSL_new(SSL_CTX *ctx)
     if (!s->method->ssl_new(s))
         goto err;
 
-    s->references = 1;
     s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;
 
     SSL_clear(s);


More information about the openssl-commits mailing list