[openssl] OpenSSL_1_1_1-stable update

Matt Caswell matt at openssl.org
Thu Jun 13 09:24:59 UTC 2019


The branch OpenSSL_1_1_1-stable has been updated
       via  ed29a5f72e0d43526e9e5e7e9ff7de478ee99a50 (commit)
      from  58b582a722ced5e7713a6be49cec979e47a2b425 (commit)


- Log -----------------------------------------------------------------
commit ed29a5f72e0d43526e9e5e7e9ff7de478ee99a50
Author: Matt Caswell <matt at openssl.org>
Date:   Wed Jun 12 12:12:07 2019 +0100

    Update the d2i docs to reflect reality
    
    The d2i docs state that if an error occurs then |*a| is not freed. This
    is not correct. On error it is freed and set to NULL. We update the docs
    to say this, and also discuss the fact that this behaviour was inconsistent
    prior to OpenSSL 1.1.0.
    
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/9146)
    
    (cherry picked from commit b1d14c412a0ff06d191ef5640bd90bbcd590035c)

-----------------------------------------------------------------------

Summary of changes:
 doc/man3/d2i_X509.pod | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/doc/man3/d2i_X509.pod b/doc/man3/d2i_X509.pod
index 3d50f5d..747be16 100644
--- a/doc/man3/d2i_X509.pod
+++ b/doc/man3/d2i_X509.pod
@@ -500,8 +500,8 @@ Represents the B<DigestInfo> structure defined in PKCS#1 and PKCS#7.
 
 d2i_TYPE(), d2i_TYPE_bio() and d2i_TYPE_fp() return a valid B<TYPE> structure
 or B<NULL> if an error occurs.  If the "reuse" capability has been used with
-a valid structure being passed in via B<a>, then the object is not freed in
-the event of error but may be in a potentially invalid or inconsistent state.
+a valid structure being passed in via B<a>, then the object is freed in
+the event of error and B<*a> is set to NULL.
 
 i2d_TYPE() returns the number of bytes successfully encoded or a negative
 value if an error occurs.
@@ -582,9 +582,13 @@ happen.
 =head1 BUGS
 
 In some versions of OpenSSL the "reuse" behaviour of d2i_TYPE() when
-B<*px> is valid is broken and some parts of the reused structure may
-persist if they are not present in the new one. As a result the use
-of this "reuse" behaviour is strongly discouraged.
+B<*a> is valid is broken and some parts of the reused structure may
+persist if they are not present in the new one. Additionally, in versions of
+OpenSSL prior to 1.1.0, when the "reuse" behaviour is used and an error occurs
+the behaviour is inconsistent. Some functions behaved as described here, while
+some did not free B<*a> on error and did not set B<*a> to NULL.
+
+As a result of the above issues the "reuse" behaviour is strongly discouraged.
 
 i2d_TYPE() will not return an error in many versions of OpenSSL,
 if mandatory fields are not initialized due to a programming error


More information about the openssl-commits mailing list