The branch OpenSSL_1_0_2-stable has been updated via 296f7bd1ace9383648795b24bf2f3c10d0b9ca47 (commit) via a5b63f80736862809a0f76ce22f7c0cc8163d6ae (commit) via 3a9328e3f7adfb0e5ccfb5375c98f4ef304f8554 (commit) from 943c4ca62b3f5a160340d57aecb9413407a06e15 (commit)
- Log ----------------------------------------------------------------- commit 296f7bd1ace9383648795b24bf2f3c10d0b9ca47 Author: Marcus Meissner <meiss...@suse.de> Date: Tue Nov 24 22:03:58 2015 +0100 mark openssl configuration as loaded at end of OPENSSL_config Signed-off-by: Kurt Roeckx <k...@roeckx.be> Reviewed-by: Rich Salz <rs...@akamai.com> GH: #466 (cherry picked from commit 434b58457c8cca4d09f77a1774d6d2c446604bae) commit a5b63f80736862809a0f76ce22f7c0cc8163d6ae Author: Pascal Cuoq <c...@trust-in-soft.com> Date: Mon Nov 23 00:13:15 2015 +0100 ssl3_free(): Return if it wasn't created If somewhere in SSL_new() there is a memory allocation failure, ssl3_free() can get called with s->s3 still being NULL. Patch also provided by Willy Tarreau <wtarr...@haproxy.com> Signed-off-by: Kurt Roeckx <k...@roeckx.be> Reviewed-by: Viktor Dukhovni <openssl-us...@dukhovni.org> (cherry picked from commit 3e7bd2ce0b16f8611298175d6dc7cb35ee06ea6d) commit 3a9328e3f7adfb0e5ccfb5375c98f4ef304f8554 Author: Kurt Roeckx <k...@roeckx.be> Date: Mon Nov 23 00:07:28 2015 +0100 Set reference count earlier Backport of 0e04674e964b905e67e3d215bcf888932c92765f Reviewed-by: Steve Henson <st...@openssl.org> RT #4047, #4110, MR #1356 ----------------------------------------------------------------------- Summary of changes: crypto/conf/conf_sap.c | 1 + ssl/s3_lib.c | 2 +- ssl/ssl_cert.c | 2 +- ssl/ssl_lib.c | 2 +- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c index 544fe97..c042cf2 100644 --- a/crypto/conf/conf_sap.c +++ b/crypto/conf/conf_sap.c @@ -90,6 +90,7 @@ void OPENSSL_config(const char *config_name) CONF_modules_load_file(NULL, config_name, CONF_MFLAGS_DEFAULT_SECTION | CONF_MFLAGS_IGNORE_MISSING_FILE); + openssl_configured = 1; } void OPENSSL_no_config() diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index ad9eeb6..64793d6 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2983,7 +2983,7 @@ int ssl3_new(SSL *s) void ssl3_free(SSL *s) { - if (s == NULL) + if (s == NULL || s->s3 == NULL) return; #ifdef TLSEXT_TYPE_opaque_prf_input diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 93a1eb9..a73f866 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -227,6 +227,7 @@ CERT *ssl_cert_dup(CERT *cert) memset(ret, 0, sizeof(CERT)); + ret->references = 1; ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]]; /* * or ret->key = ret->pkeys + (cert->key - cert->pkeys), if you find that @@ -325,7 +326,6 @@ CERT *ssl_cert_dup(CERT *cert) #endif } - ret->references = 1; /* * Set digests to defaults. NB: we don't copy existing values as they * will be set during handshake. diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 9ddc591..f2071db 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -307,6 +307,7 @@ SSL *SSL_new(SSL_CTX *ctx) s->options = ctx->options; s->mode = ctx->mode; s->max_cert_list = ctx->max_cert_list; + s->references = 1; if (ctx->cert != NULL) { /* @@ -405,7 +406,6 @@ SSL *SSL_new(SSL_CTX *ctx) if (!s->method->ssl_new(s)) goto err; - s->references = 1; s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1; SSL_clear(s); _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits