[openssl.org #3083] [PATCH] Adds sanity checking to malloc()/calloc()/alloca() calls in OpenSSL 1.0.1c

Hello All, I am not sure that the patches below correct any potential security issue, but use of values returned from calloc()/malloc() and alloca() without checking for NULL may result in undesirable behavior in OpenSSL 1.0.1c. The patches below result in a clean './config' and 'make' under

[openssl.org #3084] openssl-1.0.1e: Configure lacks disable of SSLV2 and Compression by default

From file `Configure`, around line 720: my %disabled = ( # what = comment [or special keyword experimental] ec_nistp_64_gcc_128 = default, gmp= default, jpake = experimental, md2= default,

[openssl.org #3085] config on *nix does not reject incorrect arguments

I know this is my error, but the following is undesirable behavior: $ ./config fips shared -no-sslv2 -no-sslv3 -no-comp -no-hw -no-engines --openssldir=/usr/local/ssl/$ANDROID_API --with-fipsdir=/usr/local/ssl/$ANDROID_API --with-fipslibdir=/usr/local/ssl/$ANDROID_API/lib/ Operating system: