Fix issues with original SA-15:06.openssl commit:

- Revert a portion of ASN1 change per suggested by OpenBSD and OpenSSL developers. The change was removed from the formal OpenSSL release and does not solve security issue. - Properly fix CVE-2015-0209 and CVE-2015-0288. Approved by: so
author: delphij <delphij@FreeBSD.org> 2015-03-20 07:12:02 +0000
committer: delphij <delphij@FreeBSD.org> 2015-03-20 07:12:02 +0000
commit: 9387a8381eea4528c3960e3b758afa203bdac77f (patch)
tree: af1ae9a96e27bd4bf51e323f8832fdb2ed0a96c2 /crypto/openssl/crypto/ec/ec_asn1.c
parent: ed1c957e81c43faf4f46da5c96ce67bcea64f598 (diff)
download: FreeBSD-src-9387a8381eea4528c3960e3b758afa203bdac77f.zip
FreeBSD-src-9387a8381eea4528c3960e3b758afa203bdac77f.tar.gz
1 files changed, 3 insertions, 3 deletions
diff --git a/crypto/openssl/crypto/ec/ec_asn1.c b/crypto/openssl/crypto/ec/ec_asn1.c
index 52d31c2..68240ec 100644
--- a/crypto/openssl/crypto/ec/ec_asn1.c
+++ b/crypto/openssl/crypto/ec/ec_asn1.c
@@ -1142,8 +1142,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
                                  ERR_R_MALLOC_FAILURE);
 			goto err;
 			}
-		if (a)
-			*a = ret;
 		}
 	else
 		ret = *a;
@@ -1225,11 +1223,13 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
 		ret->enc_flag |= EC_PKEY_NO_PUBKEY;
 		}
 
+	if (a)
+		*a = ret;
 	ok = 1;
 err:
 	if (!ok)
 		{
-		if (ret)
+		if (ret && (a == NULL || *a != ret))
 			EC_KEY_free(ret);
 		ret = NULL;
 		}
author	delphij <delphij@FreeBSD.org>	2015-03-20 07:12:02 +0000
committer	delphij <delphij@FreeBSD.org>	2015-03-20 07:12:02 +0000
commit	9387a8381eea4528c3960e3b758afa203bdac77f (patch)
tree	af1ae9a96e27bd4bf51e323f8832fdb2ed0a96c2 /crypto/openssl/crypto/ec/ec_asn1.c
parent	ed1c957e81c43faf4f46da5c96ce67bcea64f598 (diff)
download	FreeBSD-src-9387a8381eea4528c3960e3b758afa203bdac77f.zip FreeBSD-src-9387a8381eea4528c3960e3b758afa203bdac77f.tar.gz