diff options
author | delphij <delphij@FreeBSD.org> | 2015-03-20 07:12:02 +0000 |
---|---|---|
committer | delphij <delphij@FreeBSD.org> | 2015-03-20 07:12:02 +0000 |
commit | 9387a8381eea4528c3960e3b758afa203bdac77f (patch) | |
tree | af1ae9a96e27bd4bf51e323f8832fdb2ed0a96c2 /crypto/openssl/crypto/ec/ec_asn1.c | |
parent | ed1c957e81c43faf4f46da5c96ce67bcea64f598 (diff) | |
download | FreeBSD-src-9387a8381eea4528c3960e3b758afa203bdac77f.zip FreeBSD-src-9387a8381eea4528c3960e3b758afa203bdac77f.tar.gz |
Fix issues with original SA-15:06.openssl commit:
- Revert a portion of ASN1 change per suggested by OpenBSD
and OpenSSL developers. The change was removed from the
formal OpenSSL release and does not solve security issue.
- Properly fix CVE-2015-0209 and CVE-2015-0288.
Approved by: so
Diffstat (limited to 'crypto/openssl/crypto/ec/ec_asn1.c')
-rw-r--r-- | crypto/openssl/crypto/ec/ec_asn1.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/crypto/openssl/crypto/ec/ec_asn1.c b/crypto/openssl/crypto/ec/ec_asn1.c index 52d31c2..68240ec 100644 --- a/crypto/openssl/crypto/ec/ec_asn1.c +++ b/crypto/openssl/crypto/ec/ec_asn1.c @@ -1142,8 +1142,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) ERR_R_MALLOC_FAILURE); goto err; } - if (a) - *a = ret; } else ret = *a; @@ -1225,11 +1223,13 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) ret->enc_flag |= EC_PKEY_NO_PUBKEY; } + if (a) + *a = ret; ok = 1; err: if (!ok) { - if (ret) + if (ret && (a == NULL || *a != ret)) EC_KEY_free(ret); ret = NULL; } |