View | Details | Raw Unified | Return to bug 198681 | Differences between
and this patch

Collapse All | Expand All

(-)security/libressl/Makefile (+1 lines)
Lines 3-8 Link Here
3
3
4
PORTNAME=	libressl
4
PORTNAME=	libressl
5
PORTVERSION=	2.1.5
5
PORTVERSION=	2.1.5
6
PORTREVISION=	1
6
CATEGORIES=	security devel
7
CATEGORIES=	security devel
7
MASTER_SITES=	${MASTER_SITE_OPENBSD}
8
MASTER_SITES=	${MASTER_SITE_OPENBSD}
8
MASTER_SITE_SUBDIR=	LibreSSL
9
MASTER_SITE_SUBDIR=	LibreSSL
(-)security/libressl/files/patch-crypto_asn1_a__int.c (+26 lines)
Line 0 Link Here
1
--- crypto/asn1/a_int.c.orig	2015-02-10 14:54:46 UTC
2
+++ crypto/asn1/a_int.c
3
@@ -1,4 +1,4 @@
4
-/* $OpenBSD: a_int.c,v 1.24 2014/07/11 08:44:47 jsing Exp $ */
5
+/* $OpenBSD: a_int.c,v 1.25 2015/02/10 08:33:10 jsing Exp $ */
6
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
7
  * All rights reserved.
8
  *
9
@@ -268,7 +268,7 @@ c2i_ASN1_INTEGER(ASN1_INTEGER **a, const
10
 
11
 err:
12
 	ASN1err(ASN1_F_C2I_ASN1_INTEGER, i);
13
-	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
14
+	if (a == NULL || *a != ret)
15
 		M_ASN1_INTEGER_free(ret);
16
 	return (NULL);
17
 }
18
@@ -335,7 +335,7 @@ d2i_ASN1_UINTEGER(ASN1_INTEGER **a, cons
19
 
20
 err:
21
 	ASN1err(ASN1_F_D2I_ASN1_UINTEGER, i);
22
-	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
23
+	if (a == NULL || *a != ret)
24
 		M_ASN1_INTEGER_free(ret);
25
 	return (NULL);
26
 }
(-)security/libressl/files/patch-crypto_asn1_a__set.c (+17 lines)
Line 0 Link Here
1
--- crypto/asn1/a_set.c.orig	2014-12-06 23:15:50 UTC
2
+++ crypto/asn1/a_set.c
3
@@ -1,4 +1,4 @@
4
-/* $OpenBSD: a_set.c,v 1.15 2014/07/10 13:58:22 jsing Exp $ */
5
+/* $OpenBSD: a_set.c,v 1.16 2014/07/11 08:44:47 jsing Exp $ */
6
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
7
  * All rights reserved.
8
  *
9
@@ -225,7 +225,7 @@ d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a
10
 	return ret;
11
 
12
 err:
13
-	if (ret != NULL && (a == NULL || *a != ret)) {
14
+	if (a == NULL || *a != ret) {
15
 		if (free_func != NULL)
16
 			sk_OPENSSL_BLOCK_pop_free(ret, free_func);
17
 		else
(-)security/libressl/files/patch-crypto_asn1_a__type.c (+19 lines)
Line 0 Link Here
1
--- crypto/asn1/a_type.c.orig	2015-02-10 14:54:46 UTC
2
+++ crypto/asn1/a_type.c
3
@@ -1,4 +1,4 @@
4
-/* $OpenBSD: a_type.c,v 1.14 2014/07/11 08:44:47 jsing Exp $ */
5
+/* $OpenBSD: a_type.c,v 1.15 2015/02/10 08:33:10 jsing Exp $ */
6
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
7
  * All rights reserved.
8
  *
9
@@ -119,7 +119,9 @@ ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b
10
 	case V_ASN1_OBJECT:
11
 		result = OBJ_cmp(a->value.object, b->value.object);
12
 		break;
13
-
14
+	case V_ASN1_BOOLEAN:
15
+		result = a->value.boolean - b->value.boolean;
16
+		break;
17
 	case V_ASN1_NULL:
18
 		result = 0;	/* They do not have content. */
19
 		break;
(-)security/libressl/files/patch-crypto_asn1_d2i__pr.c (+17 lines)
Line 0 Link Here
1
--- crypto/asn1/d2i_pr.c.orig	2015-02-11 14:17:41 UTC
2
+++ crypto/asn1/d2i_pr.c
3
@@ -1,4 +1,4 @@
4
-/* $OpenBSD: d2i_pr.c,v 1.12 2014/07/11 08:44:47 jsing Exp $ */
5
+/* $OpenBSD: d2i_pr.c,v 1.13 2015/02/11 03:19:37 doug Exp $ */
6
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
7
  * All rights reserved.
8
  *
9
@@ -118,7 +118,7 @@ d2i_PrivateKey(int type, EVP_PKEY **a, c
10
 	return (ret);
11
 
12
 err:
13
-	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
14
+	if (a == NULL || *a != ret)
15
 		EVP_PKEY_free(ret);
16
 	return (NULL);
17
 }
(-)security/libressl/files/patch-crypto_asn1_d2i__pu.c (+17 lines)
Line 0 Link Here
1
--- crypto/asn1/d2i_pu.c.orig	2014-12-06 23:15:50 UTC
2
+++ crypto/asn1/d2i_pu.c
3
@@ -1,4 +1,4 @@
4
-/* $OpenBSD: d2i_pu.c,v 1.11 2014/07/10 22:45:56 jsing Exp $ */
5
+/* $OpenBSD: d2i_pu.c,v 1.12 2014/07/11 08:44:47 jsing Exp $ */
6
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
7
  * All rights reserved.
8
  *
9
@@ -130,7 +130,7 @@ d2i_PublicKey(int type, EVP_PKEY **a, co
10
 	return (ret);
11
 
12
 err:
13
-	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
14
+	if (a == NULL || *a != ret)
15
 		EVP_PKEY_free(ret);
16
 	return (NULL);
17
 }
(-)security/libressl/files/patch-crypto_asn1_n__pkey.c (+24 lines)
Line 0 Link Here
1
--- crypto/asn1/n_pkey.c.orig	2015-02-11 14:17:41 UTC
2
+++ crypto/asn1/n_pkey.c
3
@@ -1,4 +1,4 @@
4
-/* $OpenBSD: n_pkey.c,v 1.24 2015/02/11 03:39:51 jsing Exp $ */
5
+/* $OpenBSD: n_pkey.c,v 1.25 2015/02/11 04:00:39 jsing Exp $ */
6
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
7
  * All rights reserved.
8
  *
9
@@ -340,11 +340,11 @@ d2i_RSA_NET(RSA **a, const unsigned char
10
 		return NULL;
11
 	}
12
 
13
-	if ((enckey->os->length != 11) || (strncmp("private-key",
14
-	(char *)enckey->os->data, 11) != 0)) {
15
+	/* XXX 11 == strlen("private-key") */
16
+	if (enckey->os->length != 11 ||
17
+	    memcmp("private-key", enckey->os->data, 11) != 0) {
18
 		ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_PRIVATE_KEY_HEADER_MISSING);
19
-		NETSCAPE_ENCRYPTED_PKEY_free(enckey);
20
-		return NULL;
21
+		goto err;
22
 	}
23
 	if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) {
24
 		ASN1err(ASN1_F_D2I_RSA_NET,
(-)security/libressl/files/patch-crypto_asn1_tasn__dec.c (+47 lines)
Line 0 Link Here
1
--- crypto/asn1/tasn_dec.c.orig	2015-02-14 19:09:01 UTC
2
+++ crypto/asn1/tasn_dec.c
3
@@ -1,4 +1,4 @@
4
-/* $OpenBSD: tasn_dec.c,v 1.24 2014/06/12 15:49:27 deraadt Exp $ */
5
+/* $OpenBSD: tasn_dec.c,v 1.25 2015/02/14 15:23:57 miod Exp $ */
6
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
7
  * project 2000.
8
  */
9
@@ -238,8 +238,16 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, cons
10
 		if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
11
 			goto auxerr;
12
 
13
-		/* Allocate structure */
14
-		if (!*pval && !ASN1_item_ex_new(pval, it)) {
15
+		if (*pval) {
16
+			/* Free up and zero CHOICE value if initialised */
17
+			i = asn1_get_choice_selector(pval, it);
18
+			if ((i >= 0) && (i < it->tcount)) {
19
+				tt = it->templates + i;
20
+				pchptr = asn1_get_field_ptr(pval, tt);
21
+				ASN1_template_free(pchptr, tt);
22
+				asn1_set_choice_selector(pval, -1, it);
23
+			}
24
+		} else if (!ASN1_item_ex_new(pval, it)) {
25
 			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
26
 			    ERR_R_NESTED_ASN1_ERROR);
27
 			goto err;
28
@@ -325,6 +333,19 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, cons
29
 		if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
30
 			goto auxerr;
31
 
32
+		/* Free up and zero any ADB found */
33
+		for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
34
+			if (tt->flags & ASN1_TFLG_ADB_MASK) {
35
+				const ASN1_TEMPLATE *seqtt;
36
+				ASN1_VALUE **pseqval;
37
+				seqtt = asn1_do_adb(pval, tt, 1);
38
+				if (!seqtt)
39
+					goto err;
40
+				pseqval = asn1_get_field_ptr(pval, seqtt);
41
+				ASN1_template_free(pseqval, seqtt);
42
+			}
43
+		}
44
+
45
 		/* Get each field entry */
46
 		for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
47
 			const ASN1_TEMPLATE *seqtt;
(-)security/libressl/files/patch-crypto_asn1_x__x509.c (+34 lines)
Line 0 Link Here
1
--- crypto/asn1/x_x509.c.orig	2015-02-11 14:17:41 UTC
2
+++ crypto/asn1/x_x509.c
3
@@ -1,4 +1,4 @@
4
-/* $OpenBSD: x_x509.c,v 1.22 2015/02/11 03:39:51 jsing Exp $ */
5
+/* $OpenBSD: x_x509.c,v 1.23 2015/02/11 04:00:39 jsing Exp $ */
6
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
7
  * All rights reserved.
8
  *
9
@@ -313,16 +313,20 @@ d2i_X509_AUX(X509 **a, const unsigned ch
10
 
11
 	/* Save start position */
12
 	q = *pp;
13
-	ret = d2i_X509(a, pp, length);
14
+	ret = d2i_X509(NULL, pp, length);
15
 	/* If certificate unreadable then forget it */
16
 	if (!ret)
17
 		return NULL;
18
 	/* update length */
19
 	length -= *pp - q;
20
-	if (!length)
21
-		return ret;
22
-	if (!d2i_X509_CERT_AUX(&ret->aux, pp, length))
23
-		goto err;
24
+	if (length > 0) {
25
+		if (!d2i_X509_CERT_AUX(&ret->aux, pp, length))
26
+			goto err;
27
+	}
28
+	if (a != NULL) {
29
+		X509_free(*a);
30
+		*a = ret;
31
+	}
32
 	return ret;
33
 
34
 err:
(-)security/libressl/files/patch-crypto_ec_ec__asn1.c (+102 lines)
Line 0 Link Here
1
--- crypto/ec/ec_asn1.c.orig	2015-02-10 14:54:46 UTC
2
+++ crypto/ec/ec_asn1.c
3
@@ -1,4 +1,4 @@
4
-/* $OpenBSD: ec_asn1.c,v 1.11 2015/02/10 04:01:26 jsing Exp $ */
5
+/* $OpenBSD: ec_asn1.c,v 1.12 2015/02/10 05:43:09 jsing Exp $ */
6
 /*
7
  * Written by Nils Larsch for the OpenSSL project.
8
  */
9
@@ -999,19 +999,19 @@ d2i_ECPKParameters(EC_GROUP ** a, const 
10
 
11
 	if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL) {
12
 		ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE);
13
-		ECPKPARAMETERS_free(params);
14
-		return NULL;
15
+		goto err;
16
 	}
17
 	if ((group = ec_asn1_pkparameters2group(params)) == NULL) {
18
 		ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE);
19
-		ECPKPARAMETERS_free(params);
20
-		return NULL;
21
+		goto err;
22
 	}
23
-	if (a && *a)
24
+
25
+	if (a != NULL) {
26
 		EC_GROUP_clear_free(*a);
27
-	if (a)
28
 		*a = group;
29
+	}
30
 
31
+err:
32
 	ECPKPARAMETERS_free(params);
33
 	return (group);
34
 }
35
@@ -1039,7 +1039,6 @@ i2d_ECPKParameters(const EC_GROUP * a, u
36
 EC_KEY *
37
 d2i_ECPrivateKey(EC_KEY ** a, const unsigned char **in, long len)
38
 {
39
-	int ok = 0;
40
 	EC_KEY *ret = NULL;
41
 	EC_PRIVATEKEY *priv_key = NULL;
42
 
43
@@ -1054,12 +1053,9 @@ d2i_ECPrivateKey(EC_KEY ** a, const unsi
44
 	}
45
 	if (a == NULL || *a == NULL) {
46
 		if ((ret = EC_KEY_new()) == NULL) {
47
-			ECerr(EC_F_D2I_ECPRIVATEKEY,
48
-			    ERR_R_MALLOC_FAILURE);
49
+			ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
50
 			goto err;
51
 		}
52
-		if (a)
53
-			*a = ret;
54
 	} else
55
 		ret = *a;
56
 
57
@@ -1109,17 +1105,19 @@ d2i_ECPrivateKey(EC_KEY ** a, const unsi
58
 			goto err;
59
 		}
60
 	}
61
-	ok = 1;
62
+
63
+	EC_PRIVATEKEY_free(priv_key);
64
+	if (a != NULL)
65
+		*a = ret;
66
+	return (ret);
67
+
68
 err:
69
-	if (!ok) {
70
-		if (ret)
71
-			EC_KEY_free(ret);
72
-		ret = NULL;
73
-	}
74
+	if (a == NULL || *a != ret)
75
+		EC_KEY_free(ret);
76
 	if (priv_key)
77
 		EC_PRIVATEKEY_free(priv_key);
78
 
79
-	return (ret);
80
+	return (NULL);
81
 }
82
 
83
 int 
84
@@ -1232,8 +1230,6 @@ d2i_ECParameters(EC_KEY ** a, const unsi
85
 			ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
86
 			return NULL;
87
 		}
88
-		if (a)
89
-			*a = ret;
90
 	} else
91
 		ret = *a;
92
 
93
@@ -1241,6 +1237,9 @@ d2i_ECParameters(EC_KEY ** a, const unsi
94
 		ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB);
95
 		return NULL;
96
 	}
97
+
98
+	if (a != NULL)
99
+		*a = ret;
100
 	return ret;
101
 }
102
 
(-)security/libressl/files/patch-crypto_pkcs7_pk7__doit.c (+162 lines)
Line 0 Link Here
1
--- crypto/pkcs7/pk7_doit.c.orig	2015-02-09 01:31:52 UTC
2
+++ crypto/pkcs7/pk7_doit.c
3
@@ -1,4 +1,4 @@
4
-/* $OpenBSD: pk7_doit.c,v 1.30 2014/10/22 13:02:04 jsing Exp $ */
5
+/* $OpenBSD: pk7_doit.c,v 1.31 2015/02/07 13:19:15 doug Exp $ */
6
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
7
  * All rights reserved.
8
  *
9
@@ -261,6 +261,28 @@ PKCS7_dataInit(PKCS7 *p7, BIO *bio)
10
 	PKCS7_RECIP_INFO *ri = NULL;
11
 	ASN1_OCTET_STRING *os = NULL;
12
 
13
+	if (p7 == NULL) {
14
+		PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
15
+		return NULL;
16
+	}
17
+
18
+	/*
19
+	 * The content field in the PKCS7 ContentInfo is optional,
20
+	 * but that really only applies to inner content (precisely,
21
+	 * detached signatures).
22
+	 *
23
+	 * When reading content, missing outer content is therefore
24
+	 * treated as an error.
25
+	 *
26
+	 * When creating content, PKCS7_content_new() must be called
27
+	 * before calling this method, so a NULL p7->d is always
28
+	 * an error.
29
+	 */
30
+	if (p7->d.ptr == NULL) {
31
+		PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
32
+		return NULL;
33
+	}
34
+
35
 	i = OBJ_obj2nid(p7->type);
36
 	p7->state = PKCS7_S_HEADER;
37
 
38
@@ -417,6 +439,17 @@ PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pk
39
 	unsigned char *ek = NULL, *tkey = NULL;
40
 	int eklen = 0, tkeylen = 0;
41
 
42
+	if (p7 == NULL) {
43
+		PKCS7err(PKCS7_F_PKCS7_DATADECODE,
44
+		    PKCS7_R_INVALID_NULL_POINTER);
45
+		return NULL;
46
+	}
47
+
48
+	if (p7->d.ptr == NULL) {
49
+		PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
50
+		return NULL;
51
+	}
52
+
53
 	i = OBJ_obj2nid(p7->type);
54
 	p7->state = PKCS7_S_HEADER;
55
 
56
@@ -691,6 +724,17 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
57
 	STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL;
58
 	ASN1_OCTET_STRING *os = NULL;
59
 
60
+	if (p7 == NULL) {
61
+		PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
62
+		    PKCS7_R_INVALID_NULL_POINTER);
63
+		return 0;
64
+	}
65
+
66
+	if (p7->d.ptr == NULL) {
67
+		PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
68
+		return 0;
69
+	}
70
+
71
 	EVP_MD_CTX_init(&ctx_tmp);
72
 	i = OBJ_obj2nid(p7->type);
73
 	p7->state = PKCS7_S_HEADER;
74
@@ -736,6 +780,7 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
75
 		/* If detached data then the content is excluded */
76
 		if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
77
 			M_ASN1_OCTET_STRING_free(os);
78
+			os = NULL;
79
 			p7->d.sign->contents->d.data = NULL;
80
 		}
81
 		break;
82
@@ -750,6 +795,7 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
83
 		if (PKCS7_type_is_data(p7->d.digest->contents) &&
84
 		    p7->detached) {
85
 			M_ASN1_OCTET_STRING_free(os);
86
+			os = NULL;
87
 			p7->d.digest->contents->d.data = NULL;
88
 		}
89
 		break;
90
@@ -815,22 +861,32 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
91
 		M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
92
 	}
93
 
94
-	if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF)) {
95
-		char *cont;
96
-		long contlen;
97
-		btmp = BIO_find_type(bio, BIO_TYPE_MEM);
98
-		if (btmp == NULL) {
99
-			PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
100
-			    PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
101
+	if (!PKCS7_is_detached(p7)) {
102
+		/*
103
+		 * NOTE: only reach os == NULL here because detached
104
+		 * digested data support is broken?
105
+		 */
106
+		if (os == NULL)
107
 			goto err;
108
+		if (!(os->flags & ASN1_STRING_FLAG_NDEF)) {
109
+			char *cont;
110
+			long contlen;
111
+
112
+			btmp = BIO_find_type(bio, BIO_TYPE_MEM);
113
+			if (btmp == NULL) {
114
+				PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
115
+				    PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
116
+				goto err;
117
+			}
118
+			contlen = BIO_get_mem_data(btmp, &cont);
119
+			/*
120
+			 * Mark the BIO read only then we can use its copy
121
+			 * of the data instead of making an extra copy.
122
+			 */
123
+			BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
124
+			BIO_set_mem_eof_return(btmp, 0);
125
+			ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
126
 		}
127
-		contlen = BIO_get_mem_data(btmp, &cont);
128
-		/* Mark the BIO read only then we can use its copy of the data
129
-		 * instead of making an extra copy.
130
-		 */
131
-		BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
132
-		BIO_set_mem_eof_return(btmp, 0);
133
-		ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
134
 	}
135
 	ret = 1;
136
 err:
137
@@ -905,6 +961,17 @@ PKCS7_dataVerify(X509_STORE *cert_store,
138
 	STACK_OF(X509) *cert;
139
 	X509 *x509;
140
 
141
+	if (p7 == NULL) {
142
+		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,
143
+		    PKCS7_R_INVALID_NULL_POINTER);
144
+		return 0;
145
+	}
146
+
147
+	if (p7->d.ptr == NULL) {
148
+		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
149
+		return 0;
150
+	}
151
+
152
 	if (PKCS7_type_is_signed(p7)) {
153
 		cert = p7->d.sign->cert;
154
 	} else if (PKCS7_type_is_signedAndEnveloped(p7)) {
155
@@ -941,6 +1008,7 @@ PKCS7_dataVerify(X509_STORE *cert_store,
156
 
157
 	return PKCS7_signatureVerify(bio, p7, si, x509);
158
 err:
159
+	
160
 	return ret;
161
 }
162
 
(-)security/libressl/files/patch-crypto_pkcs7_pk7__lib.c (+17 lines)
Line 0 Link Here
1
--- crypto/pkcs7/pk7_lib.c.orig	2014-12-06 23:15:50 UTC
2
+++ crypto/pkcs7/pk7_lib.c
3
@@ -1,4 +1,4 @@
4
-/* $OpenBSD: pk7_lib.c,v 1.13 2014/07/11 08:44:49 jsing Exp $ */
5
+/* $OpenBSD: pk7_lib.c,v 1.14 2014/07/12 16:03:37 miod Exp $ */
6
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
7
  * All rights reserved.
8
  *
9
@@ -460,6 +460,8 @@ PKCS7_set_digest(PKCS7 *p7, const EVP_MD
10
 STACK_OF(PKCS7_SIGNER_INFO) *
11
 PKCS7_get_signer_info(PKCS7 *p7)
12
 {
13
+	if (p7 == NULL || p7->d.ptr == NULL)
14
+		return (NULL);
15
 	if (PKCS7_type_is_signed(p7)) {
16
 		return (p7->d.sign->signer_info);
17
 	} else if (PKCS7_type_is_signedAndEnveloped(p7)) {
(-)security/libressl/files/patch-ssl_d1__lib.c (+18 lines)
Line 0 Link Here
1
--- ssl/d1_lib.c.orig	2015-02-09 23:29:07 UTC
2
+++ ssl/d1_lib.c
3
@@ -1,4 +1,4 @@
4
-/* $OpenBSD: d1_lib.c,v 1.26 2014/12/14 15:30:50 jsing Exp $ */
5
+/* $OpenBSD: d1_lib.c,v 1.27 2015/02/09 10:53:28 jsing Exp $ */
6
 /*
7
  * DTLS implementation written by Nagendra Modadugu
8
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
9
@@ -443,6 +443,9 @@ dtls1_listen(SSL *s, struct sockaddr *cl
10
 {
11
 	int ret;
12
 
13
+	/* Ensure there is no state left over from a previous invocation */
14
+	SSL_clear(s);
15
+
16
 	SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
17
 	s->d1->listen = 1;
18
 

Return to bug 198681