summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Remove pointless casts and use c instead of &c[0], since it is the samejsing2014-06-101-9/+3
| | | | | | thing for an unsigned char array. ok deraadt@
* In tls1_cert_verify_mac(), check the return value of EVP_MD_CTX_copy_ex()jsing2014-06-102-6/+10
| | | | | | | | | to avoid a possible NULL function call on ctx.final(). None of the callers currently check the return value of calls to cert_verify_mac(), however the function already returns 0 in another case and the MAC comparison will later fail. Issue reported by David Ramos.
* Use C99 initialisers for EVP_MD structs, for clarity, grepability and tojsing2014-06-1022-360/+532
| | | | | | protect from future field reordering/removal. No difference in generated assembly.
* More KNF.jsing2014-06-101-19/+18
|
* Avoid potential NULL pointer function calls in n_ssl3_mac() by checkingjsing2014-06-101-2/+4
| | | | | | | | | | the return value of EVP_MD_CTX_copy_ex(). If the copy fails early then EVP_DigestUpdate() will invoke md_ctx.update(), which will be a NULL function pointer. Analysis and patch from David Ramos. ok deraadt@
* Multiple fixes for ssl3_digest_cached_records() - if EVP_MD_CTX_create()jsing2014-06-101-8/+12
| | | | | | | | | fails, the NULL check will add an error but it does not abort. This will result in EVP_DigestInit_ex() being called with a NULL context. Also ensure that we check the return values from EVP_DigestInit_ex() and EVP_DigestUpdate(). ok deraadt@ miod@
* Ensure ssl3_final_finish_mac() returns failure if either the MD5 or SHA1jsing2014-06-101-5/+10
| | | | | | | | | handshake MAC calculation fails. Currently, the result from both ssl3_handshake_mac() calls is added together. This means that unless both MD5 and SHA1 fail, a positive value will be returned to the caller, indicating success rather than failure. ok deraadt@ miod@ sthen@
* mop up ifndef KERNEL goo; ok miodderaadt2014-06-1012-60/+12
|
* use memset instead of bzeroderaadt2014-06-092-4/+4
|
* do not include dso.h where it is not needed; ok miodderaadt2014-06-096-6/+0
|
* More KNF.jsing2014-06-091-11/+11
|
* Add an SSL_CIPHER_ALGORITHM2_AEAD flag that is used to mark a cipher asjsing2014-06-084-0/+114
| | | | | using EVP_AEAD. Also provide an EVP_AEAD-only equivalent of ssl_cipher_get_evp().
* Add a define for the SSLv3 sequence size and use it, rather than sprinklingjsing2014-06-087-14/+16
| | | | | | magic numbers around. ok deraadt@
* No, we will not be building with OPENSSL_NO_X509_VERIFY. Nuke it andjsing2014-06-082-28/+16
| | | | | | do some other clean up while here. ok deraadt@
* Clean up BIO_free() handling in bio_ssl.c - BIO_free() has its own NULLjsing2014-06-082-26/+32
| | | | | | | | check, so do not duplicate it here. Make the error handling consistent by always using 'goto err' rather than returning in certain cases. Also add a missing BIO_free(ssl) in BIO_new_ssl_connect(). ok deraadt@
* Be explicit with types. No binary change.jsing2014-06-082-6/+6
|
* Stop using DSO_global_lookup to reach getaddrinfo() and friendsderaadt2014-06-082-80/+6
| | | | discussed with tedu, ok jsing
* Factor out the part of tls1_change_cipher_state() that is specific tojsing2014-06-086-252/+310
| | | | | | | switching cipher states using an EVP_CIPHER. This will facilitate the addition of cipher state changes for EVP_AEAD. No functional change. Based on Adam Langley's chromium patches.
* Factor out the sequence number reset code to aid in upcoming changes.jsing2014-06-082-16/+20
|
* /* on some platforms time_t may be a float */deraadt2014-06-071-3/+3
| | | | | | | | In the past, time_t's type was underspecified. But a floating point type would not have worked in practice. Newer specifications effectively forbid it. While cleaning this up, get partly ready for Y2038. ok miod
* http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2016265dfbab162e ↵deraadt2014-06-0714-86/+12
| | | | | | | | | | | | | | | | | | | c30718b5e7480add42598158 Don't know the full story, but it looks like a "can't do random perfectly, so do it god awful" problem was found in 2013, and replaced with "only do it badly if a flag is set". New flags (SSL_MODE_SEND_SERVERHELLO_TIME and SSL_MODE_SEND_SERVERHELLO_TIME) were added [Ben Laurie?] to support the old scheme of "use time_t for first 4 bytes of the random buffer". Nothing uses these flags [ecosystem scan by sthen] Fully discourage use of these flags in the future by removing support & definition of them. The buflen < 4 check is also interesting, because no entropy would be returned. No callers passed such small buffers. ok miod sthen
* Add missing NULL check after calling EVP_PKEY_new_mac_key().jsing2014-06-072-0/+4
| | | | Based on Adam Langley's chromium patches.
* Use !is_read to imply SSL3_CC_WRITE.jsing2014-06-072-6/+4
| | | | | | | While this is not strictly correct (since the presence of SSL3_CC_READ does not guarantee the absence of SSL3_CC_WRITE), in practice only one of these flags is set at a time and there is existing logic which already relies on this behaviour.
* Move the export label initialisation into the export handling code, sincejsing2014-06-072-12/+22
| | | | this is the only place where these variables are used.
* Remove pointless casts - no binary change.jsing2014-06-072-4/+4
|
* Rename variables to make it clear that these are only used in the exportjsing2014-06-072-30/+36
| | | | | | code. Additionally, these need to be cleaned in the export case. Based on Adam Langley's chromium patches.
* Further clean up of context handling in tls1_change_cipher_state().jsing2014-06-072-42/+34
| | | | | | | | | | | Rather than doing a complex dance to figure out if we should reuse the cipher context and clean it later on, just free it and allocate a new one. This simplifies the code path, especially in the write case where special handling is required for DTLS. Also, calling EVP_CIPHER_CTX_init() for a newly created cipher context is unnecessary, since EVP_CIPHER_CTX_new() already does this (not to mention that it was already missing from the write case).
* Remove various test stubs. The good ones have been moved by jsingderaadt2014-06-0748-5814/+0
| | | | | | and others to the regress framework. These remaining ones just muddle us up when re-reading code repeatedly. ok jsing
* evptests.txt lives in regress/lib/libcrypto/evpjsing2014-06-072-668/+0
|
* malloc() result does not need a cast.deraadt2014-06-07108-163/+159
| | | | ok miod
* Remove another NULL check before a BIO_free().jsing2014-06-072-8/+8
|
* ssl3_free_digest_list() has its own NULL check.jsing2014-06-073-13/+9
|
* BIO_free has an implicit NULL check, so do not bother checking for NULLjsing2014-06-077-42/+21
| | | | before calling it.
* ssl3_release_{read,write}_buffer() handle being called with NULL buffers,jsing2014-06-072-8/+6
| | | | so do not bother checking before calling.
* The DH_free, EC_KEY_free, EVP_PKEY_free and RSA_free functions all havejsing2014-06-0710-158/+88
| | | | | implicit NULL checks, so there is no point ensuring that the pointer is non-NULL before calling them.
* More KNF.jsing2014-06-072-12/+8
|
* More KNF.jsing2014-06-072-38/+44
|
* Add basic regression test for modf() issue.tobiasu2014-06-073-2/+40
| | | | encouraged by deraadt and miod
* s/assember/assembler/ before someone gets offended. At the lastderaadt2014-06-0621-34/+34
| | | | | hackathon, just saying 'ass ember' was enough to start giggles. Unfortunately far more offensive stuff remains in here...
* Do not recurse when a 'Hello Request' message is received while gettingjsing2014-06-052-2/+4
| | | | | | | | | DTLS fragments. A stream of 'Hello Request' messages will result in infinite recursion, eventually crashing the DTLS client or server. Fixes CVE-2014-0221, from OpenSSL. Reported to OpenSSL by Imre Rad.
* Ensure that sess_cert is not NULL before trying to use it.jsing2014-06-052-0/+16
| | | | | | Fixes CVE-2014-3470, from OpenSSL. ok deraadt@
* Avoid a buffer overflow that can be triggered by sending specially craftedjsing2014-06-052-2/+14
| | | | | | | | | | DTLS fragments. Fix for CVE-2014-0195, from OpenSSL. Reported to OpenSSL by Juri Aedla. ok deraadt@ beck@
* ssl_sess_cert_new() can return NULL. Fix two cases where the return valuejsing2014-06-052-26/+24
| | | | | | | | | is unchecked, which would result in a later null pointer dereference. While here, RSA_free, DH_free and EC_KEY_free all have implicit NULL checks, so avoid repeating them here. ok beck@
* Ensure that we do not process a ChangeCipherSpec with an empty masterjsing2014-06-052-2/+2
| | | | | | | | | secret. This is an additional safeguard against early ChangeCipherSpec handling. From OpenSSL. ok deraadt@
* Be selective as to when ChangeCipherSpec messages will be accepted.jsing2014-06-058-6/+32
| | | | | | | | | | | | | | | | | Without this an early ChangeCipherSpec message would result in session keys being generated, along with the Finished hash for the handshake, using an empty master secret. For a detailed analysis see: https://www.imperialviolet.org/2014/06/05/earlyccs.html This is a fix for CVE-2014-0224, from OpenSSL. This issue was reported to OpenSSL by KIKUCHI Masashi. Unfortunately the recent OpenSSL commit was the first we were made aware of the issue. ok deraadt@ sthen@
* More KNF.jsing2014-06-052-98/+64
|
* Sanitize use of client_opaque_prf_input: set it to NULL immediately aftermiod2014-06-042-36/+44
| | | | | | | | | | free()ing it, rather than in conditional code. Also do not bother setting server_opaque_prf_input (server, not client) to NULL in conditional code 10 lines after explicitely free()ing it and setting it to NULL (were the developers afraid of zombie pointers?) ok guenther@
* Fix a leak that can occur when len == 0, and as a result we leak a \0 byte.logan2014-06-042-2/+2
| | | | | | (From Frantisek Boranek) OK from miod@
* without overthinking it, replace a few memcmp calls with CRYPTO_memcmptedu2014-06-0410-16/+16
| | | | where it is feasible to do so. better safe than sorry.
* Fix memory leak.logan2014-06-032-0/+2
| | | | | | (From Martin Brejcha) OK from tedu@, miod@ and deraadt@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-28 22:17:33 +0000