| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
| |
this value. To match the expectation of the test again, move this
line before the the code that sets the final position.
OK yasuoka@
|
| |
|
|
|
|
| |
fixes oss-fuzz #14558
ok beck jsing
|
| |
|
|
|
|
|
|
|
| |
assigned from aesni_ccm_init_key() via CRYPTO_ccm128_init(), so it needs
to be copied over...
Pointed out by Guido Vranken.
ok jsing
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Fixes COV-186146
ok tb, beck
|
| |
|
|
|
|
|
|
|
| |
aesni_gcm_init_key() via CRYPTO_gcm128_init(), so it needs to be
copied over...
Fixes cryptofuzz issue #14352 and likely also #14374.
ok beck jsing
|
| |
|
|
|
| |
counterparts but return memory in pages marked MAP_CONCEAL and on
free() freezero() is actually called.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
that there is already a carry and Sigma[i-1] == -1, the carry
must be kept.
From Dmitry Eremin-Solenik.
Fixes incorrect Streebog result reported by Guido Vranken.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
it is an encrypted extension. Include it in the server hello for now.
This will have to be revisited once TLSv1.3 gets there. Fixes SRTP
negotiation.
Problem found by two rust-openssl regress failures reported by mikeb.
with & ok beck
|
| |
|
|
| |
ok beck@, tb@
|
| |
|
|
|
|
|
|
|
| |
in CRYPTO_ccm128_tag(). Otherwise the caller might end up
using the part of the tag buffer that was left uninitialized.
Issue found by Guido Vranken.
ok inoguchi
|
| | |
|
| |
|
|
|
|
|
|
| |
(same fix as in a_int.c rev 1.34)
Fixes oss-fuzz issue #13809
ok beck, jsing
|
| |
|
|
|
|
| |
Fixes oss-fuzz issue #13804
ok beck, jsing
|
| |
|
|
|
|
| |
The decrypted session ticket contains key material.
ok tb@
|
| |
|
|
|
|
|
|
|
| |
allocating on stack.
While here also check the return values from EVP_DecryptInit_ex() and
HMAC_Init_ex().
ok tb@
|
| |
|
|
|
|
|
|
|
| |
Rename mlen to hlen since it is a hmac (and this matches hctx and hmac).
Rename ctx to cctx since it is a cipher context and ctx is usually used to
mean SSL_CTX in this code.
ok tb@
|
| |
|
|
| |
reminded by jsing@
|
| | |
|
| |
|
|
|
|
| |
This removes various pointer arithmetic and manual length checks.
ok tb@
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
| |
an ugly strlen + malloc + strcat/strcpy dance by a simple asprintf().
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
and i2v_GENERAL_NAMES() by taking ownership of the extlist only if we
were passed NULL. Otherwise it remains the caller's responsibility to
free it. To do so, we allocate the extlist explicitly instead of using
X509V3_add_value()'s implicit allocation feature. Preserve behavior in
i2v_AUTHORITY_KEYID() by adding an explicit check that something was
pushed onto the stack.
The other i2v_* functions will receive a similar treatment in upcoming
commits.
ok jsing
|
| |
|
|
|
|
| |
This handles the ret = 2 case and makes the code more readable.
ok tb@
|
| |
|
|
|
|
|
|
|
| |
Convert ssl_get_prev_session(), tls1_process_ticket() and
tls1_decrypt_ticket() to handle the session ID from the client hello
as a CBS. While here also swap the order of arguments for
tls1_decrypt_ticket() so that it is consistent with the other functions.
ok tb@
|
| |
|
|
|
|
|
| |
There is not much point having a tlsext_tick_md macro that replaces
EVP_sha256() in two places, when the cipher is just hardcoded.
ok tb@
|
| |
|
|
|
|
|
| |
and i2v_GENERAL_NAMES(). This fixes a couple of leaks and other
ugliness.
tweaks & ok jsing
|
| |
|
|
| |
imported OpenSSL 0.9.4 in 1999. It won't ever be used.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
We only have to find one extension, so do that first then proceed with
processing and decryption. This makes the code more readable and drops
two levels of indent.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
| |
Separate the malloc() check and EVP_DecryptUpdate() - the malloc() failure
is fatal while a EVP_DecryptUpdate() is a decryption failure.
Also ensure that we clear the error stack in all cases where we are
indicating a failure to decrypt or decode the ticket - otherwise
SSL_error() while later return failure when it should not.
ok tb@
|
| |
|
|
|
|
|
|
|
| |
Rather than returning from multiple places and trying to clean up as we go,
move to a single exit point and clean/free in one place. Also invert the
logic that handles NULL sessions - fail early, rather than having an
indented if test for success.
ok tb@
|
| | |
|
| |
|
|
|
|
|
|
| |
minimum value.
Fixes oss-fuzz #14354.
ok beck@ bcook@ tb@
|
| |
|
|
|
|
| |
Found by Guido Vranken when fuzzing and trying to use GOST with HMAC.
Fix confirmed by Guido; ok tb@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
X509V3_add_value() helpfully allocates a STACK_OF(CONF_VALUE) if it
receives a pointer to a NULL pointer. If anything fails along the way,
it is however the caller's responsibility to free it. This can easily
be fixed by freeing *extlist in the error path and zeroing it to avoid
a double free if there happens to be a caller out there that avoids
the leak.
Polish a few things so the function conforms a bit better to our usual
style.
tweak & ok jsing
|
| | |
|
| | |
|
| | |
|
