summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Factor out the sequence number reset code to aid in upcoming changes.jsing2014-06-082-16/+20
|
* /* on some platforms time_t may be a float */deraadt2014-06-071-3/+3
| | | | | | | | In the past, time_t's type was underspecified. But a floating point type would not have worked in practice. Newer specifications effectively forbid it. While cleaning this up, get partly ready for Y2038. ok miod
* http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2016265dfbab162e ↵deraadt2014-06-0714-86/+12
| | | | | | | | | | | | | | | | | | | c30718b5e7480add42598158 Don't know the full story, but it looks like a "can't do random perfectly, so do it god awful" problem was found in 2013, and replaced with "only do it badly if a flag is set". New flags (SSL_MODE_SEND_SERVERHELLO_TIME and SSL_MODE_SEND_SERVERHELLO_TIME) were added [Ben Laurie?] to support the old scheme of "use time_t for first 4 bytes of the random buffer". Nothing uses these flags [ecosystem scan by sthen] Fully discourage use of these flags in the future by removing support & definition of them. The buflen < 4 check is also interesting, because no entropy would be returned. No callers passed such small buffers. ok miod sthen
* Add missing NULL check after calling EVP_PKEY_new_mac_key().jsing2014-06-072-0/+4
| | | | Based on Adam Langley's chromium patches.
* Use !is_read to imply SSL3_CC_WRITE.jsing2014-06-072-6/+4
| | | | | | | While this is not strictly correct (since the presence of SSL3_CC_READ does not guarantee the absence of SSL3_CC_WRITE), in practice only one of these flags is set at a time and there is existing logic which already relies on this behaviour.
* Move the export label initialisation into the export handling code, sincejsing2014-06-072-12/+22
| | | | this is the only place where these variables are used.
* Remove pointless casts - no binary change.jsing2014-06-072-4/+4
|
* Rename variables to make it clear that these are only used in the exportjsing2014-06-072-30/+36
| | | | | | code. Additionally, these need to be cleaned in the export case. Based on Adam Langley's chromium patches.
* Further clean up of context handling in tls1_change_cipher_state().jsing2014-06-072-42/+34
| | | | | | | | | | | Rather than doing a complex dance to figure out if we should reuse the cipher context and clean it later on, just free it and allocate a new one. This simplifies the code path, especially in the write case where special handling is required for DTLS. Also, calling EVP_CIPHER_CTX_init() for a newly created cipher context is unnecessary, since EVP_CIPHER_CTX_new() already does this (not to mention that it was already missing from the write case).
* Remove various test stubs. The good ones have been moved by jsingderaadt2014-06-0748-5814/+0
| | | | | | and others to the regress framework. These remaining ones just muddle us up when re-reading code repeatedly. ok jsing
* evptests.txt lives in regress/lib/libcrypto/evpjsing2014-06-072-668/+0
|
* malloc() result does not need a cast.deraadt2014-06-07108-163/+159
| | | | ok miod
* Remove another NULL check before a BIO_free().jsing2014-06-072-8/+8
|
* ssl3_free_digest_list() has its own NULL check.jsing2014-06-073-13/+9
|
* BIO_free has an implicit NULL check, so do not bother checking for NULLjsing2014-06-077-42/+21
| | | | before calling it.
* ssl3_release_{read,write}_buffer() handle being called with NULL buffers,jsing2014-06-072-8/+6
| | | | so do not bother checking before calling.
* The DH_free, EC_KEY_free, EVP_PKEY_free and RSA_free functions all havejsing2014-06-0710-158/+88
| | | | | implicit NULL checks, so there is no point ensuring that the pointer is non-NULL before calling them.
* More KNF.jsing2014-06-072-12/+8
|
* More KNF.jsing2014-06-072-38/+44
|
* Add basic regression test for modf() issue.tobiasu2014-06-073-2/+40
| | | | encouraged by deraadt and miod
* s/assember/assembler/ before someone gets offended. At the lastderaadt2014-06-0621-34/+34
| | | | | hackathon, just saying 'ass ember' was enough to start giggles. Unfortunately far more offensive stuff remains in here...
* Do not recurse when a 'Hello Request' message is received while gettingjsing2014-06-052-2/+4
| | | | | | | | | DTLS fragments. A stream of 'Hello Request' messages will result in infinite recursion, eventually crashing the DTLS client or server. Fixes CVE-2014-0221, from OpenSSL. Reported to OpenSSL by Imre Rad.
* Ensure that sess_cert is not NULL before trying to use it.jsing2014-06-052-0/+16
| | | | | | Fixes CVE-2014-3470, from OpenSSL. ok deraadt@
* Avoid a buffer overflow that can be triggered by sending specially craftedjsing2014-06-052-2/+14
| | | | | | | | | | DTLS fragments. Fix for CVE-2014-0195, from OpenSSL. Reported to OpenSSL by Juri Aedla. ok deraadt@ beck@
* ssl_sess_cert_new() can return NULL. Fix two cases where the return valuejsing2014-06-052-26/+24
| | | | | | | | | is unchecked, which would result in a later null pointer dereference. While here, RSA_free, DH_free and EC_KEY_free all have implicit NULL checks, so avoid repeating them here. ok beck@
* Ensure that we do not process a ChangeCipherSpec with an empty masterjsing2014-06-052-2/+2
| | | | | | | | | secret. This is an additional safeguard against early ChangeCipherSpec handling. From OpenSSL. ok deraadt@
* Be selective as to when ChangeCipherSpec messages will be accepted.jsing2014-06-058-6/+32
| | | | | | | | | | | | | | | | | Without this an early ChangeCipherSpec message would result in session keys being generated, along with the Finished hash for the handshake, using an empty master secret. For a detailed analysis see: https://www.imperialviolet.org/2014/06/05/earlyccs.html This is a fix for CVE-2014-0224, from OpenSSL. This issue was reported to OpenSSL by KIKUCHI Masashi. Unfortunately the recent OpenSSL commit was the first we were made aware of the issue. ok deraadt@ sthen@
* More KNF.jsing2014-06-052-98/+64
|
* Sanitize use of client_opaque_prf_input: set it to NULL immediately aftermiod2014-06-042-36/+44
| | | | | | | | | | free()ing it, rather than in conditional code. Also do not bother setting server_opaque_prf_input (server, not client) to NULL in conditional code 10 lines after explicitely free()ing it and setting it to NULL (were the developers afraid of zombie pointers?) ok guenther@
* Fix a leak that can occur when len == 0, and as a result we leak a \0 byte.logan2014-06-042-2/+2
| | | | | | (From Frantisek Boranek) OK from miod@
* without overthinking it, replace a few memcmp calls with CRYPTO_memcmptedu2014-06-0410-16/+16
| | | | where it is feasible to do so. better safe than sorry.
* Fix memory leak.logan2014-06-032-0/+2
| | | | | | (From Martin Brejcha) OK from tedu@, miod@ and deraadt@
* Remove references to RANDFILE.jsing2014-06-021-19/+2
|
* Remove RANDFILE remnants.jsing2014-06-023-5/+0
|
* Remove details regarding -rand from the openssl man page.jsing2014-06-021-123/+3
|
* Stop pretending that openssl(1) applications support the -rand option.jsing2014-06-0215-123/+11
| | | | | | | | | | | | The underlying code has long been removed, making this a no-op. If your random subsystem actually requires that you seed it from a file, then you really should go and buy a new random subsystem that was built after 1990. Diff from Brent Cook. ok deraadt@
* A few months back there was a big community fuss regarding direct-usederaadt2014-06-0215-388/+2
| | | | | | | | | | | | of the intel RDRAND instruction. Consensus was RDRAND should probably only be used as an additional source of entropy in a mixer. Guess which library bends over backwards to provide easy access to RDRAND? Yep. Guess which applications are using this support? Not even one... but still, this is being placed as a trap for someone. Send this support straight to the abyss. ok kettenis
* Rename more variables for readability and consistency.jsing2014-06-022-50/+50
|
* move random bytes buffer to be part of mmaped pages; ok tedu@otto2014-06-021-21/+18
|
* Since pqueue is a private interface and the header defining the structguenther2014-06-022-8/+6
| | | | | | | | isn't even exported, there's no (sane) way for someone else to use the typedef. Eliminate the typedef and just use "struct _pqueue *". duplicate typedef pointed out by Brent Cook (busterb (at) gmail.com) ok miod@
* Clean up some of the nightmare of string and pointer arithmatic inbeck2014-06-012-104/+72
| | | | | | | | | | | | | this nasty function. This gets rid of the nasty tmp variables used to hold temporary strings and the DECIMAL_SIZE hack. it gets rid of the rather pointless null checks for buf (since the original code dereferences it before checking). It also gets rid of the insane possibility this could return -1 when stuff is using the return values to compute lengths All the failure cases now return 0 and an empty string like the first error case in the original code. ok miod@ tedu@
* realloc with NULL is same as mallocderaadt2014-06-012-8/+2
| | | | ok guenther
* Make usage for -quiet match the manpage and fix a misspellingguenther2014-06-011-2/+2
|
* Overhaul the key block handling in tls1_change_cipher_state() - usejsing2014-06-012-92/+132
| | | | | | | | | meaningful variable names with pointer arithmitic, rather than n, i, j and p with array indexing. Based on Adam Langley's chromium diffs. ok miod@
* In tls1_setup_key_block(), use the correct IV length for GCM mode, whichjsing2014-06-012-34/+48
| | | | | | | | | | results in the key block length calculation also being correct. Rename a number of variables so that their purpose becomes clear and simplify some of the code. Inspired by Adam Langley's chromium diffs. ok miod@
* There is no need for is{upper,lower}() tests before to{lower,uppper}(),deraadt2014-06-014-54/+16
| | | | | since all other characters are mapped through transparently. ok jsing
* Commit this before the head-scratching leads to premature baldness:deraadt2014-06-012-2/+2
| | | | | | | | | | | | | memset(a->data, 0, (unsigned int)a->max); but the decl is: size_t max; size_t could be larger than int, especially in some of the systems OpenSSL purports to support. How do _intentionally truncating_ casts like enter into a codebase? Lack of understanding of C, at a minimum. Generally the objects are small, but this code is _intentionally unready_ for large objects. ok miod
* Build with WARNINGS=Yes and Werror.miod2014-06-012-12/+4
|
* Remove __bio_h__attr__ wrapper around __attribute__, since earlier statementsmiod2014-06-012-20/+8
| | | | | | in this file directly use __attribute__. ok deraadt@
* Add a deprecated attribute to all CRYPTO_dbg_ functions.miod2014-06-012-20/+20
| | | | ok deraadt@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-02 13:57:39 +0000