summaryrefslogtreecommitdiff
path: root/src/lib/libc/stdlib/reallocarray.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2020-12-14Fix SSL_get{,_peer}_finished() with TLSv1.3tb2-2/+28
As reported by Steffen Ullrich and bluhm, the Finished tests in p5-Net-SSLeay's t/local/43_misc_functions.t broke with with TLSv1.3. The reason for this is that we don't copy the MDs over to the SSL, so the API functions can't retrieve them. This commit fixes this part of the test (one unrelated test still fails). ok inoguchi jsing
2020-12-14Switch finish{,_peer}_md_len from int to size_ttb1-3/+3
This is the natural type for these and it simplifies an upcoming commit. The few consumers have been carefully checked to be fine with this. ok inoguchi jsing
2020-12-08LibreSSL 3.3.1libressl-v3.3.1bcook1-3/+3
2020-12-08Fix a NULL dereference in GENERAL_NAME_cmp()tb6-11/+94
Comparing two GENERAL_NAME structures containing an EDIPARTYNAME can lead to a crash. This enables a denial of service attack for an attacker who can control both sides of the comparison. Issue reported to OpenSSL on Nov 9 by David Benjamin. OpenSSL shared the information with us on Dec 1st. Fix from Matt Caswell (OpenSSL) with a few small tweaks. ok jsing
2020-12-06Enable t_mmap-1 test. It is skipped on NetBSD, but works for us.bluhm2-3/+10
2020-12-05Mark bitmask_{start,end}_values[] and g_probable_mtu[] const.tb1-4/+4
ok jsing kn
2020-12-05Mark nid_list[] const. This moves 116 bytes to .rodata.tb1-2/+2
ok jsing kn
2020-12-04Move point-on-curve check to set_affine_coordinatestb4-18/+50
Bad API design makes it possible to set an EC_KEY public key to a point not on the curve. As a consequence, it was possible to have bogus ECDSA signatures validated. In practice, all software uses either EC_POINT_oct2point*() to unmarshal public keys or issues a call to EC_KEY_check_key() after setting it. This way, a point on curve check is performed and the problem is mitigated. In OpenSSL commit 1e2012b7ff4a5f12273446b281775faa5c8a1858, Emilia Kasper moved the point-on-curve check from EC_POINT_oct2point to EC_POINT_set_affine_coordinates_*, which results in more checking. In addition to this commit, we also check in the currently unused codepath of a user set callback for setting compressed coordinates, just in case this will be used at some point in the future. The documentation of EC_KEY_check_key() is very vague on what it checks and when checks are needed. It could certainly be improved a lot. It's also strange that EC_KEY_set_key() performs no checks, while EC_KEY_set_public_key_affine_coordinates() implicitly calls EC_KEY_check_key(). It's a mess. Issue found and reported by Guido Vranken who also tested an earlier version of this fix. ok jsing
2020-12-03grammar fixes from Varik "The Genuine Article!!!" Valefor;jmc3-9/+9
2020-12-01Extend the methods test to cover dtls methods as welltb1-1/+57
2020-12-01Enable ssl_methods unit test.tb1-1/+2