| Commit message (Collapse) | Author | Files | Lines |
|---|
|
spotted by/ok jmc
|
|
If tls13_recod_layer_send_pending() returns TLS13_IO_EOF, we will
bubble this up to the caller via tls13_legacy_return_code(), which
translates TLS13_IO_EOF to 0. This can happen if we have pending
post handshake-handshake data and the peer closes the pipe.
Presumably tls13_legacy_shutdown() should be rewritten yet again.
ok jsing
|
|
If the peer closed the write side of the connection and we have not
yet received the close_notify, SSL_shutdown() makes an extra read to
try and read the peer's close_notify from the pipe. In that situation,
we receive EOF. The legacy stack will return -1 while the TLSv1.3
stack will end up returning 0.
Since the documentation is not super explicit about what should be
done if SSL_shutdown() returns 0, some applications will enter an
infinite loop. The code and documentation indicate that SSL_shutdown()
should only be called once more if it returned 0. Newer versions
of the OpenSSL documentation explicitly say that one should call
SSL_read() if SSL_shutdown() returns 0 in order to retrieve the
close_notify. Doing this would also have avoided this infinite loop.
Reported by Carsten Arzig and bluhm with a test case extracted from the
syslogd tests using IO::Socket::SSL, which has such an infinite loop.
ok bluhm jsing
|
|
to claudio
|
|
ret is used to bubble up an error from ssl3_get_message() and is unused
otherwise. Zap dead store and silly ret = 1; return ret;
ok inoguchi jsing
|
|
'goto fatal_err' so that the illegal_parameter alert is
actually sent in case of X509_get0_pubkey() failure.
ok inoguchi jsing
|
|
If the hostname is too long, tlsext_sni_is_valid_hostname() will fail
without having initialized *is_ip. As a result, the garbage value could
lead to accepting (but otherwise ignoring) overlong and possibly invalid
hostnames without erroring in tlsext_sni_server_parse().
ok inoguchi jsing
|
|
convert to usual form of error checking.
ok inoguchi jsing
|
|
CID 251047 251094
OK beck@ jsing@ millert@ tb@
|
|
CID 250936 251103
OK beck@ jsing@ millert@ tb@
|
|
CID 345116
ok beck@ tb@
|
|
CID 25131
ok beck@ tb@
suggest using X509_REQ_get0_pubkey() and remove the EVP_PKEY_free() from tb@
|
|
ok beck@ tb@
suggest using X509_get0_pubkey() and remove EVP_PKEY_free() from tb@
|
|
ok beck@ tb@
|
|
|
|
|
|
... including those inlined into print_dname(). This also fixes
-Wunused-but-set-variable warnings warnings in smtpd and smtpctl.
The code was imported with asr and then copied around.
ok deraadt@ guenther@
|
|
suggestion from tb@
|
|
CID 21653
ok jsing@ millert@ tb@
|
|
input from tb@
|
|
CID 24893
ok jsing@ millert@ tb@
|
|
ok jsing@ millert@ tb@
|
|
CID 24839
ok jsing@ millert@ tb@
|
|
CID 24778
ok jsing@ millert@ tb@
|
|
CID 24812
ok jsing@ millert@ tb@
|
|
It returns 1 on success and 0 for failure, never negative value.
ok jsing@ millert@ tb@
|
|
ok jsing@ millert@ tb@
|
|
CID 21665 24835
comment from jsing@ and tb@
ok jsing@ millert@ tb@
|
|
CID 24869
ok jsing@ millert@ tb@
|
|
freeing of what they return despite being get0 functions: the stack
of X509s that they return must be freed with sk_X509_free(). The get0
thus probably refers to the individual certs, but not to the stack
itself.
The libcrypto and libssl APIs never cease to amaze with new traps.
ok inoguchi
|
|
CID 345137
ok jsing@ tb@
|
|
EVP_EncryptInit_ex, EVP_DecryptInit_ex and HMAC_Init_ex are possible to
fail and return error.
Error from these functions will be fatal for the callback, and I choose to
return -1.
SSL_CTX_set_tlsext_ticket_key_cb.3 explains the return value of callback.
This also could fix Coverity CID 345319.
ok jsing@ tb@
|
|
CID 345316
ok tb@
|
|
CID 345314 345320
ok tb@
|
|
ok tb@
|
|
|
|
|
|
|
|
This function has a weird dance of allocating an ASN1_STRING in an
inner scope and assigning it to a void pointer in an outer scope for
passing it to X509_PUBKEY_set0_param() and ASN1_STRING_free() on error.
This can be simplified and streamlined.
ok inoguchi
|
|
|
|
asn1_par.c r1.29 changed to access p[0] directly, and this pointer could be
overrun since ASN1_get_object advances pointer to the first content octet.
In case invalid ASN1 Boolean data, it has length but no content, I thought
this could be happen.
Adding check p with tot (diff below) will avoid this failure.
Reported by oss-fuzz 43633 and 43648(later)
ok tb@
|
|
|
|
after the bump
|
|
|
|
|
|
|
|
ok inoguchi jsing
|
|
ok inoguchi jsing
|
|
ok inoguchi jsing
|
|
ok inoguchi jsing
|
