|  | Commit message (Collapse) | Author | Age | Files | Lines | 
|---|
| | 
| 
| 
| 
| 
| 
| 
| 
| | that there is already a carry and Sigma[i-1] == -1, the carry
must be kept.
From Dmitry Eremin-Solenik.
Fixes incorrect Streebog result reported by Guido Vranken. | 
| | 
| 
| 
| | ok beck@, tb@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | in CRYPTO_ccm128_tag(). Otherwise the caller might end up
using the part of the tag buffer that was left uninitialized.
Issue found by Guido Vranken.
ok inoguchi | 
| | 
| 
| 
| 
| 
| 
| 
| | (same fix as in a_int.c rev 1.34)
Fixes oss-fuzz issue #13809
ok beck, jsing | 
| | 
| 
| 
| 
| 
| | Fixes oss-fuzz issue #13804
ok beck, jsing | 
| | 
| 
| 
| | ok jsing | 
| | 
| 
| 
| | ok jsing | 
| | 
| 
| 
| | ok jsing | 
| | 
| 
| 
| | ok jsing | 
| | 
| 
| 
| | ok jsing | 
| | 
| 
| 
| 
| 
| | an ugly strlen + malloc + strcat/strcpy dance by a simple asprintf().
ok jsing | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | and i2v_GENERAL_NAMES() by taking ownership of the extlist only if we
were passed NULL.  Otherwise it remains the caller's responsibility to
free it.  To do so, we allocate the extlist explicitly instead of using
X509V3_add_value()'s implicit allocation feature.  Preserve behavior in
i2v_AUTHORITY_KEYID() by adding an explicit check that something was
pushed onto the stack.
The other i2v_* functions will receive a similar treatment in upcoming
commits.
ok jsing | 
| | 
| 
| 
| 
| 
| 
| | and i2v_GENERAL_NAMES().  This fixes a couple of leaks and other
ugliness.
tweaks & ok jsing | 
| | 
| 
| 
| | imported OpenSSL 0.9.4 in 1999.  It won't ever be used. | 
| | |  | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| | minimum value.
Fixes oss-fuzz #14354.
ok beck@ bcook@ tb@ | 
| | 
| 
| 
| 
| 
| | Found by Guido Vranken when fuzzing and trying to use GOST with HMAC.
Fix confirmed by Guido; ok tb@ | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | X509V3_add_value() helpfully allocates a STACK_OF(CONF_VALUE) if it
receives a pointer to a NULL pointer.  If anything fails along the way,
it is however the caller's responsibility to free it.  This can easily
be fixed by freeing *extlist in the error path and zeroing it to avoid
a double free if there happens to be a caller out there that avoids
the leak.
Polish a few things so the function conforms a bit better to our usual
style.
tweak & ok jsing | 
| | |  | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| | Fixes oss-fuzz issue #13843.
ok tb@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | Some bread/bwrite functions implement this themselves, while others do not.
This makes it consistent across all BIO implementations.
Addresses an issue that Guido Vranken found with his fuzzer.
ok tb@ | 
| | 
| 
| 
| | ok tb@ | 
| | 
| 
| 
| 
| 
| 
| 
| | This reverts part of OpenSSL c2fd5d79, which added the same code to AES
CCM, GCM and XTS. In the case of CCM and GCM nothing assigns {ccm,gcm}.key
so there is never going to be anything to update (unlike XTS).
ok tb@ | 
| | 
| 
| 
| 
| 
| | Avoids use of uninitialised memory.
ok tb@ | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | In the case of a cipher with a custom copy control, if that control fails
we may still have pointers that we do not own in the previously copied
cipher data. Avoid potential double-frees by zeroing and freeing the
copied cipher data in this case.
Issue reported by Guido Vranken.
ok tb@ | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | The complexity of BN_bn2dec(bn) is quadratic in the length of bn.  This
function is used for printing numbers in CRLs which are typically small.
If a BN is larger than 127 bits, dump it as hex because that's cheap and
for numbers this size not significantly harder for humans to parse.
OpenSSL commit 10a3195fcf7d04ba519651cf12e945a8fe470a3c by David Benjamin
(still under the old licence), but significantly simplified.
Ideally, we would catch excessively large numbers on deserialization, but
that is made trickier by the templated ASN1.  Erroring out is also not an
option since the relevant part of the x509v3/ directory doesn't like to
do proper error checking (looking at you v2i and i2v).
Timeout found by oss-fuzz, should fix issues #13823 and #14130.
input & ok jsing | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | There are cases where the old_priv_decode() function can fail but consume
bytes. This will result in the pp pointer being advanced, which causes
d2i_PKCS8_PRIV_KEY_INFO() to be called with an advanced pointer and
incorrect length.
Fixes oss-fuzz #13803 and #14142.
ok deraadt@ tb@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | In this code, just because something is cast to a type doesn't mean it is
necessarily that type - in this case we cannot check the length of the
ASN1_STRING here, since it might be another data type and later handled
as an int (for example, in the V_ASN1_BOOLEAN case).
We will revisit this post release.
ok tb@ | 
| | 
| 
| 
| | ok millert@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | The plen variable can be NO_PAYLOAD_LENGTH == (size_t)-1, so doing
tls_aad[plen-4] is no good. Also check that the length of the AAD
set via the control interface is equal to 13 since the whole file
is written with that case in mind.
Note that we no longer use this code in LibreSSL/OpenBSD. We
eliminated the use of these control interfaces and stitched cipher
modes in libssl a while ago.
Problem found by Guido Vranken with his cryptofuzz - thanks!
input & ok beck, jsing | 
| | |  | 
| | 
| 
| 
| | ok beck@, tb@ | 
| | 
| 
| 
| 
| 
| 
| | BIO_print() returns -1 on failure, whereas the ASN print functions need to
return 0.
ok beck@, tb@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | If an ASN.1 item provides its own ASN1_PRIMITIVE_FUNCS functions, require
all functions to be provided (currently excluding prim_clear). This avoids
situations such as having a custom allocator that returns a specific struct
but then is then printed using the default primative print functions, which
interpret the memory as a different struct.
Found by oss-fuzz, fixes issue #13799.
ok beck@, tb@ | 
| | |  | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| | Reported by oss-fuzz, really fixes issue #13805.
ok beck@ tb@ | 
| | |  | 
| | 
| 
| 
| | From phrocker via github. | 
| | 
| 
| 
| 
| | depth of 128 - For oss-fuzz issue 13802
ok jsing@ | 
| | 
| 
| 
| 
| 
| | Reported by oss-fuzz, fixes issue #13805.
ok beck@ tb@ | 
| | 
| 
| 
| 
| 
| | sizes used remain a positive integer. Should address issue
13799 from oss-fuzz
ok tb@ jsing@ |