summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Proper prototype for main(). Make sparc64 happier.claudio2019-05-091-2/+4
|
* In DTLS, use_srtp is part of the extended server hello while in TLSv1.3,tb2019-05-081-2/+3
| | | | | | | | | | it is an encrypted extension. Include it in the server hello for now. This will have to be revisited once TLSv1.3 gets there. Fixes SRTP negotiation. Problem found by two rust-openssl regress failures reported by mikeb. with & ok beck
* initialize safestack pointersbcook2019-05-083-6/+6
| | | | ok beck@, tb@
* Make sure that the tag buffer size is equal to the tag sizetb2019-05-081-2/+2
| | | | | | | | | in CRYPTO_ccm128_tag(). Otherwise the caller might end up using the part of the tag buffer that was left uninitialized. Issue found by Guido Vranken. ok inoguchi
* Add test fseek(,-1) works properly.yasuoka2019-05-021-3/+8
|
* Avoid an undefined shift in ASN1_ENUMERATED_get().tb2019-04-281-4/+9
| | | | | | | | (same fix as in a_int.c rev 1.34) Fixes oss-fuzz issue #13809 ok beck, jsing
* Avoid an undefined shift in ASN1_INTEGER_get().tb2019-04-281-4/+8
| | | | | | Fixes oss-fuzz issue #13804 ok beck, jsing
* Use calloc/freezero when allocating and freeing the session ticket data.jsing2019-04-251-4/+6
| | | | | | The decrypted session ticket contains key material. ok tb@
* Use EVP_CIPHER_CTX_{new,free}() and HMAC_CTX_{new,free}() instead ofjsing2019-04-251-24/+29
| | | | | | | | | allocating on stack. While here also check the return values from EVP_DecryptInit_ex() and HMAC_Init_ex(). ok tb@
* Rename some variables in tls_decrypt_ticket().jsing2019-04-251-18/+18
| | | | | | | | | Rename mlen to hlen since it is a hmac (and this matches hctx and hmac). Rename ctx to cctx since it is a cipher context and ctx is usually used to mean SSL_CTX in this code. ok tb@
* Do not check for working go executable during make clean cleandir obj.bluhm2019-04-241-1/+3
| | | | reminded by jsing@
* Do not check for working go executable during make clean cleandir obj.bluhm2019-04-241-1/+3
|
* Convert tls_decrypt_ticket() to CBS.jsing2019-04-231-44/+72
| | | | | | This removes various pointer arithmetic and manual length checks. ok tb@
* Add error checking to i2v_POLICY_MAPPINGS().tb2019-04-221-9/+26
| | | | ok jsing
* Add error checking to i2v_POLICY_CONSTRAINTS().tb2019-04-221-5/+19
| | | | ok jsing
* Add error checking to i2v_EXTENDED_KEY_USAGE().tb2019-04-221-8/+23
| | | | ok jsing
* Add error checking to i2v_ASN1_BIT_STRING().tb2019-04-221-4/+18
| | | | ok jsing
* Add error checking to i2v_BASIC_CONSTRAINTS().tb2019-04-221-3/+18
| | | | ok jsing
* Add error checking to i2v_AUTHORITY_INFO_ACCESS(). While there, replacetb2019-04-221-19/+27
| | | | | | an ugly strlen + malloc + strcat/strcpy dance by a simple asprintf(). ok jsing
* Avoid potential double frees in i2v_AUTHORITY_KEYID(), i2v_GENERAL_NAME()tb2019-04-222-6/+22
| | | | | | | | | | | | | | and i2v_GENERAL_NAMES() by taking ownership of the extlist only if we were passed NULL. Otherwise it remains the caller's responsibility to free it. To do so, we allocate the extlist explicitly instead of using X509V3_add_value()'s implicit allocation feature. Preserve behavior in i2v_AUTHORITY_KEYID() by adding an explicit check that something was pushed onto the stack. The other i2v_* functions will receive a similar treatment in upcoming commits. ok jsing
* Provide a derr label (decode/decrypt error) in tls1_decrypt_ticket().jsing2019-04-221-41/+29
| | | | | | This handles the ret = 2 case and makes the code more readable. ok tb@
* Pass the session ID down to the session/ticket handling code as a CBS.jsing2019-04-224-35/+36
| | | | | | | | | Convert ssl_get_prev_session(), tls1_process_ticket() and tls1_decrypt_ticket() to handle the session ID from the client hello as a CBS. While here also swap the order of arguments for tls1_decrypt_ticket() so that it is consistent with the other functions. ok tb@
* Inline and remove the tlsext_tick_md macro.jsing2019-04-223-6/+5
| | | | | | | There is not much point having a tlsext_tick_md macro that replaces EVP_sha256() in two places, when the cipher is just hardcoded. ok tb@
* Add error checking to i2v_AUTHORITY_KEYID(), i2v_GENERAL_NAME()tb2019-04-212-32/+80
| | | | | | | and i2v_GENERAL_NAMES(). This fixes a couple of leaks and other ugliness. tweaks & ok jsing
* The noop v2i_PKEY_USAGE_PERIOD() has been commented out since becktb2019-04-211-14/+2
| | | | imported OpenSSL 0.9.4 in 1999. It won't ever be used.
* Fix awful whitespace in OBJ_bsearch_ext()tb2019-04-211-5/+6
|
* KNF: use proper wrapping of function return type and nametb2019-04-213-9/+9
|
* Clean up tls1_process_ticket().jsing2019-04-211-39/+43
| | | | | | | | We only have to find one extension, so do that first then proceed with processing and decryption. This makes the code more readable and drops two levels of indent. ok tb@
* Cleanup more of tls_decrypt_ticket().jsing2019-04-211-5/+9
| | | | | | | | | | | Separate the malloc() check and EVP_DecryptUpdate() - the malloc() failure is fatal while a EVP_DecryptUpdate() is a decryption failure. Also ensure that we clear the error stack in all cases where we are indicating a failure to decrypt or decode the ticket - otherwise SSL_error() while later return failure when it should not. ok tb@
* Start cleaning up tls_decrypt_ticket().jsing2019-04-211-58/+63
| | | | | | | | | Rather than returning from multiple places and trying to clean up as we go, move to a single exit point and clean/free in one place. Also invert the logic that handles NULL sessions - fail early, rather than having an indented if test for success. ok tb@
* fix some style nits to reduce noise in an upcoming difftb2019-04-211-9/+8
|
* Avoid undefined behaviour that results from negating a signed long withjsing2019-04-201-2/+2
| | | | | | | | minimum value. Fixes oss-fuzz #14354. ok beck@ bcook@ tb@
* Allocate md_data with calloc to avoid use of uninitialised memory.jsing2019-04-191-6/+6
| | | | | | Found by Guido Vranken when fuzzing and trying to use GOST with HMAC. Fix confirmed by Guido; ok tb@
* Allocate fixed NIDs for SM3/SM4.jsing2019-04-191-0/+12
|
* Rewrite & fix X509V3_add_value()tb2019-04-161-17/+24
| | | | | | | | | | | | | | X509V3_add_value() helpfully allocates a STACK_OF(CONF_VALUE) if it receives a pointer to a NULL pointer. If anything fails along the way, it is however the caller's responsibility to free it. This can easily be fixed by freeing *extlist in the error path and zeroing it to avoid a double free if there happens to be a caller out there that avoids the leak. Polish a few things so the function conforms a bit better to our usual style. tweak & ok jsing
* indent err: labelstb2019-04-161-7/+7
|
* wrap an overlong line and kill a space before a tabtb2019-04-161-3/+4
|
* Move function types to their own lines; rewrap.tb2019-04-161-30/+40
|
* Avoid signed integer overflow.jsing2019-04-151-2/+2
| | | | | | Fixes oss-fuzz issue #13843. ok tb@
* Add input validation to BIO_read()/BIO_write().jsing2019-04-141-4/+14
| | | | | | | | | Some bread/bwrite functions implement this themselves, while others do not. This makes it consistent across all BIO implementations. Addresses an issue that Guido Vranken found with his fuzzer. ok tb@
* Some more malloc() to calloc() conversions.jsing2019-04-141-7/+5
| | | | ok tb@
* Remove two pointless chunks of code.jsing2019-04-141-16/+1
| | | | | | | | This reverts part of OpenSSL c2fd5d79, which added the same code to AES CCM, GCM and XTS. In the case of CCM and GCM nothing assigns {ccm,gcm}.key so there is never going to be anything to update (unlike XTS). ok tb@
* Use calloc() when allocating cipher_data.jsing2019-04-141-5/+5
| | | | | | Avoids use of uninitialised memory. ok tb@
* Annotate a future improvement.jsing2019-04-141-1/+2
|
* Avoid potential double-frees following EVP_CIPHER_CTX_copy().jsing2019-04-141-4/+17
| | | | | | | | | | | In the case of a cipher with a custom copy control, if that control fails we may still have pointers that we do not own in the previously copied cipher data. Avoid potential double-frees by zeroing and freeing the copied cipher data in this case. Issue reported by Guido Vranken. ok tb@
* Fix previous: I forgot to rename the bn_to_string() prototype.tb2019-04-141-2/+2
|
* Add a test for the bn_to_string() function introduced in v3_utl.c r1.32.tb2019-04-132-6/+133
|
* Null out pointers on asprintf() failure.tb2019-04-131-3/+7
| | | | | | | | These pointers will be passed to free. According to asprintf(3), "on OpenBSD, ret will be set to the null pointer, but this behavior should not be relied upon." ok jsing
* Avoid quadratic behavior of decimal BIGNUM conversiontb2019-04-131-9/+36
| | | | | | | | | | | | | | | | | | | The complexity of BN_bn2dec(bn) is quadratic in the length of bn. This function is used for printing numbers in CRLs which are typically small. If a BN is larger than 127 bits, dump it as hex because that's cheap and for numbers this size not significantly harder for humans to parse. OpenSSL commit 10a3195fcf7d04ba519651cf12e945a8fe470a3c by David Benjamin (still under the old licence), but significantly simplified. Ideally, we would catch excessively large numbers on deserialization, but that is made trickier by the templated ASN1. Erroring out is also not an option since the relevant part of the x509v3/ directory doesn't like to do proper error checking (looking at you v2i and i2v). Timeout found by oss-fuzz, should fix issues #13823 and #14130. input & ok jsing
* Avoid leak in SSL_dup_CA_list()tb2019-04-131-8/+14
| | | | | | | | In the case that X509_NAME_dup() succeeds, but sk_X509_NAME_push() fails, name is leaked. The entire function is trying to be clever and therefore hard to follow. Let's do it the stupid but safe way. ok jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-19 14:26:56 +0000