Skip to content
  1. Apr 14, 2015
    • Matt Caswell's avatar
      Fix ssl_get_prev_session overrun · 5e0a80c1
      Matt Caswell authored
      
      
      If OpenSSL is configured with no-tlsext then ssl_get_prev_session can read
      past the end of the ClientHello message if the session_id length in the
      ClientHello is invalid. This should not cause any security issues since the
      underlying buffer is 16k in size. It should never be possible to overrun by
      that many bytes.
      
      This is probably made redundant by the previous commit - but you can never be
      too careful.
      
      With thanks to Qinghao Tang for reporting this issue.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      5e0a80c1
    • Matt Caswell's avatar
      Check for ClientHello message overruns · 5e9f0eeb
      Matt Caswell authored
      
      
      The ClientHello processing is insufficiently rigorous in its checks to make
      sure that we don't read past the end of the message. This does not have
      security implications due to the size of the underlying buffer - but still
      needs to be fixed.
      
      With thanks to Qinghao Tang for reporting this issue.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      5e9f0eeb
  2. Apr 11, 2015
  3. Apr 10, 2015
  4. Apr 08, 2015
  5. Apr 04, 2015
    • Richard Levitte's avatar
      Appease clang -Wshadow · 2da2a434
      Richard Levitte authored
      
      
      The macros BSWAP4 and BSWAP8 have statetemnt expressions
      implementations that use local variable names that shadow variables
      outside the macro call, generating warnings like this
      
      e_aes_cbc_hmac_sha1.c:263:14: warning: declaration shadows a local variable
            [-Wshadow]
          seqnum = BSWAP8(blocks[0].q[0]);
                   ^
      ../modes/modes_lcl.h:41:29: note: expanded from macro 'BSWAP8'
                                  ^
      e_aes_cbc_hmac_sha1.c:223:12: note: previous declaration is here
          size_t ret = 0;
                 ^
      
      Have clang be quiet by modifying the macro variable names slightly
      (suffixing them with an underscore).
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      2da2a434
    • Richard Levitte's avatar
      Appease clang -Wgnu-statement-expression · 04958e84
      Richard Levitte authored
      
      
      We use GNU statement expressions in crypto/md32_common.h, surrounded
      by checks that GNU C is indeed used to compile.  It seems that clang,
      at least on Linux, pretends to be GNU C, therefore finds the statement
      expressions and then warns about them.
      
      The solution is to have clang be quiet about it.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      04958e84
    • Richard Levitte's avatar
      Appease clang -Wempty-translation-unit · c25dea53
      Richard Levitte authored
      
      
      ebcdic.c:284:7: warning: ISO C requires a translation unit to contain at least one
            declaration [-Wempty-translation-unit]
            ^
      1 warning generated.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      c25dea53
  6. Apr 03, 2015
  7. Apr 02, 2015
  8. Apr 01, 2015
  9. Mar 31, 2015