- Feb 10, 2017
-
-
Dr. Stephen Henson authored
Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2587)
-
Andy Polyakov authored
.cfi_{start|end}proc and .cfi_def_cfa were not tracked. Reviewed-by:Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2585)
-
Adam Langley authored
CLA: trivial Reviewed-by:
Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2584)
-
Adam Langley authored
I don't think this actually affects anything since the cfi_restore directives aren't strictly needed anyway. (The old values are still in memory so either will do.) CLA: trivial Reviewed-by:
Rich Salz <rsalz@openssl.org> Reviewed-by:
-
Lukasz Pawelczyk authored
EVP_CIPH_FLAG_LENGTH_BITS flag for CFB1 has been broken with the introduction of the is_partially_overlapping() check that did not take it into the account (treating number of bits passed as bytes). This remedies that and allows this flag to work as intended. Reviewed-by:
-
Cristian Stoica authored
CLA: trivial Signed-off-by:
Cristian Stoica <cristian.stoica@nxp.com> Reviewed-by:
Geoff Thorpe <geoff@openssl.org> Reviewed-by:
-
Cristian Stoica authored
CLA: trivial Signed-off-by:
-
Cristian Stoica authored
CLA: trivial Signed-off-by:
-
Cristian Stoica authored
CLA: trivial Signed-off-by:
-
- Feb 09, 2017
-
-
David Benjamin authored
While it's always safe to read |SSL_MAX_SSL_SESSION_ID_LENGTH| bytes from an |SSL_SESSION|'s |session_id| array, the hash function would do so with without considering if all those bytes had been written to. This change checks |session_id_length| before possibly reading uninitialised memory. Since the result of the hash function was already attacker controlled, and since a lookup of a short session ID will always fail, it doesn't appear that this is anything more than a clean up. In particular, |ssl_get_prev_session| uses a stack-allocated placeholder |SSL_SESSION| as a lookup key, so the |session_id| array may be uninitialised. This was originally found with libFuzzer and MSan in https://boringssl.googlesource.com/boringssl/+/e976e4349d693b4bbb97e1694f45be5a1b22c8c7 , then by Robert Swiecki with honggfuzz and MSan here. Thanks to both. Reviewed-by:
-
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
CFI directives annotate instructions that are significant for stack unwinding procedure. In addition to directives recognized by GNU assembler this module implements three synthetic ones: - .cfi_push annotates push instructions in prologue and translates to .cfi_adjust_cfa_offset (if needed) and .cfi_offset; - .cfi_pop annotates pop instructions in epilogue and translates to .cfi_adjust_cfs_offset (if needed) and .cfi_restore; - .cfi_cfa_expression encodes DW_CFA_def_cfa_expression and passes it to .cfi_escape as byte vector; CFA expression syntax is made up mix of DWARF operator suffixes [subset of] and references to registers with optional bias. Following example describes offloaded original stack pointer at specific offset from current stack pointer: .cfi_cfa_expression %rsp+40,deref,+8 Final +8 has everything to do with the fact that CFA, Canonical Frame Address, is reference to top of caller's stack, and on x86_64 call to subroutine pushes 8-byte return address. Triggered by request from Adam Langley. Reviewed-by: -
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
Reviewed-by: -
Matt Caswell authored
Fixes a copy&paste error Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Peter Wu authored
When idx is negative (as is the case with do_print_sigalgs in apps/s_cb.c), AddressSanitizer complains about a buffer overflow (read). Even if the pointer is not dereferenced, this is undefined behavior. Change the user not to use "-1" as index since the function is documented to return 0 on out-of-range values. Tested with `openssl s_server` and `curl -k https://localhost:4433`. Reviewed-by:
-
- Feb 08, 2017
-
-
Richard Levitte authored
Reviewed-by:
-
Matt Caswell authored
If s->s3->tmp.new_cipher is NULL then a crash can occur. This can happen if an alert gets sent after version negotiation (i.e. we have selected TLSv1.3 and ended up in tls13_enc), but before a ciphersuite has been selected. Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Add SSL_kANY and SSL_aANY contants for TLS 1.3 ciphersuites. Return appropriate text strings when they are used. Reviewed-by:
-
Rich Salz authored
Reviewed-by:
-
- Feb 07, 2017
-
-
Peter Wu authored
The server and client demos (s_client and s_server) are extended with a -keylogfile option. This is similar as setting the SSLKEYLOGFILE environment variable for NSS and creates a keylog file which is suitable for Wireshark. Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Bernd Edlinger authored
or EVP_CTRL_INIT/EVP_CTRL_COPY was not called or failed. If that happens in EVP_CipherInit_ex/EVP_CIPHER_CTX_copy set cipher = NULL, aes_gcm_cleanup should check that gctx != NULL before calling OPENSSL_cleanse. Reviewed-by:
-
- Feb 06, 2017
-
-
Rich Salz authored
Reported by Jakub Wilk. Reviewed-by:
-
Rich Salz authored
Reported by Alexander Köppe Reviewed-by:
-
Andy Polyakov authored
Idea is to keep it last for all eternity, so that if you find yourself in time-pressed situation and deem that fuzz test can be temporarily skipped, you can terminate the test suite with less hesitation about following tests that you would have originally missed. Reviewed-by: -
Andy Polyakov authored
- harmonize handlers with guidelines and themselves; - fix some bugs in handlers; - add missing handlers in chacha and ecp_nistz256 modules; Reviewed-by: -
Andy Polyakov authored
Reviewed-by:
-
- Feb 05, 2017
-
-
Bernd Edlinger authored
Reviewed-by:
-
