- Mar 16, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Mar 15, 2015
-
-
Carl Jackson authored
Previously, ASN1_UTCTIME_cmp_time_t would return 1 if s > t, -1 if s < t, and 0 if s == t. This behavior was broken in a refactor [0], resulting in the opposite time comparison behavior. [0]: 904348a4922333106b613754136305db229475ea PR#3706 Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Missed one file in the #ifdef merge; thanks Kurt. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Dr. Stephen Henson authored
Update error messages to say "EC is disabled" these can then be picked up by mkdef.pl. Update ordinals. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Kurt Roeckx authored
It created the cert structure in SSL_CTX or SSL if it was NULL, but they can never be NULL as the comments already said. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
- Mar 14, 2015
-
-
Andy Polyakov authored
Other curves don't have this problem. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Emilia Kasper authored
Td4 and Te4 are arrays of u8. A u8 << int promotes the u8 to an int first then shifts. If the mathematical result of a shift (as modelled by lhs * 2^{rhs}) is not representable in an integer, behaviour is undefined. In other words, you can't shift into the sign bit of a signed integer. Fix this by casting to u32 whenever we're shifting left by 24. (For consistency, cast other shifts, too.) Caught by -fsanitize=shift Submitted by Nick Lewycky (Google) Reviewed-by: Andy Polyakov <appro@openssl.org>
-
- Mar 13, 2015
-
-
Dr. Stephen Henson authored
Allocate and free ASN.1 string types directly instead of going through the ASN.1 item code. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Petr Spacek authored
According to RFC 5649 section 4.1 step 1) we should not add padding if plaintext length is multiply of 8 ockets. This matches pseudo-code in http://dx.doi.org/10.6028/NIST.SP.800-38F on page 15, section 6.3 KWP, algorithm 5 KWP-AE, step 2. PR#3675 Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org>
-
- Mar 12, 2015
-
-
Dr. Stephen Henson authored
Remove DECLARE_ASN1_SET_OF and DECLARE_PKCS12_STACK_OF these haven't been used internally in OpenSSL for some time. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
When printing out an ASN.1 structure if the type is an item template don't fall thru and attempt to interpret as a primitive type. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Matt Caswell authored
In the RSA_X931_derive_ex a call to BN_CTX_new is made. This can return NULL on error. However the return value is not tested until *after* it is derefed! Also at the top of the function a test is made to ensure that |rsa| is not NULL. If it is we go to the "err" label. Unfortunately the error handling code deref's rsa. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
If SSL_check_chain is called with a NULL X509 object or a NULL EVP_PKEY or the type of the public key is unrecognised then the local variable |cpk| in tls1_check_chain does not get initialised. Subsequently an attempt is made to deref it (after the "end" label), and a seg fault will result. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
Fixed assorted missing return value checks in c3_cpols.c Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
The return value from ASN1_STRING_new() was not being checked which could lead to a NULL deref in the event of a malloc failure. Also fixed a mem leak in the error path. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
The return value from ASN1_STRING_new() was not being checked which could lead to a NULL deref in the event of a malloc failure. Also fixed a mem leak in the error path. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
The call to asn1_do_adb can return NULL on error, so we should check the return value before attempting to use it. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
ASN1_primitive_new takes an ASN1_ITEM * param |it|. There are a couple of conditional code paths that check whether |it| is NULL or not - but later |it| is deref'd unconditionally. If |it| was ever really NULL then this would seg fault. In practice ASN1_primitive_new is marked as an internal function in the public header file. The only places it is ever used internally always pass a non NULL parameter for |it|. Therefore, change the code to sanity check that |it| is not NULL, and remove the conditional checking. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Matt Caswell authored
Calling EVP_DigestInit_ex which has already had the digest set up for it should be possible. You are supposed to be able to pass NULL for the type. However currently this seg faults. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Matt Caswell authored
In the event of an error |rr| could be NULL. Therefore don't assume you can use |rr| in the error handling code. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Andy Polyakov authored
[and respect error return value in ssltest.c] Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Mar 11, 2015
-
-
Rich Salz authored
Suggested by John Foley <foleyj@cisco.com>. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Richard Levitte authored
Configure would load the glob "Configurations*". The problem with this is that it also loads all kinds of backups of those configurations that some editors do, like emacs' classic 'Configurations~'. The solution is to give them an extension, such as '.conf', and make sure to end the glob with that. Also, because 'Configurations.conf' makes for a silly name, and because a possibly large number of configurations will become clutter, move them to a subdirectory 'Configurations/', and rename them to something more expressive, as well as something that sets up some form of sorting order. Thus: Configurations -> Configurations/10-main.conf Configurations.team -> Configurations/90-team.conf Finally, make sure that Configure sorts the list of files that 'glob' produces, and adapt Makefile.org. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Cleanse various intermediate buffers used by the PRF. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Mar 10, 2015
-
-
Emilia Kasper authored
Ensure all malloc failures return -1. Reported by Adam Langley (Google). Reviewed-by: Matt Caswell <matt@openssl.org>
-
Richard Godbee authored
BIO_debug_callback() no longer assumes the hexadecimal representation of a pointer fits in 8 characters. Signed-off-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
Fix security issue where under certain conditions a client can complete a handshake with an unseeded PRNG. The conditions are: - Client is on a platform where the PRNG has not been seeded, and the user has not seeded manually - A protocol specific client method version has been used (i.e. not SSL_client_methodv23) - A ciphersuite is used that does not require additional random data from the PRNG beyond the initial ClientHello client random (e.g. PSK-RC4-SHA) If the handshake succeeds then the client random that has been used will have been generated from a PRNG with insufficient entropy and therefore the output may be predictable. For example using the following command with an unseeded openssl will succeed on an unpatched platform: openssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA CVE-2015-0285 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Mar 09, 2015
-
-
Dmitry-Me authored
Signed-off-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
David Woodhouse authored
Since commit 741c9959 ("DTLS revision."), we put the wrong protocol version into our ClientHello for DTLS1_BAD_VER. The old DTLS code which used ssl->version was replaced by the more generic SSL3 code which uses ssl->client_version. The Cisco ASA no longer likes our ClientHello. RT#3711 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Commit 9cf0f187 in HEAD, and 68039af3 in 1.0.2, removed a version check from dtls1_buffer_message() which was needed to distinguish between DTLS 1.x and Cisco's pre-standard version of DTLS (DTLS1_BAD_VER). Based on an original patch by David Woodhouse <dwmw2@infradead.org> RT#3703 Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Mar 08, 2015
-
-
Dr. Stephen Henson authored
New function ASN1_STRING_clear_free which cleanses an ASN1_STRING structure before freeing it. Call ASN1_STRING_clear_free on PKCS#8 private key components. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Viktor Szakats authored
Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Mar 06, 2015
-
-
Matt Caswell authored
Run make errors on master Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Make the output from mkerr.pl consistent with the newly reformatted code. Reviewed-by: Richard Levitte <levitte@openssl.org>
-