| Age | Commit message (Collapse) | Author |
|---|
|
hackathon, just saying 'ass ember' was enough to start giggles.
Unfortunately far more offensive stuff remains in here...
|
|
DTLS fragments. A stream of 'Hello Request' messages will result in
infinite recursion, eventually crashing the DTLS client or server.
Fixes CVE-2014-0221, from OpenSSL.
Reported to OpenSSL by Imre Rad.
|
|
Fixes CVE-2014-3470, from OpenSSL.
ok deraadt@
|
|
DTLS fragments.
Fix for CVE-2014-0195, from OpenSSL.
Reported to OpenSSL by Juri Aedla.
ok deraadt@ beck@
|
|
is unchecked, which would result in a later null pointer dereference.
While here, RSA_free, DH_free and EC_KEY_free all have implicit NULL
checks, so avoid repeating them here.
ok beck@
|
|
secret. This is an additional safeguard against early ChangeCipherSpec
handling.
From OpenSSL.
ok deraadt@
|
|
Without this an early ChangeCipherSpec message would result in session
keys being generated, along with the Finished hash for the handshake,
using an empty master secret.
For a detailed analysis see:
https://www.imperialviolet.org/2014/06/05/earlyccs.html
This is a fix for CVE-2014-0224, from OpenSSL.
This issue was reported to OpenSSL by KIKUCHI Masashi. Unfortunately the
recent OpenSSL commit was the first we were made aware of the issue.
ok deraadt@ sthen@
|
|
|
|
free()ing it, rather than in conditional code.
Also do not bother setting server_opaque_prf_input (server, not client) to
NULL in conditional code 10 lines after explicitely free()ing it and setting
it to NULL (were the developers afraid of zombie pointers?)
ok guenther@
|
|
(From Frantisek Boranek)
OK from miod@
|
|
where it is feasible to do so. better safe than sorry.
|
|
(From Martin Brejcha)
OK from tedu@, miod@ and deraadt@
|
|
|
|
of the intel RDRAND instruction. Consensus was RDRAND should probably
only be used as an additional source of entropy in a mixer.
Guess which library bends over backwards to provide easy access to
RDRAND? Yep. Guess which applications are using this support? Not
even one... but still, this is being placed as a trap for someone.
Send this support straight to the abyss.
ok kettenis
|
|
|
|
isn't even exported, there's no (sane) way for someone else to use the
typedef. Eliminate the typedef and just use "struct _pqueue *".
duplicate typedef pointed out by Brent Cook (busterb (at) gmail.com)
ok miod@
|
|
this nasty function.
This gets rid of the nasty tmp variables used to hold temporary strings
and the DECIMAL_SIZE hack. it gets rid of the rather pointless null checks
for buf (since the original code dereferences it before checking). It also
gets rid of the insane possibility this could return -1 when stuff is
using the return values to compute lengths All the failure cases now
return 0 and an empty string like the first error case in the original
code.
ok miod@ tedu@
|
|
ok guenther
|
|
meaningful variable names with pointer arithmitic, rather than n, i, j
and p with array indexing.
Based on Adam Langley's chromium diffs.
ok miod@
|
|
results in the key block length calculation also being correct. Rename a
number of variables so that their purpose becomes clear and simplify some
of the code.
Inspired by Adam Langley's chromium diffs.
ok miod@
|
|
since all other characters are mapped through transparently.
ok jsing
|
|
memset(a->data, 0, (unsigned int)a->max);
but the decl is:
size_t max;
size_t could be larger than int, especially in some of the systems OpenSSL
purports to support.
How do _intentionally truncating_ casts like enter into a codebase?
Lack of understanding of C, at a minimum. Generally the objects are
small, but this code is _intentionally unready_ for large objects.
ok miod
|
|
in this file directly use __attribute__.
ok deraadt@
|
|
ok deraadt@
|
|
since the calculated value is not actually used in the uninitialised case.
Change the code so that we only do the calculation if we actually need it.
Issue detected by clang and reported by both brad@ and Brent Cook.
|
|
|
|
single variable with a descriptive name, instead of two poorly named
variables.
Largely based on Adam Langley's chromium patches.
ok miod@
|
|
removes the need for zero values to be specified (meaning that we usually
specify two fields instead of 12), makes the field names grepable and
protects from future field reordering/removal.
ok beck@ miod@
|
|
from Brent Cook
|
|
|
|
rather than only in the config file, to trip people up later.
Found, and fix pleaded for by <spider@skuggor.se> who apparently
spent hours chasing it down.
ok miod@
|
|
mentioning it's an int, bogus (int) casts and bounds checks against INT_MAX
(BUF_MEM_grow_clean has its own integer bounds checks).
ok deraadt@
|
|
behaviour of this code, to prevent people from blindly changing it.
|
|
|
|
|
|
|
|
|
|
|
|
wrapped in #ifdef DOXYGEN...
Requested by miod@
|
|
OPENSSL_NO_EC.
ok tedu@
|
|
OPENSSL_NO_TLSEXT.
ok tedu@
|
|
But do use the abort(), which we are hoping all future vendors will move
towards the more modern "do not flush streams"; hint hint, if you didn't
do that already, there are grave risks because much software brings risk
without that behaviour. We didn't cause the change.. POSIX did...
ok beck
|
|
|
|
|
|
|
|
a not quite appropriate data structure. ok jsing
|
|
SSL_USE_TLS1_2_CIPHERS.
Largely based on OpenSSL head.
|
|
gets rid of the second last use of the awful DECIMAL_SIZE.
|
|
|
|
ok tedu guenther
|
