summaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2014-06-10Check return value of EVP_MD_CTX_copy_ex() in ssl3_handshake_mac()Loganaden Velvindron
to avoid potential null pointer dereference. Based on david ramos work. OK from miod@ and jsing@
2014-06-10Abandon the auto-ENGINE /dev/crypto interface. VIA 3des cbc receivesTheo de Raadt
collateral damage. The syncronous nature of this mechanism has hampered performance for symmetric crypto relative to brute-force cpu. The assymetric crypto support never really materialized in drivers. So abandon the complexity. ok tedu beck mikeb some disagrement from djm but if he wants to test /dev/crypto ciphers he should do it without this this gigantic API in the way
2014-06-10KNF.Joel Sing
2014-06-10KNF.Joel Sing
2014-06-10Remove pointless casts and use c instead of &c[0], since it is the sameJoel Sing
thing for an unsigned char array. ok deraadt@
2014-06-10In tls1_cert_verify_mac(), check the return value of EVP_MD_CTX_copy_ex()Joel Sing
to avoid a possible NULL function call on ctx.final(). None of the callers currently check the return value of calls to cert_verify_mac(), however the function already returns 0 in another case and the MAC comparison will later fail. Issue reported by David Ramos.
2014-06-10Use C99 initialisers for EVP_MD structs, for clarity, grepability and toJoel Sing
protect from future field reordering/removal. No difference in generated assembly.
2014-06-10More KNF.Joel Sing
2014-06-10Avoid potential NULL pointer function calls in n_ssl3_mac() by checkingJoel Sing
the return value of EVP_MD_CTX_copy_ex(). If the copy fails early then EVP_DigestUpdate() will invoke md_ctx.update(), which will be a NULL function pointer. Analysis and patch from David Ramos. ok deraadt@
2014-06-10Multiple fixes for ssl3_digest_cached_records() - if EVP_MD_CTX_create()Joel Sing
fails, the NULL check will add an error but it does not abort. This will result in EVP_DigestInit_ex() being called with a NULL context. Also ensure that we check the return values from EVP_DigestInit_ex() and EVP_DigestUpdate(). ok deraadt@ miod@
2014-06-10Ensure ssl3_final_finish_mac() returns failure if either the MD5 or SHA1Joel Sing
handshake MAC calculation fails. Currently, the result from both ssl3_handshake_mac() calls is added together. This means that unless both MD5 and SHA1 fail, a positive value will be returned to the caller, indicating success rather than failure. ok deraadt@ miod@ sthen@
2014-06-10mop up ifndef KERNEL goo; ok miodTheo de Raadt
2014-06-09use memset instead of bzeroTheo de Raadt
2014-06-09do not include dso.h where it is not needed; ok miodTheo de Raadt
2014-06-09Nuke the machinery to sync libkern with libc, it's not been used in theMiod Vallat
last 15 years and there is no point to use it in the future. From Jean-Philippe Ouellet
2014-06-09More KNF.Joel Sing
2014-06-08Add an SSL_CIPHER_ALGORITHM2_AEAD flag that is used to mark a cipher asJoel Sing
using EVP_AEAD. Also provide an EVP_AEAD-only equivalent of ssl_cipher_get_evp().
2014-06-08Add a define for the SSLv3 sequence size and use it, rather than sprinklingJoel Sing
magic numbers around. ok deraadt@
2014-06-08No, we will not be building with OPENSSL_NO_X509_VERIFY. Nuke it andJoel Sing
do some other clean up while here. ok deraadt@
2014-06-08Clean up BIO_free() handling in bio_ssl.c - BIO_free() has its own NULLJoel Sing
check, so do not duplicate it here. Make the error handling consistent by always using 'goto err' rather than returning in certain cases. Also add a missing BIO_free(ssl) in BIO_new_ssl_connect(). ok deraadt@
2014-06-08Be explicit with types. No binary change.Joel Sing
2014-06-08Stop using DSO_global_lookup to reach getaddrinfo() and friendsTheo de Raadt
discussed with tedu, ok jsing
2014-06-08Factor out the part of tls1_change_cipher_state() that is specific toJoel Sing
switching cipher states using an EVP_CIPHER. This will facilitate the addition of cipher state changes for EVP_AEAD. No functional change. Based on Adam Langley's chromium patches.
2014-06-08Factor out the sequence number reset code to aid in upcoming changes.Joel Sing
2014-06-07/* on some platforms time_t may be a float */Theo de Raadt
In the past, time_t's type was underspecified. But a floating point type would not have worked in practice. Newer specifications effectively forbid it. While cleaning this up, get partly ready for Y2038. ok miod
2014-06-07http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2016265dfbab162e ↵Theo de Raadt
c30718b5e7480add42598158 Don't know the full story, but it looks like a "can't do random perfectly, so do it god awful" problem was found in 2013, and replaced with "only do it badly if a flag is set". New flags (SSL_MODE_SEND_SERVERHELLO_TIME and SSL_MODE_SEND_SERVERHELLO_TIME) were added [Ben Laurie?] to support the old scheme of "use time_t for first 4 bytes of the random buffer". Nothing uses these flags [ecosystem scan by sthen] Fully discourage use of these flags in the future by removing support & definition of them. The buflen < 4 check is also interesting, because no entropy would be returned. No callers passed such small buffers. ok miod sthen
2014-06-07Add missing NULL check after calling EVP_PKEY_new_mac_key().Joel Sing
Based on Adam Langley's chromium patches.
2014-06-07Use !is_read to imply SSL3_CC_WRITE.Joel Sing
While this is not strictly correct (since the presence of SSL3_CC_READ does not guarantee the absence of SSL3_CC_WRITE), in practice only one of these flags is set at a time and there is existing logic which already relies on this behaviour.
2014-06-07Move the export label initialisation into the export handling code, sinceJoel Sing
this is the only place where these variables are used.
2014-06-07Remove pointless casts - no binary change.Joel Sing
2014-06-07Rename variables to make it clear that these are only used in the exportJoel Sing
code. Additionally, these need to be cleaned in the export case. Based on Adam Langley's chromium patches.
2014-06-07remove last few uses of __PTheo de Raadt
2014-06-07Further clean up of context handling in tls1_change_cipher_state().Joel Sing
Rather than doing a complex dance to figure out if we should reuse the cipher context and clean it later on, just free it and allocate a new one. This simplifies the code path, especially in the write case where special handling is required for DTLS. Also, calling EVP_CIPHER_CTX_init() for a newly created cipher context is unnecessary, since EVP_CIPHER_CTX_new() already does this (not to mention that it was already missing from the write case).
2014-06-07Remove various test stubs. The good ones have been moved by jsingTheo de Raadt
and others to the regress framework. These remaining ones just muddle us up when re-reading code repeatedly. ok jsing
2014-06-07evptests.txt lives in regress/lib/libcrypto/evpJoel Sing
2014-06-07malloc() result does not need a cast.Theo de Raadt
ok miod
2014-06-07Remove another NULL check before a BIO_free().Joel Sing
2014-06-07ssl3_free_digest_list() has its own NULL check.Joel Sing
2014-06-07BIO_free has an implicit NULL check, so do not bother checking for NULLJoel Sing
before calling it.
2014-06-07ssl3_release_{read,write}_buffer() handle being called with NULL buffers,Joel Sing
so do not bother checking before calling.
2014-06-07The DH_free, EC_KEY_free, EVP_PKEY_free and RSA_free functions all haveJoel Sing
implicit NULL checks, so there is no point ensuring that the pointer is non-NULL before calling them.
2014-06-07More KNF.Joel Sing
2014-06-07More KNF.Joel Sing
2014-06-07Fix modf() on sparcTobias Ulmer
For large integral values, modf returned uninitialized data in iptr since 1992. Found while debugging python segfaults. ok miod
2014-06-06s/assember/assembler/ before someone gets offended. At the lastTheo de Raadt
hackathon, just saying 'ass ember' was enough to start giggles. Unfortunately far more offensive stuff remains in here...
2003-05-11import 0.9.7b (without idea and rc5)Markus Friedl
2014-06-05Do not recurse when a 'Hello Request' message is received while gettingJoel Sing
DTLS fragments. A stream of 'Hello Request' messages will result in infinite recursion, eventually crashing the DTLS client or server. Fixes CVE-2014-0221, from OpenSSL. Reported to OpenSSL by Imre Rad.
2014-06-05Ensure that sess_cert is not NULL before trying to use it.Joel Sing
Fixes CVE-2014-3470, from OpenSSL. ok deraadt@
2014-06-05Avoid a buffer overflow that can be triggered by sending specially craftedJoel Sing
DTLS fragments. Fix for CVE-2014-0195, from OpenSSL. Reported to OpenSSL by Juri Aedla. ok deraadt@ beck@
2014-06-05ssl_sess_cert_new() can return NULL. Fix two cases where the return valueJoel Sing
is unchecked, which would result in a later null pointer dereference. While here, RSA_free, DH_free and EC_KEY_free all have implicit NULL checks, so avoid repeating them here. ok beck@