summaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2019-04-29Switched min_heap to size_t to prevent integer overflows.Tobias Stoeckmann
Also, as deraadt suggested, switched realloc to recallocarray to at least prevent uninitialized memory to be used as pointers in case of other programming errors. A proper solution (not using an array) needs more work. This change occured in sync with upstream libevent 2.2. with input by and ok bluhm, jca, tedu
2019-04-28Avoid an undefined shift in ASN1_ENUMERATED_get().Theo Buehler
(same fix as in a_int.c rev 1.34) Fixes oss-fuzz issue #13809 ok beck, jsing
2019-04-28Avoid an undefined shift in ASN1_INTEGER_get().Theo Buehler
Fixes oss-fuzz issue #13804 ok beck, jsing
2019-04-26Undo changes to tmpfile.c r1.5.Martijn van Duren
Doing the fchown call causes pledge("tmppath") to be insufficient and the the umask dance may cause race-conditions in multithreaded applications. Also POSIX states the following nowadays: implementations may restrict the permissions, either by clearing the file mode bits or setting them to the value S_IRUSR | S_IWUSR. Encouraging words from tedu@ Standards verification and OK millert@
2019-04-25Use calloc/freezero when allocating and freeing the session ticket data.Joel Sing
The decrypted session ticket contains key material. ok tb@
2019-04-25Use EVP_CIPHER_CTX_{new,free}() and HMAC_CTX_{new,free}() instead ofJoel Sing
allocating on stack. While here also check the return values from EVP_DecryptInit_ex() and HMAC_Init_ex(). ok tb@
2019-04-25Rename some variables in tls_decrypt_ticket().Joel Sing
Rename mlen to hlen since it is a hmac (and this matches hctx and hmac). Rename ctx to cctx since it is a cipher context and ctx is usually used to mean SSL_CTX in this code. ok tb@
2019-04-23missing dots after ".%P pp"; the case of btree(3) wasIngo Schwarze
reported by Fabio Scotoni <fabio at esse dot ch>; also garbage collect one .Tn while here
2019-04-23Convert tls_decrypt_ticket() to CBS.Joel Sing
This removes various pointer arithmetic and manual length checks. ok tb@
2019-04-22Add error checking to i2v_POLICY_MAPPINGS().Theo Buehler
ok jsing
2019-04-22Add error checking to i2v_POLICY_CONSTRAINTS().Theo Buehler
ok jsing
2019-04-22Add error checking to i2v_EXTENDED_KEY_USAGE().Theo Buehler
ok jsing
2019-04-22Add error checking to i2v_ASN1_BIT_STRING().Theo Buehler
ok jsing
2019-04-22Add error checking to i2v_BASIC_CONSTRAINTS().Theo Buehler
ok jsing
2019-04-22Add error checking to i2v_AUTHORITY_INFO_ACCESS(). While there, replaceTheo Buehler
an ugly strlen + malloc + strcat/strcpy dance by a simple asprintf(). ok jsing
2019-04-22Avoid potential double frees in i2v_AUTHORITY_KEYID(), i2v_GENERAL_NAME()Theo Buehler
and i2v_GENERAL_NAMES() by taking ownership of the extlist only if we were passed NULL. Otherwise it remains the caller's responsibility to free it. To do so, we allocate the extlist explicitly instead of using X509V3_add_value()'s implicit allocation feature. Preserve behavior in i2v_AUTHORITY_KEYID() by adding an explicit check that something was pushed onto the stack. The other i2v_* functions will receive a similar treatment in upcoming commits. ok jsing
2019-04-22Provide a derr label (decode/decrypt error) in tls1_decrypt_ticket().Joel Sing
This handles the ret = 2 case and makes the code more readable. ok tb@
2019-04-22Pass the session ID down to the session/ticket handling code as a CBS.Joel Sing
Convert ssl_get_prev_session(), tls1_process_ticket() and tls1_decrypt_ticket() to handle the session ID from the client hello as a CBS. While here also swap the order of arguments for tls1_decrypt_ticket() so that it is consistent with the other functions. ok tb@
2019-04-22Inline and remove the tlsext_tick_md macro.Joel Sing
There is not much point having a tlsext_tick_md macro that replaces EVP_sha256() in two places, when the cipher is just hardcoded. ok tb@
2019-04-21Add error checking to i2v_AUTHORITY_KEYID(), i2v_GENERAL_NAME()Theo Buehler
and i2v_GENERAL_NAMES(). This fixes a couple of leaks and other ugliness. tweaks & ok jsing
2019-04-21The noop v2i_PKEY_USAGE_PERIOD() has been commented out since beckTheo Buehler
imported OpenSSL 0.9.4 in 1999. It won't ever be used.
2019-04-21Fix awful whitespace in OBJ_bsearch_ext()Theo Buehler
2019-04-21KNF: use proper wrapping of function return type and nameTheo Buehler
2019-04-21adjust another bufcachepercent defaultanton
2019-04-21Clean up tls1_process_ticket().Joel Sing
We only have to find one extension, so do that first then proceed with processing and decryption. This makes the code more readable and drops two levels of indent. ok tb@
2019-04-21Cleanup more of tls_decrypt_ticket().Joel Sing
Separate the malloc() check and EVP_DecryptUpdate() - the malloc() failure is fatal while a EVP_DecryptUpdate() is a decryption failure. Also ensure that we clear the error stack in all cases where we are indicating a failure to decrypt or decode the ticket - otherwise SSL_error() while later return failure when it should not. ok tb@
2019-04-21Start cleaning up tls_decrypt_ticket().Joel Sing
Rather than returning from multiple places and trying to clean up as we go, move to a single exit point and clean/free in one place. Also invert the logic that handles NULL sessions - fail early, rather than having an indented if test for success. ok tb@
2019-04-21fix some style nits to reduce noise in an upcoming diffTheo Buehler
2019-04-21Improve comment grammarPhilip Guenther
2019-04-20knf, ok bluhmTed Unangst
2019-04-20Avoid undefined behaviour that results from negating a signed long withJoel Sing
minimum value. Fixes oss-fuzz #14354. ok beck@ bcook@ tb@
2019-04-19Allocate md_data with calloc to avoid use of uninitialised memory.Joel Sing
Found by Guido Vranken when fuzzing and trying to use GOST with HMAC. Fix confirmed by Guido; ok tb@
2019-04-19Allocate fixed NIDs for SM3/SM4.Joel Sing
2019-04-19Work around a limitation of clang integrated assembler on mips64.Visa Hankala
The assembler does not handle undeclared local symbols properly and generates R_MIPS_CALL16 relocations where it should generate local GOT references. For now, get along with the problem by declaring local symbols where necessary. OK kettenis@ guenther@
2019-04-19Prevent clang from using builtins and jump tables in _dl_boot_bind()Visa Hankala
on mips64. They need relocation and consequently cannot be used in that function. OK kettenis@
2019-04-18describe EIO failure state. noted by Maximilian LorlacksTed Unangst
2019-04-18unfold some compound operations to make this easier to followTed Unangst
2019-04-16Rewrite & fix X509V3_add_value()Theo Buehler
X509V3_add_value() helpfully allocates a STACK_OF(CONF_VALUE) if it receives a pointer to a NULL pointer. If anything fails along the way, it is however the caller's responsibility to free it. This can easily be fixed by freeing *extlist in the error path and zeroing it to avoid a double free if there happens to be a caller out there that avoids the leak. Polish a few things so the function conforms a bit better to our usual style. tweak & ok jsing
2019-04-16indent err: labelsTheo Buehler
2019-04-16wrap an overlong line and kill a space before a tabTheo Buehler
2019-04-16Move function types to their own lines; rewrap.Theo Buehler
2019-04-15Avoid signed integer overflow.Joel Sing
Fixes oss-fuzz issue #13843. ok tb@
2019-04-14Add input validation to BIO_read()/BIO_write().Joel Sing
Some bread/bwrite functions implement this themselves, while others do not. This makes it consistent across all BIO implementations. Addresses an issue that Guido Vranken found with his fuzzer. ok tb@
2019-04-14Some more malloc() to calloc() conversions.Joel Sing
ok tb@
2019-04-14Remove two pointless chunks of code.Joel Sing
This reverts part of OpenSSL c2fd5d79, which added the same code to AES CCM, GCM and XTS. In the case of CCM and GCM nothing assigns {ccm,gcm}.key so there is never going to be anything to update (unlike XTS). ok tb@
2019-04-14Use calloc() when allocating cipher_data.Joel Sing
Avoids use of uninitialised memory. ok tb@
2019-04-14Annotate a future improvement.Joel Sing
2019-04-14Avoid potential double-frees following EVP_CIPHER_CTX_copy().Joel Sing
In the case of a cipher with a custom copy control, if that control fails we may still have pointers that we do not own in the previously copied cipher data. Avoid potential double-frees by zeroing and freeing the copied cipher data in this case. Issue reported by Guido Vranken. ok tb@
2019-04-14Fix previous: I forgot to rename the bn_to_string() prototype.Theo Buehler
2019-04-13Null out pointers on asprintf() failure.Theo Buehler
These pointers will be passed to free. According to asprintf(3), "on OpenBSD, ret will be set to the null pointer, but this behavior should not be relied upon." ok jsing