kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
856 Commits 12 Branches 0 Tags 38 MiB
C 43.1%
C++ 23.5%
Go 13.6%
Raku 10.8%
Perl 4%
Other 4.9%
2fe7f2d0d9
Go to file
Eric Roman 2fe7f2d0d9 Initialize HMAC keys to zero. 
In an attempt to assign a zero-length HMAC key, consumers might
incorrectly call:

   HMAC_Init_ex(key=NULL, key_len=0)

This does not work as expected since |key==NULL| has special semantics.
This bug may consequently result in uninitialized memory being used for
the HMAC key data.

This workaround doesn't fix all the problems associated with this
pattern, however by defaulting to a zero key the results are more
predictable than before.

BUG=http://crbug.com/449409

Change-Id: I777276d57c61f1c0cce80b18e28a9b063784733f
Reviewed-on: https://boringssl-review.googlesource.com/3040
Reviewed-by: Adam Langley <agl@google.com>
2015-01-28 01:27:25 +00:00
crypto Initialize HMAC keys to zero. 2015-01-28 01:27:25 +00:00
doc Inital import. 2014-06-20 13:17:32 -07:00
include/openssl Reformat SSL/TLS headers. 2015-01-26 20:23:09 +00:00
ssl Only send sigalgs extension in 1.2-capable ClientHellos. 2015-01-26 18:45:04 +00:00
tool Fix build after mistake addressing comments in cca4d599. 2015-01-26 16:34:37 -08:00
util Add a test for CONF_parse_list. 2015-01-26 21:24:50 +00:00
.clang-format Inital import. 2014-06-20 13:17:32 -07:00
.gitignore Add generated documentation to .gitignore 2015-01-26 18:37:55 +00:00
BUILDING Improve the documentation in BUILDING 2015-01-28 01:13:15 +00:00
CMakeLists.txt Improve compatibility with CMake 3.0 and later 2015-01-28 01:13:46 +00:00
codereview.settings Add a codereview.settings file. 2014-11-18 22:21:33 +00:00
STYLE Add a style guide. 2015-01-28 01:12:05 +00:00