openbsd/src/lib/libcrypto/bn/bn_gf2m.c, branch OPENBSD_6

openbsd/src/lib/libcrypto/bn/bn_gf2m.c, branch OPENBSD_6_5 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_6_5 2017-01-29T17:49:23+00:00 Send the function codes from the error functions to the bit bucket, 2017-01-29T17:49:23+00:00 beck 2017-01-29T17:49:23+00:00 urn:sha1:d1f47bd292f36094480caa49ada36b99a69c59b0 as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@ Avoid undefined-behavior right-shifting by a word-size # of bits. 2016-09-03T14:37:00+00:00 bcook 2016-09-03T14:37:00+00:00 urn:sha1:9aae90b064d0298d40b2d795728a6e1dbb721db5 Found with STACK, originally from OpenSSL, ok @beck Add error handling to the remaining calls to bn_wexpand(). 2016-03-12T21:44:11+00:00 bcook 2016-03-12T21:44:11+00:00 urn:sha1:0ff254bfb6289f6163d5eb805b19dd60ad3499cc Noticed by pascal-cuoq from Github: https://github.com/libressl-portable/openbsd/issues/56 ok beck@ Avoid an infinite loop that can be triggered by parsing an ASN.1 2015-06-11T15:55:28+00:00 jsing 2015-06-11T15:55:28+00:00 urn:sha1:095e36cd429c313ee8361e8877bc677116a2a2ce ECParameters structure that has a specially malformed binary polynomial field. Issue reported by Joseph Barr-Pixton and fix based on OpenSSL. Fixes CVE-2015-1788. ok doug@ miod@ Add missing BN_CTX_end() calls. 2015-04-29T00:11:12+00:00 doug 2015-04-29T00:11:12+00:00 urn:sha1:7ddad7b77b00aa2097c75fdeb29c69c61e6b4c5b After calling BN_CTX_start(), there must be a BN_CTX_end() before returning. There were missing BN_CTX_end() calls in error paths. One diff chunk was simply removing redundant code related to this. ok deraadt@ Remove unnecessary include of assert.h 2015-02-10T09:50:12+00:00 miod 2015-02-10T09:50:12+00:00 urn:sha1:9a78b93a933764528a75722869255ee06e8eab6c BN_CTX_get() can fail - consistently check its return value. 2015-02-09T15:49:22+00:00 jsing 2015-02-09T15:49:22+00:00 urn:sha1:15dc63f9715f4f10924a705d6a4cc564afe2129e There are currently cases where the return from each call is checked, the return from only the last call is checked and cases where it is not checked at all (including code in bn, ec and engine). Checking the last return value is valid as once the function fails it will continue to return NULL. However, in order to be consistent check each call with the same idiom. This makes it easy to verify. Note there are still a handful of cases that do not follow the idiom - these will be handled separately. ok beck@ doug@ deregister; no binary change 2014-10-28T07:35:59+00:00 jsg 2014-10-28T07:35:59+00:00 urn:sha1:0505bd63c15c82aead21cde52afbf6c41421d140 ok jsing@ miod@ Only import cryptlib.h in the four source files that actually need it. 2014-07-11T08:44:49+00:00 jsing 2014-07-11T08:44:49+00:00 urn:sha1:74e2c009c83ad374bd6acdcfc376a384e25ab007 Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes. ok beck@ miod@ Explicitly include <openssl/opensslconf.h> in every file that references 2014-07-10T22:45:58+00:00 jsing 2014-07-10T22:45:58+00:00 urn:sha1:62348213609ef233110561d1a6ed67ad66df1c7e an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included. This also includes some miscellaneous sorting/tidying of headers.