openbsd/src/lib/libcrypto/bn, branch libressl-v2.2.4

openbsd/src/lib/libcrypto/bn, branch libressl-v2.2.4 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v2.2.4 2015-08-02T21:54:23+00:00 This commit was manufactured by cvs2git to create branch 'OPENBSD_5_8'. 2015-08-02T21:54:23+00:00 cvs2svn admin@example.com 2015-08-02T21:54:23+00:00 urn:sha1:67fcb4ef3942fb3a0f1e18f8ebbe7464120d485a Avoid an infinite loop that can be triggered by parsing an ASN.1 2015-06-11T15:55:28+00:00 jsing 2015-06-11T15:55:28+00:00 urn:sha1:095e36cd429c313ee8361e8877bc677116a2a2ce ECParameters structure that has a specially malformed binary polynomial field. Issue reported by Joseph Barr-Pixton and fix based on OpenSSL. Fixes CVE-2015-1788. ok doug@ miod@ Add missing BN_CTX_end() calls. 2015-04-29T00:11:12+00:00 doug 2015-04-29T00:11:12+00:00 urn:sha1:7ddad7b77b00aa2097c75fdeb29c69c61e6b4c5b After calling BN_CTX_start(), there must be a BN_CTX_end() before returning. There were missing BN_CTX_end() calls in error paths. One diff chunk was simply removing redundant code related to this. ok deraadt@ Fix indentation that incorrectly implies a different control flow. 2015-03-21T08:05:20+00:00 doug 2015-03-21T08:05:20+00:00 urn:sha1:49c3a24c899173341c1bbdfe1fe50329dc016723 The actual control flow is intentional while the indenting is incorrect. This is intended to be a cosmetic change. Verified that each of these was part of a KNF commit that wasn't intending to change behavior. Also, double checked against the history of changes in OpenSSL and BoringSSL. Addresses Coverity CIDs: 78842, 78859, 78863. ok tedu@ Fix CVE-2014-3570: properly calculate the square of a BIGNUM value. 2015-02-25T15:39:49+00:00 bcook 2015-02-25T15:39:49+00:00 urn:sha1:f3031aa7bff24911a8cae9bdd7cdcd88d8554f42 See https://www.openssl.org/news/secadv_20150108.txt for a more detailed discussion. Original OpenSSL patch here: https://github.com/openssl/openssl/commit/a7a44ba55cb4f884c6bc9ceac90072dea38e66d0 The regression test is modified a little for KNF. ok miod@ If BN_rand() or BN_pseudo_rand() are called with a NULL rnd argument, 2015-02-19T06:10:29+00:00 jsing 2015-02-19T06:10:29+00:00 urn:sha1:62ebecd0e093eb1e8a47512de67da5c951069913 BN_bin2bn() will helpfully allocate a BN which is then leaked. Avoid this by explicitly checking for NULL at the start of the bnrand() function. Fixes Coverity ID 78831. ok miod@ Potential NULL dereference in the error path; Coverity CID 21720 2015-02-14T15:13:24+00:00 miod 2015-02-14T15:13:24+00:00 urn:sha1:ee551a6db5becbad6ba25358f2f3cba5e1237149 ok doug@ jsing@ Fix tests that got incorrectly inverted with the BN_CTX_get() return check 2015-02-14T15:07:54+00:00 jsing 2015-02-14T15:07:54+00:00 urn:sha1:cf070938980397dcaffa0ec800c735ddc1155af9 diff. Spotted by miod@ Remove unnecessary include of assert.h 2015-02-10T09:50:12+00:00 miod 2015-02-10T09:50:12+00:00 urn:sha1:9a78b93a933764528a75722869255ee06e8eab6c BN_CTX_get() can fail - consistently check its return value. 2015-02-09T15:49:22+00:00 jsing 2015-02-09T15:49:22+00:00 urn:sha1:15dc63f9715f4f10924a705d6a4cc564afe2129e There are currently cases where the return from each call is checked, the return from only the last call is checked and cases where it is not checked at all (including code in bn, ec and engine). Checking the last return value is valid as once the function fails it will continue to return NULL. However, in order to be consistent check each call with the same idiom. This makes it easy to verify. Note there are still a handful of cases that do not follow the idiom - these will be handled separately. ok beck@ doug@