openbsd/src/lib/libcrypto/dsa, branch OPENBSD_5_7

openbsd/src/lib/libcrypto/dsa, branch OPENBSD_5_7_BASE A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_5_7_BASE 2015-03-08T16:48:48+00:00 This commit was manufactured by cvs2git to create tag 'OPENBSD_5_7_BASE'. 2015-03-08T16:48:48+00:00 cvs2svn admin@example.com 2015-03-08T16:48:48+00:00 urn:sha1:da1a9ad3a4a867ba6569c05e6fca66d7f296c553 Avoid calling BN_CTX_end() on a context that wasn't started. 2015-02-15T22:29:02+00:00 doug 2015-02-15T22:29:02+00:00 urn:sha1:191c62e76a1c0617acb040a77924d270b58dcd9b In dsa_builtin_paramgen(), if BN_MONT_CTX_new() fails, the BN_CTX_new() call above it will have allocated a ctx without calling BN_CTX_start() on it. The error handling calls BN_CTX_end() when ctx is allocated. Move the BN_MONT_CTX_new() call up so it will fail first without splitting up the BN_CTX_new() and BN_CTX_start(). tweak + ok miod@, ok bcook@ If we decide to discard the provided seed buffer because its size is not 2015-02-15T08:48:24+00:00 miod 2015-02-15T08:48:24+00:00 urn:sha1:97b0f555329124d4fe1111fe553da37b8171c196 large enough, do it correctly so that the local seed buffer on the stack gets properly initialized in the first iteration of the loop. While there, remove an outdated and bogus comment. Coverity CID 21785 ok doug@ jsing@ Coverity CID 21733 (unchecked allocation), 78823 (leak on error). 2015-02-14T15:11:22+00:00 miod 2015-02-14T15:11:22+00:00 urn:sha1:3af8c40eebf091deb002ffc1d951570098ae7626 ok doug@ jsing@ Expand ASN1_CHOICE*, ASN1_SEQUENCE* and associated macros, making the 2015-02-14T15:06:55+00:00 jsing 2015-02-14T15:06:55+00:00 urn:sha1:50c0f75baaf19556bde13d9ac8eeac270daa913b data structures visible and easier to review, without having to wade through layers and layers of asn1t.h macros. Change has been scripted and there is no change to the generated assembly. Discussed with beck@ miod@ tedu@ Guenther has plans for OPENSSL_NO_CMS, so revert this for the moment. 2015-02-11T04:05:14+00:00 beck 2015-02-11T04:05:14+00:00 urn:sha1:3fb89787679dd239a55ca0a4e366ad4e2051fe84 get rid of OPENSSL_NO_CMS code we do not use. 2015-02-11T03:55:42+00:00 beck 2015-02-11T03:55:42+00:00 urn:sha1:1d3b395bb02124e944ce4abc2f2eab59e2cde925 ok miod@ Enable building with -DOPENSSL_NO_DEPRECATED. 2015-02-11T03:19:37+00:00 doug 2015-02-11T03:19:37+00:00 urn:sha1:e816a1ec1d4411707051912b945e8eab7a5a94e8 If you didn't enable deprecated code, there were missing err.h and bn.h includes. This commit allows building with or without deprecated code. This was not derived from an OpenSSL commit. However, they recently enabled OPENSSL_NO_DEPRECATED in git and fixed these header problems in a different way. Verified with clang that this only changes line numbers in the generated asm. ok miod@ Expand the -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_(const_)?fname macros so that 2015-02-10T05:12:23+00:00 jsing 2015-02-10T05:12:23+00:00 urn:sha1:2bd884004b68a3cdb5e24f3a1e6e8e3baa60a43e the code is visible and functions can be readily located. Change has been scripted and there is no change to the generated assembly. Discussed with beck@ miod@ tedu@ BN_CTX_get() can fail - consistently check its return value. 2015-02-09T15:49:22+00:00 jsing 2015-02-09T15:49:22+00:00 urn:sha1:15dc63f9715f4f10924a705d6a4cc564afe2129e There are currently cases where the return from each call is checked, the return from only the last call is checked and cases where it is not checked at all (including code in bn, ec and engine). Checking the last return value is valid as once the function fails it will continue to return NULL. However, in order to be consistent check each call with the same idiom. This makes it easy to verify. Note there are still a handful of cases that do not follow the idiom - these will be handled separately. ok beck@ doug@