openbsd/src/lib/libcrypto/dsa, branch libressl-v2.3.0

openbsd/src/lib/libcrypto/dsa, branch libressl-v2.3.0 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v2.3.0 2015-09-10T18:12:55+00:00 When loading a DSA key from an raw (without DH parameters) ASN.1 serialization, 2015-09-10T18:12:55+00:00 miod 2015-09-10T18:12:55+00:00 urn:sha1:0d22a23455e18abc3dd489493f4d177022a596fd perform some consistency checks on its `p' and `q' values, and return an error if the checks failed. Thanks for Georgi Guninski (guninski at guninski dot com) for mentioning the possibility of a weak (non prime) q value and providing a test case. See https://cpunks.org/pipermail/cypherpunks/2015-September/009007.html for a longer discussion. ok bcook@ beck@ Fix an incorrect error check in DSA verify. 2015-09-10T07:58:28+00:00 bcook 2015-09-10T07:58:28+00:00 urn:sha1:76fc9f6593a644ff05c58c3bb67790b09ce9fa31 From Matt Caswell's OpenSSL commit "RT3192: spurious error in DSA verify". https://github.com/openssl/openssl/commit/eb63bce040d1cc6147d256f516b59552c018e29b Fix inverted test in previous. Commit message told what we intended, but 2015-07-15T18:34:37+00:00 miod 2015-07-15T18:34:37+00:00 urn:sha1:f30fe8a217df5c2c76828a8eb089a4b3e5135b2e we did not notice my fingers slipping. Noticed by bcook@ Previous fix for Coverity CID 21785 did not cope correctly with seed_len != 0, 2015-07-15T16:32:29+00:00 miod 2015-07-15T16:32:29+00:00 urn:sha1:7be2975fd485c5a4452099e9727e8b485fba3d2b seed_in == NULL case. Since this situation is an error anyway, bail out early. with and ok beck@ Avoid calling BN_CTX_end() on a context that wasn't started. 2015-02-15T22:29:02+00:00 doug 2015-02-15T22:29:02+00:00 urn:sha1:191c62e76a1c0617acb040a77924d270b58dcd9b In dsa_builtin_paramgen(), if BN_MONT_CTX_new() fails, the BN_CTX_new() call above it will have allocated a ctx without calling BN_CTX_start() on it. The error handling calls BN_CTX_end() when ctx is allocated. Move the BN_MONT_CTX_new() call up so it will fail first without splitting up the BN_CTX_new() and BN_CTX_start(). tweak + ok miod@, ok bcook@ If we decide to discard the provided seed buffer because its size is not 2015-02-15T08:48:24+00:00 miod 2015-02-15T08:48:24+00:00 urn:sha1:97b0f555329124d4fe1111fe553da37b8171c196 large enough, do it correctly so that the local seed buffer on the stack gets properly initialized in the first iteration of the loop. While there, remove an outdated and bogus comment. Coverity CID 21785 ok doug@ jsing@ Coverity CID 21733 (unchecked allocation), 78823 (leak on error). 2015-02-14T15:11:22+00:00 miod 2015-02-14T15:11:22+00:00 urn:sha1:3af8c40eebf091deb002ffc1d951570098ae7626 ok doug@ jsing@ Expand ASN1_CHOICE*, ASN1_SEQUENCE* and associated macros, making the 2015-02-14T15:06:55+00:00 jsing 2015-02-14T15:06:55+00:00 urn:sha1:50c0f75baaf19556bde13d9ac8eeac270daa913b data structures visible and easier to review, without having to wade through layers and layers of asn1t.h macros. Change has been scripted and there is no change to the generated assembly. Discussed with beck@ miod@ tedu@ Guenther has plans for OPENSSL_NO_CMS, so revert this for the moment. 2015-02-11T04:05:14+00:00 beck 2015-02-11T04:05:14+00:00 urn:sha1:3fb89787679dd239a55ca0a4e366ad4e2051fe84 get rid of OPENSSL_NO_CMS code we do not use. 2015-02-11T03:55:42+00:00 beck 2015-02-11T03:55:42+00:00 urn:sha1:1d3b395bb02124e944ce4abc2f2eab59e2cde925 ok miod@