openbsd/src/lib/libcrypto/dsa, branch libressl-v2.4.1

openbsd/src/lib/libcrypto/dsa, branch libressl-v2.4.1 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v2.4.1 2016-06-06T23:37:37+00:00 Set BN_FLG_CONSTTIME on the correct variable. beck committed wrong fix. 2016-06-06T23:37:37+00:00 tedu 2016-06-06T23:37:37+00:00 urn:sha1:0b9d68ba4686a5c96c6c3285a4974e5db61ca786 Mistake noted by Billy Brumley. Many thanks. Correct a problem that prevents the DSA signing algorithm from running 2016-06-06T10:00:04+00:00 beck 2016-06-06T10:00:04+00:00 urn:sha1:228457974024ddf04bfe0e8cd259f8ed50bf30fd in constant time even if the flag BN_FLG_CONSTTIME is set. This issue was reported by Cesar Pereida (Aalto University), Billy Brumley (Tampere University of Technology), and Yuval Yarom (The University of Adelaide and NICTA). The fix was developed by Cesar Pereida. Remove support for ancient, broken DSA implementations. 2016-03-01T07:04:41+00:00 doug 2016-03-01T07:04:41+00:00 urn:sha1:f11420ceb66077dd214c6d112daf6e9ddd4cbbd8 Based on a few OpenSSL commits: Remove ancient DSA workarounds commit ab4a81f69ec88d06c9d8de15326b9296d7f498ed Remove workaround for broken DSA implementations using negative integers commit dfb10af92e9663ce4eefaa1d6b678817fa85344d Typo in error name (EVP_R_DECODE_ERROR -> DSA_R_DECODE_ERROR) commit f6fb7f1856d443185c23f1a5968c08b4269dd37d ok beck@ Group d2i/i2d function prototypes by type and add missing externs for the 2015-10-13T12:31:06+00:00 jsing 2015-10-13T12:31:06+00:00 urn:sha1:2bd90c5f37295bb7b873dbf00a1491667f972bb0 DSAPublicKey, DSAPrivateKey and DSAparams ASN1_ITEMs. We don't need no stinking "EXAMPLE OF THE DSA" or README (the credits are 2015-09-26T15:18:55+00:00 jsing 2015-09-26T15:18:55+00:00 urn:sha1:db2afea6aa06d587ac44db5fdbb95fa9030dc1ff already in the code). ok beck@ miod@ When loading a DSA key from an raw (without DH parameters) ASN.1 serialization, 2015-09-10T18:12:55+00:00 miod 2015-09-10T18:12:55+00:00 urn:sha1:0d22a23455e18abc3dd489493f4d177022a596fd perform some consistency checks on its `p' and `q' values, and return an error if the checks failed. Thanks for Georgi Guninski (guninski at guninski dot com) for mentioning the possibility of a weak (non prime) q value and providing a test case. See https://cpunks.org/pipermail/cypherpunks/2015-September/009007.html for a longer discussion. ok bcook@ beck@ Fix an incorrect error check in DSA verify. 2015-09-10T07:58:28+00:00 bcook 2015-09-10T07:58:28+00:00 urn:sha1:76fc9f6593a644ff05c58c3bb67790b09ce9fa31 From Matt Caswell's OpenSSL commit "RT3192: spurious error in DSA verify". https://github.com/openssl/openssl/commit/eb63bce040d1cc6147d256f516b59552c018e29b Fix inverted test in previous. Commit message told what we intended, but 2015-07-15T18:34:37+00:00 miod 2015-07-15T18:34:37+00:00 urn:sha1:f30fe8a217df5c2c76828a8eb089a4b3e5135b2e we did not notice my fingers slipping. Noticed by bcook@ Previous fix for Coverity CID 21785 did not cope correctly with seed_len != 0, 2015-07-15T16:32:29+00:00 miod 2015-07-15T16:32:29+00:00 urn:sha1:7be2975fd485c5a4452099e9727e8b485fba3d2b seed_in == NULL case. Since this situation is an error anyway, bail out early. with and ok beck@ Avoid calling BN_CTX_end() on a context that wasn't started. 2015-02-15T22:29:02+00:00 doug 2015-02-15T22:29:02+00:00 urn:sha1:191c62e76a1c0617acb040a77924d270b58dcd9b In dsa_builtin_paramgen(), if BN_MONT_CTX_new() fails, the BN_CTX_new() call above it will have allocated a ctx without calling BN_CTX_start() on it. The error handling calls BN_CTX_end() when ctx is allocated. Move the BN_MONT_CTX_new() call up so it will fail first without splitting up the BN_CTX_new() and BN_CTX_start(). tweak + ok miod@, ok bcook@