openbsd/src/lib/libcrypto/evp, branch libressl-v2.0.6

openbsd/src/lib/libcrypto/evp, branch libressl-v2.0.6 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v2.0.6 2014-08-08T05:06:58+00:00 This commit was manufactured by cvs2git to create branch 'OPENBSD_5_6'. 2014-08-08T05:06:58+00:00 cvs2svn admin@example.com 2014-08-08T05:06:58+00:00 urn:sha1:9033820a64c84908dee3f9261ad212f6b6c3449a Allow B64_EOF to follow a base64 padding character. This restores previous 2014-08-06T16:01:44+00:00 jsing 2014-08-06T16:01:44+00:00 urn:sha1:a246d7144cfefde1781f8320aaa6f081f3cb760b behaviour that allows a PEM block to be fed through the base64 decoder. Reported by Dmitry Eremin-Solenikov on tech@ ok deraadt@ tedu@ Correct error checks in EVP_read_pw_string_min(): UI_add_input_string() 2014-08-06T04:28:21+00:00 guenther 2014-08-06T04:28:21+00:00 urn:sha1:bb79bde60b45a6e7fc5c4c7a90472d95b589df85 and UI_add_verify_string() return -1 (and maybe -2?) on failure and >=0 on success, instead of always zero on success problem reported by Mark Patruck (mark (at) wrapped.cx) ok miod@ In chacha_init(), allow for a NULL iv. Reported by znz on github. 2014-08-04T04:16:11+00:00 miod 2014-08-04T04:16:11+00:00 urn:sha1:bba902541ea9e12e8f760f500c6051eed7602dc0 ok guenther@ jsing@ Check the return value of the UI functions (including UI_new() which return 2014-07-23T04:44:56+00:00 miod 2014-07-23T04:44:56+00:00 urn:sha1:5d8b6758f48d0d94258688d237e84d5c6e1e62bd value is happily dereferenced without checking it for being non-NULL). ok beck@ Now that DES_random_key() can be trusted, use it to generate DES keys in the 2014-07-22T18:10:48+00:00 miod 2014-07-22T18:10:48+00:00 urn:sha1:8e384f2a8538561af8b66a3122653dcc0c6fc6e4 EVP_CTRL_RAND_KEY method handlers, rather than generating a random odd key and not even checking it against the weak keys list. ok beck@ Possible PBEPARAM leak in the error path. 2014-07-13T12:46:44+00:00 miod 2014-07-13T12:46:44+00:00 urn:sha1:647588f01de02a0172ad3e69083d2205bd5c6f65 EVP_DigestInit_ex() may be used to recycle an existing EVP_MD_CTX without having 2014-07-13T11:14:02+00:00 miod 2014-07-13T11:14:02+00:00 urn:sha1:e2b8ee83358d7bd430f411de285b5a5c04dd5c30 to reinitialize all of it, especially if it is used with the same MD algorithm. However, when the MD algorithm changes, it needs to perform more cleanups. Make that code more closer to what EVP_MD_CTX_cleanup() does by: - only freeing md_data if EVP_MD_CTX_FLAG_REUSE is not set - performing an explicit_bzero of md_data before freeing it - making sure we call EVP_PKEY_CTX_free on the pctx if the allocation for the new md_data fails. ok tedu@ No need to include evp_locl.h in there. 2014-07-13T09:30:02+00:00 miod 2014-07-13T09:30:02+00:00 urn:sha1:e57613c15efa35ebbba4144d2b45202875146c34 No need to include asn1_mac.h here. 2014-07-12T22:26:01+00:00 miod 2014-07-12T22:26:01+00:00 urn:sha1:e0fe7621bce09dd6ba62ddb9889bc82d64e677f7