openbsd/src/lib/libcrypto/evp, branch libressl-v3.3.1 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v3.3.1 2020-06-05T18:44:42+00:00 Add a custom copy handler for AES key wrap 2020-06-05T18:44:42+00:00 tb 2020-06-05T18:44:42+00:00 urn:sha1:f599916be5b15add90651fc8802c4f96fc257310 This is necessary because ctx->cipher_data is an EVP_AES_WRAP_CTX containing a pointer to ctx->iv. EVP_CIPHER_CTX_copy() uses memcpy to copy cipher_data to the target struct. The result is that the copy contains a pointer to the wrong struct, which then leads to a use-after-free. The custom copy handler fixes things up to avoid that. Issue reported by Guido Vranken ok beck inoguchi jsing Allow GOST R 34.11-2012 in PBE/PBKDF2/PKCS#5. 2020-06-05T17:30:41+00:00 jsing 2020-06-05T17:30:41+00:00 urn:sha1:35a22aaa59dd2c20dc984d2317024ae0ea5c4939 Diff from Dmitry Baryshkov <dbaryshkov@gmail.com> Sponsored by ROSA Linux ok inoguchi@ tb@ Disallow setting the AES-GCM IV length to 0 2020-04-30T18:43:11+00:00 tb 2020-04-30T18:43:11+00:00 urn:sha1:1813a9138ee882b675662d47ed9fe6974bd433f3 It is possible to do this by abusing the EVP_CTRL_INIT API. Pointed out by jsing. ok inoguchi jsing (as part of a larger diff) Disallow the use of zero length IVs in AES-GCM via 2020-04-27T19:31:02+00:00 tb 2020-04-27T19:31:02+00:00 urn:sha1:59b4077b60cc24004bc23295bd2ff465be743f11 EVP_AEAD_CTX_{open,seal}, as this leaks the authentication key. Issue reported and fix tested by Guido Vranken. ok beck, jsing This commit adds a constant to a public header despite library lock, as discussed with deraadt and sthen. Check high bit for base64 decode 2020-03-04T11:53:21+00:00 inoguchi 2020-03-04T11:53:21+00:00 urn:sha1:b112788885dac0be8d46296a88f6713f8e4fccd0 Referred to this OpenSSL commit and adopted to the codebase. b785504a10310cb2872270eb409b70971be5e76e suggest and ok tb@ Fix base64 processing of long lines 2020-03-03T15:03:14+00:00 inoguchi 2020-03-03T15:03:14+00:00 urn:sha1:a1b14dfcb76f18893ca6869d0509ab8ae9795933 Fix the problem that long unbroken line of base64 text is not decoded. Referred to this OpenSSL commit and adapted to the codebase. 3cdd1e94b1d71f2ce3002738f9506da91fe2af45 Reported by john.a.passaro <at> gmail.com to the LibreSSL ML. ok tb@ typo 2020-01-26T07:47:26+00:00 tb 2020-01-26T07:47:26+00:00 urn:sha1:ca5665b8ffa6163d6ad17325016957e9ac2d2230 Improve the comment explaining why the previous change matches OpenSSL's 2020-01-26T07:34:05+00:00 tb 2020-01-26T07:34:05+00:00 urn:sha1:85d803b7cde3d60ac20d7fac7b777c5884dec1b2 behavior. ok jsing Adjust EVP_chacha20()'s behavior to match OpenSSL's semantics: 2020-01-26T02:39:58+00:00 tb 2020-01-26T02:39:58+00:00 urn:sha1:d70d94b77ba7878e6682514bd07a9048e151e224 The new IV is 128 bit long and is actually the 64 bit counter followed by 64 the bit initialization vector. This is needed by an upcoming change in OpenSSH and is a breaking change for all current callers. There are language bindings for Node.js, Rust and Erlang, but none of our ports use them. Note that EVP_chacha20() was first introduced in LibreSSL on May 1, 2014 while the entirely incompatible version in OpenSSL was committed on Dec 9, 2015. Initial diff from djm and myself, further refinements by djm. Ports grepping by sthen ok jsing Avoid leak in error path of PKCS5_PBE_keyivgen 2020-01-12T07:11:13+00:00 inoguchi 2020-01-12T07:11:13+00:00 urn:sha1:bfc89f200ba04986edb72a16fba03657ec54f115 ok jsing@ tb@