openbsd/src/lib/libcrypto/pem/pvkfmt.c, branch libressl-v3.4.1

openbsd/src/lib/libcrypto/pem/pvkfmt.c, branch libressl-v3.4.1 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v3.4.1 2019-07-08T11:56:18+00:00 Clean up pvkfmt.c 2019-07-08T11:56:18+00:00 inoguchi 2019-07-08T11:56:18+00:00 urn:sha1:38918e2b1105203e3a43e4c44a53bf432952771c - Replace EVP_CIPHER_CTX_init with EVP_CIPHER_CTX_new and handle return value - Replace EVP_CIPHER_CTX_cleanup with EVP_CIPHER_CTX_free - Change two 'return -1;' to 'goto err;' for avoiding leak - Remove the case if enclevel == 0 - Change enclevel checking to make more consistent - Change all goto label to 'err' and insert space before goto label ok and advise from tb@ Fix pvk format processing in libcrypto 2019-07-07T10:52:56+00:00 inoguchi 2019-07-07T10:52:56+00:00 urn:sha1:b7ed3b2ab5936f64572047d1bcd708bbdeeb5a59 - Return the valid pointer in i2b_PVK() - Use EVP_Decrypt* instead of EVP_Encrypt* - Fix error handling after BIO_write() in i2b_PVK_bio() ok tb@ Fix memory leak in i2b_PVK in error handling. 2018-08-05T11:19:25+00:00 bcook 2018-08-05T11:19:25+00:00 urn:sha1:2e290efb0ac101817d9da88a5b417f1b48cbe3fa Simplify parameter checks since this is only called from one place. Found by Coverity, CID 183502. ok beck@ use freezero() instead of memset/explicit_bzero + free. Substantially 2017-05-02T03:59:45+00:00 deraadt 2017-05-02T03:59:45+00:00 urn:sha1:5904cc0e04409fde39a97e6580535da34eeb4291 reduces conditional logic (-218, +82). MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH cache alignment calculation bn/bn_exp.c wasn'tt quite right. Two other tricky bits with ASN1_STRING_FLAG_NDEF and BN_FLG_STATIC_DATA where the condition cannot be collapsed completely. Passes regress. ok beck Send the function codes from the error functions to the bit bucket, 2017-01-29T17:49:23+00:00 beck 2017-01-29T17:49:23+00:00 urn:sha1:d1f47bd292f36094480caa49ada36b99a69c59b0 as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@ Make explicit _ct and _nonct versions of bn_mod_exp funcitons that 2017-01-21T09:38:59+00:00 beck 2017-01-21T09:38:59+00:00 urn:sha1:a0a595cda97de2b217b0582cfa601ee4c746bfce matter for constant time, and make the public interface only used external to the library. This moves us to a model where the important things are constant time versions unless you ask for them not to be, rather than the opposite. I'll continue with this method by method. Add regress tests for same. ok jsing@ fix the rest of the read_ledword() calls used as lengths to be bounded. 2016-03-02T14:28:14+00:00 beck 2016-03-02T14:28:14+00:00 urn:sha1:98006793401fc106134ad5c3f3f490bcc7671b13 inspired by guido vranken https://guidovranken.wordpress.com/2016/03/01/public-disclosure-malformed-private-keys-lead-to-heap-corruption-in-b2i_pvk_bio/ ok doug@ bound lengths coming out of a pem file to something like reality 2016-03-02T05:02:35+00:00 beck 2016-03-02T05:02:35+00:00 urn:sha1:4b2ecbbafcc28f5338cb1c6af81eedcaccedc4f4 ok deraadt@ Correct spelling of OPENSSL_cleanse. 2015-09-10T15:56:26+00:00 jsing 2015-09-10T15:56:26+00:00 urn:sha1:647569a51c1530d10e75e272f0982682f696caa7 ok miod@ Fix return paths with missing EVP_CIPHER_CTX_cleanup() calls. 2015-05-15T11:00:14+00:00 jsg 2015-05-15T11:00:14+00:00 urn:sha1:f8e03ddcf892381c04c6d2274d698a4db936d93b ok doug@