openbsd/src/lib/libcrypto, branch libressl-v2.0.6

openbsd/src/lib/libcrypto, branch libressl-v2.0.6 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v2.0.6 2014-08-08T05:06:58+00:00 This commit was manufactured by cvs2git to create branch 'OPENBSD_5_6'. 2014-08-08T05:06:58+00:00 cvs2svn admin@example.com 2014-08-08T05:06:58+00:00 urn:sha1:9033820a64c84908dee3f9261ad212f6b6c3449a Fix CVE-2014-3508, pretty printing and OID validation: 2014-08-08T04:53:43+00:00 guenther 2014-08-08T04:53:43+00:00 urn:sha1:39cb4488ec5412e0f592f7fabdb5ab22cded5edc - make sure the output buffer is always NUL terminated if buf_len was initially greater than zero. - reject OIDs that are too long, too short, or not in proper base-127 Based on https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0042fb5fd1c9d257d713b15a1f45da05cf5c1c87 ok bcook@ Allow B64_EOF to follow a base64 padding character. This restores previous 2014-08-06T16:01:44+00:00 jsing 2014-08-06T16:01:44+00:00 urn:sha1:a246d7144cfefde1781f8320aaa6f081f3cb760b behaviour that allows a PEM block to be fed through the base64 decoder. Reported by Dmitry Eremin-Solenikov on tech@ ok deraadt@ tedu@ Correct error checks in EVP_read_pw_string_min(): UI_add_input_string() 2014-08-06T04:28:21+00:00 guenther 2014-08-06T04:28:21+00:00 urn:sha1:bb79bde60b45a6e7fc5c4c7a90472d95b589df85 and UI_add_verify_string() return -1 (and maybe -2?) on failure and >=0 on success, instead of always zero on success problem reported by Mark Patruck (mark (at) wrapped.cx) ok miod@ In chacha_init(), allow for a NULL iv. Reported by znz on github. 2014-08-04T04:16:11+00:00 miod 2014-08-04T04:16:11+00:00 urn:sha1:bba902541ea9e12e8f760f500c6051eed7602dc0 ok guenther@ jsing@ Remove SRP code. It contains a bug (this should not surprise anyone), but 2014-07-28T17:57:18+00:00 tedu 2014-07-28T17:57:18+00:00 urn:sha1:b63eafac49ed0f1d07ded42d6190c3f2fbcc71af the details are under embargo. The original plan was to wait for the embargo to lift, but we've been waiting for quite some time, and there's no indication of when or even if it will end. No sense in dragging this out any longer. The SRP code has never been enabled in OpenBSD, though I understand it is in use by some other people. However, in light of this and other issues, we're officially saying SRP is outside the scope of libressl. (For now.) Add missing year to copyright. 2014-07-25T14:04:51+00:00 jsing 2014-07-25T14:04:51+00:00 urn:sha1:155fbc115e08fe35c3363e1eec376f81c141a5f7 BIO_free() returns immediately when the sole input is NULL. 2014-07-25T06:05:32+00:00 doug 2014-07-25T06:05:32+00:00 urn:sha1:d9473bfc95b9bc3edd71f25c11f0b47b27500df9 Remove unnecessary NULL check. ok miod@ level_add_node(): if a memory allocation failure causes us to attempt to clean 2014-07-23T20:49:52+00:00 miod 2014-07-23T20:49:52+00:00 urn:sha1:5725285badaf27118ed38bdce958a0f6a0ce9962 up and return failure, be sure the cleanup work does NOT free objects which are still being referenced by other objects. ok guenther@ Make sure PEM_def_callback() correctly handles negative buffer sizes; all uses 2014-07-23T20:43:56+00:00 miod 2014-07-23T20:43:56+00:00 urn:sha1:84c446e5e0e079bc7255416b7793d2433fd6a6e7 within libcrypto are safe, but until we can change this function prototype to use size_t instead of int, better be safe than sorry. tweaks and ok guenther@