openbsd/src/lib/libcrypto, branch libressl-v2.1.10

openbsd/src/lib/libcrypto, branch libressl-v2.1.10 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v2.1.10 2015-03-08T16:48:49+00:00 This commit was manufactured by cvs2git to create branch 'OPENBSD_5_7'. 2015-03-08T16:48:49+00:00 cvs2svn admin@example.com 2015-03-08T16:48:49+00:00 urn:sha1:03e0d0748934886665c3031cda5fdccf45f2fb8d Do not use sha512-parisc for now, as it is subtly bugged - passes the sha 2015-03-05T20:35:28+00:00 miod 2015-03-05T20:35:28+00:00 urn:sha1:edab9f054cd9e7b7c2bb8b5683f63e8a6eaea617 regress tests but causes tls ciphersuite using sha386 to fail; found the hard way by henning@. I can't see anything wrong in the generated assembly code yet, but building a libcrypto with no assembler code but sha512_block_data_order() is enough to trigger Henning's issue, so the bug lies there. No ABI change; ok deraadt@ Fix CVE-2014-3570: properly calculate the square of a BIGNUM value. 2015-02-25T15:39:49+00:00 bcook 2015-02-25T15:39:49+00:00 urn:sha1:f3031aa7bff24911a8cae9bdd7cdcd88d8554f42 See https://www.openssl.org/news/secadv_20150108.txt for a more detailed discussion. Original OpenSSL patch here: https://github.com/openssl/openssl/commit/a7a44ba55cb4f884c6bc9ceac90072dea38e66d0 The regression test is modified a little for KNF. ok miod@ fourth batch of perlpod(1) to mdoc(7) conversion 2015-02-23T17:43:24+00:00 schwarze 2015-02-23T17:43:24+00:00 urn:sha1:3fed19a0557c5cc4db5053d380747aa1615cb201 Bump libcrypto and libssl majors, due to various recent churn. 2015-02-22T16:03:06+00:00 jsing 2015-02-22T16:03:06+00:00 urn:sha1:bb820e160520888599d0966ac5d4a5270c855a23 Discussed with/requested by deraadt@ at the conclusion of s2k15. Remove IMPLEMENT_STACK_OF noops. 2015-02-22T15:19:56+00:00 jsing 2015-02-22T15:19:56+00:00 urn:sha1:3fa12a5d03a942018ff0c53594eedf9f2f1adb1c If BN_rand() or BN_pseudo_rand() are called with a NULL rnd argument, 2015-02-19T06:10:29+00:00 jsing 2015-02-19T06:10:29+00:00 urn:sha1:62ebecd0e093eb1e8a47512de67da5c951069913 BN_bin2bn() will helpfully allocate a BN which is then leaked. Avoid this by explicitly checking for NULL at the start of the bnrand() function. Fixes Coverity ID 78831. ok miod@ Memory leak in error path. Coverity CID 78822. 2015-02-17T05:14:38+00:00 miod 2015-02-17T05:14:38+00:00 urn:sha1:8d9d64b562cdb05c559dcc6168d8116ae5f085a5 ok doug@ third batch of perlpod(1) to mdoc(7) conversion 2015-02-16T16:42:14+00:00 schwarze 2015-02-16T16:42:14+00:00 urn:sha1:536268edf284379599d2db025c14989146460a7b Avoid calling BN_CTX_end() on a context that wasn't started. 2015-02-15T22:29:02+00:00 doug 2015-02-15T22:29:02+00:00 urn:sha1:191c62e76a1c0617acb040a77924d270b58dcd9b In dsa_builtin_paramgen(), if BN_MONT_CTX_new() fails, the BN_CTX_new() call above it will have allocated a ctx without calling BN_CTX_start() on it. The error handling calls BN_CTX_end() when ctx is allocated. Move the BN_MONT_CTX_new() call up so it will fail first without splitting up the BN_CTX_new() and BN_CTX_start(). tweak + ok miod@, ok bcook@