openbsd/src/lib/libcrypto, branch libressl-v2.1.4

openbsd/src/lib/libcrypto, branch libressl-v2.1.4 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v2.1.4 2015-02-25T15:39:49+00:00 Fix CVE-2014-3570: properly calculate the square of a BIGNUM value. 2015-02-25T15:39:49+00:00 bcook 2015-02-25T15:39:49+00:00 urn:sha1:f3031aa7bff24911a8cae9bdd7cdcd88d8554f42 See https://www.openssl.org/news/secadv_20150108.txt for a more detailed discussion. Original OpenSSL patch here: https://github.com/openssl/openssl/commit/a7a44ba55cb4f884c6bc9ceac90072dea38e66d0 The regression test is modified a little for KNF. ok miod@ fourth batch of perlpod(1) to mdoc(7) conversion 2015-02-23T17:43:24+00:00 schwarze 2015-02-23T17:43:24+00:00 urn:sha1:3fed19a0557c5cc4db5053d380747aa1615cb201 Bump libcrypto and libssl majors, due to various recent churn. 2015-02-22T16:03:06+00:00 jsing 2015-02-22T16:03:06+00:00 urn:sha1:bb820e160520888599d0966ac5d4a5270c855a23 Discussed with/requested by deraadt@ at the conclusion of s2k15. Remove IMPLEMENT_STACK_OF noops. 2015-02-22T15:19:56+00:00 jsing 2015-02-22T15:19:56+00:00 urn:sha1:3fa12a5d03a942018ff0c53594eedf9f2f1adb1c If BN_rand() or BN_pseudo_rand() are called with a NULL rnd argument, 2015-02-19T06:10:29+00:00 jsing 2015-02-19T06:10:29+00:00 urn:sha1:62ebecd0e093eb1e8a47512de67da5c951069913 BN_bin2bn() will helpfully allocate a BN which is then leaked. Avoid this by explicitly checking for NULL at the start of the bnrand() function. Fixes Coverity ID 78831. ok miod@ Memory leak in error path. Coverity CID 78822. 2015-02-17T05:14:38+00:00 miod 2015-02-17T05:14:38+00:00 urn:sha1:8d9d64b562cdb05c559dcc6168d8116ae5f085a5 ok doug@ third batch of perlpod(1) to mdoc(7) conversion 2015-02-16T16:42:14+00:00 schwarze 2015-02-16T16:42:14+00:00 urn:sha1:536268edf284379599d2db025c14989146460a7b Avoid calling BN_CTX_end() on a context that wasn't started. 2015-02-15T22:29:02+00:00 doug 2015-02-15T22:29:02+00:00 urn:sha1:191c62e76a1c0617acb040a77924d270b58dcd9b In dsa_builtin_paramgen(), if BN_MONT_CTX_new() fails, the BN_CTX_new() call above it will have allocated a ctx without calling BN_CTX_start() on it. The error handling calls BN_CTX_end() when ctx is allocated. Move the BN_MONT_CTX_new() call up so it will fail first without splitting up the BN_CTX_new() and BN_CTX_start(). tweak + ok miod@, ok bcook@ Regen 2015-02-15T14:35:30+00:00 miod 2015-02-15T14:35:30+00:00 urn:sha1:abd73a522ddcc1102ca86cc090873f4547b8bb41 If we decide to discard the provided seed buffer because its size is not 2015-02-15T08:48:24+00:00 miod 2015-02-15T08:48:24+00:00 urn:sha1:97b0f555329124d4fe1111fe553da37b8171c196 large enough, do it correctly so that the local seed buffer on the stack gets properly initialized in the first iteration of the loop. While there, remove an outdated and bogus comment. Coverity CID 21785 ok doug@ jsing@