openbsd/src/lib/libcrypto, branch libressl-v2.4.1

openbsd/src/lib/libcrypto, branch libressl-v2.4.1 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v2.4.1 2016-06-06T23:37:37+00:00 Set BN_FLG_CONSTTIME on the correct variable. beck committed wrong fix. 2016-06-06T23:37:37+00:00 tedu 2016-06-06T23:37:37+00:00 urn:sha1:0b9d68ba4686a5c96c6c3285a4974e5db61ca786 Mistake noted by Billy Brumley. Many thanks. Correct a problem that prevents the DSA signing algorithm from running 2016-06-06T10:00:04+00:00 beck 2016-06-06T10:00:04+00:00 urn:sha1:228457974024ddf04bfe0e8cd259f8ed50bf30fd in constant time even if the flag BN_FLG_CONSTTIME is set. This issue was reported by Cesar Pereida (Aalto University), Billy Brumley (Tampere University of Technology), and Yuval Yarom (The University of Adelaide and NICTA). The fix was developed by Cesar Pereida. LibreSSL 2.4.1 2016-06-06T09:50:15+00:00 bcook 2016-06-06T09:50:15+00:00 urn:sha1:ab1edca4c21ed030bae72c16df3935ef7479cf23 deprecate internal use of EVP_[Cipher|Encrypt|Decrypt]_Final. 2016-05-30T13:42:54+00:00 beck 2016-05-30T13:42:54+00:00 urn:sha1:5841b6a630957adeb6dc4dbe8ff11ddc224d3de4 14 years ago these were changed in OpenSSL to be the same as the _ex functions. We use the _ex functions only internally to ensure it is obvious the ctx must be cleared. ok bcook@ use -nameopt esc_msb so "NetLock Kft" cert has the non-ascii 2016-05-25T00:45:08+00:00 jsg 2016-05-25T00:45:08+00:00 urn:sha1:a2511cce65b951b5ef2e92c077eb255fddb2cdc1 and non-utf8 bytes escaped. ok sthen@ Fix a short-read bug in the previous version of asn1_d2i_read_bio 2016-05-20T15:46:21+00:00 bcook 2016-05-20T15:46:21+00:00 urn:sha1:a7a8b3e28bac1bac9b00c9e9b10856c6f5283ad9 The outer while() loop is missing, so we only read up to chunk_max bytes. remove hppa64 port, which we never got going beyond broken single users. 2016-05-11T21:52:49+00:00 deraadt 2016-05-11T21:52:49+00:00 urn:sha1:42135baa1d099815f06003af138c18bcef038202 hppa reverse-stack gives us a valuable test case, but most developers don't have a 2nd one to proceed further with this. ok kettenis fix for integer overflow in encode and encrypt update functions. 2016-05-04T15:05:13+00:00 tedu 2016-05-04T15:05:13+00:00 urn:sha1:14ce935972dfee67affb9dbef7b76c66fc35423b additionally, in EncodeUpdate, if the amount written would overflow, return 0 instead to prevent bugs in the caller. CVE-2016-2105 and CVE-2016-2106 from openssl. fix a padding oracle in aesni cbc mac check. there must be enough data 2016-05-04T15:01:33+00:00 tedu 2016-05-04T15:01:33+00:00 urn:sha1:f67a456a3757b6d60641164adc3e3a5bdfc8fa4d for both the mac and padding bytes. CVE-2016-2107 from openssl internal only negative types should not be handled here. 2016-05-04T15:00:24+00:00 tedu 2016-05-04T15:00:24+00:00 urn:sha1:7c0bc19bc9eea1c1ac306f1b3f93fd10d3dd4ff8 CVE-2016-2108 from openssl.