openbsd/src/lib/libcrypto, branch libressl-v2.9.2

openbsd/src/lib/libcrypto, branch libressl-v2.9.2 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v2.9.2 2019-05-13T12:05:04+00:00 LibreSSL 2.9.2 2019-05-13T12:05:04+00:00 bcook 2019-05-13T12:05:04+00:00 urn:sha1:39ea782f8d3743e9fc4a3caccf90f833d3dc65a1 Avoid an overread caused by d2i_PrivateKey(). 2019-04-10T16:23:55+00:00 jsing 2019-04-10T16:23:55+00:00 urn:sha1:8ab9e3c33c0dd587e42c1c871bbe154fd19af00f There are cases where the old_priv_decode() function can fail but consume bytes. This will result in the pp pointer being advanced, which causes d2i_PKCS8_PRIV_KEY_INFO() to be called with an advanced pointer and incorrect length. Fixes oss-fuzz #13803 and #14142. ok deraadt@ tb@ Revert tasn_prn.c r1.18. 2019-04-07T16:35:50+00:00 jsing 2019-04-07T16:35:50+00:00 urn:sha1:a2af4c7dba7453f0994ce278075358a1d3a0e14f In this code, just because something is cast to a type doesn't mean it is necessarily that type - in this case we cannot check the length of the ASN1_STRING here, since it might be another data type and later handled as an int (for example, in the V_ASN1_BOOLEAN case). We will revisit this post release. ok tb@ update root CAs in cert.pem in sync with Mozilla 2019-04-04T12:42:01+00:00 sthen 2019-04-04T12:42:01+00:00 urn:sha1:851b71845fe694005a74fd062752d2cb0679a497 ok millert@ Avoid some out of bound accesses in aesni_cbc_hmac_sha1_cipher(). 2019-04-03T15:33:37+00:00 tb 2019-04-03T15:33:37+00:00 urn:sha1:1292146bda904a7983b666fdf116ea07699d00e6 The plen variable can be NO_PAYLOAD_LENGTH == (size_t)-1, so doing tls_aad[plen-4] is no good. Also check that the length of the AAD set via the control interface is equal to 13 since the whole file is written with that case in mind. Note that we no longer use this code in LibreSSL/OpenBSD. We eliminated the use of these control interfaces and stitched cipher modes in libssl a while ago. Problem found by Guido Vranken with his cryptofuzz - thanks! input & ok beck, jsing fix broken comment 2019-04-02T12:30:20+00:00 sthen 2019-04-02T12:30:20+00:00 urn:sha1:453060073ca204b0494e6a26765f826e02733527 Implement a print function for BIGNUM_it. 2019-04-01T15:49:22+00:00 jsing 2019-04-01T15:49:22+00:00 urn:sha1:5cecd6a22c296f340853d47afffabcd24c0c8b33 ok beck@, tb@ Correct the return values from long_print. 2019-04-01T15:48:50+00:00 jsing 2019-04-01T15:48:50+00:00 urn:sha1:01a9fea5da51f3194be3ccfae8edee09154ed07a BIO_print() returns -1 on failure, whereas the ASN print functions need to return 0. ok beck@, tb@ Require all ASN1_PRIMITIVE_FUNCS functions to be provided. 2019-04-01T15:48:04+00:00 jsing 2019-04-01T15:48:04+00:00 urn:sha1:c668655bd37c10676da50f3d90a2cb88438f14c1 If an ASN.1 item provides its own ASN1_PRIMITIVE_FUNCS functions, require all functions to be provided (currently excluding prim_clear). This avoids situations such as having a custom allocator that returns a specific struct but then is then printed using the default primative print functions, which interpret the memory as a different struct. Found by oss-fuzz, fixes issue #13799. ok beck@, tb@ Wrap long lines and apply some style(9). 2019-03-31T14:41:40+00:00 jsing 2019-03-31T14:41:40+00:00 urn:sha1:64bf76574174842316a177094611661f1fd85651