A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_7_1 2023-03-16T13:28:54+00:00 2023-03-16T13:28:54+00:00 bluhm 2023-03-16T13:28:54+00:00 urn:sha1:5f9c898c5c13ff3dadc55d2d6ebe53b9285dec3a from millert@; originally from djm@; OK deraadt@ florian@ bluhm@ this is errata/7.1/026_resolv.patch.sig 2023-02-07T15:59:30+00:00 bluhm 2023-02-07T15:59:30+00:00 urn:sha1:ad1c8162ed483dc5234494f59b209481e4a44243 The ASN.1 template for GENERAL_NAME and its corresponding C structure disagree on the type of the x400Address member. This results in an ASN.1 string to be considered as an ASN.1 type, which allows an attacker to read (essentially) arbitrary memory. Fix this by forcing comparison as strings. While the underlying type confusion has been present since time immemorial, this particular bug came with the EdiPartyName fix (6.8/008_asn1.patch.sig). Reported by David Benjamin, fix suggested by jsing. Release date for this was set to be January 31. Unilaterally pushed back to February 7 by OpenSSL by way of announcement of many completely unrelated embargoed issues, some of which they had been sitting on since July 2020. from tb@; OK beck@ jsing@ this is errata/7.1/022_x509.patch.sig 2022-05-14T15:06:09+00:00 tb 2022-05-14T15:06:09+00:00 urn:sha1:9f9c4fab3ed4b876aac3fa82d052dca0c1af9827 Due to a confusion of two CBS, the API would incorrectly advance the *der_in pointer, resulting in a DER parse failure. Issue reported by Aram Sargsyan ok jsing This is patches/7.1/004_asn1.patch.sig 2022-04-10T12:42:35+00:00 cvs2svn admin@example.com 2022-04-10T12:42:35+00:00 urn:sha1:afc74298e42fc3d621e2da2e3f26a60f2886b977 2022-04-10T12:42:33+00:00 inoguchi 2022-04-10T12:42:33+00:00 urn:sha1:c694612e6569c6b13f7f2c75a3a1c4d9479509c2 'flags' should have ASN1_OBJECT_FLAG_DYNAMIC_DATA bit to free 'data' by ASN1_OBJECT_free as c2i_ASN1_OBJECT_cbs does. ok jsing@ tb@ 2022-04-07T17:38:24+00:00 tb 2022-04-07T17:38:24+00:00 urn:sha1:3340c71f78097b15a0cacb114e0b6c483ad85c02 DSA private keys with ill-chosen g could cause an infinite loop on deserializing. Add a few sanity checks that ensure that g is according to the FIPS 186-4: check 1 < g < p and g^q == 1 (mod p). This is enough to ascertain that g is a generator of a multiplicative group of order q once we know that q is prime (which is checked a bit later). Issue reported with reproducers by Hanno Boeck. Additional variants and analysis by David Benjamin. ok beck jsing 2022-04-07T17:37:25+00:00 tb 2022-04-07T17:37:25+00:00 urn:sha1:1061feec63ce8eec5e559ca2697b80bc73044484 If a private key encoded with EC parameters happens to have order 1 and is used for ECDSA signatures, this causes an infinite loop since a random integer x in the interval [0,1) will be 0, so do ... while (x == 0); will loop indefinitely. Found and reported with a reproducer by Hanno Boeck. Helpful comments and analysis from David Benjamin. ok beck jsing 2022-04-03T16:52:50+00:00 anton 2022-04-03T16:52:50+00:00 urn:sha1:a46afc15b79c1deda49ec8ee141c1c5cdcd050d9 a race in which one thread is currently initializing the mutex which is not an atomic operation whereas another thread tries to use it too early. With and ok schwarze@ 2022-03-31T17:30:05+00:00 naddy 2022-03-31T17:30:05+00:00 urn:sha1:3d8a2499d7a0a70420723f21fbf735e079a6e74c 2022-03-31T17:27:26+00:00 naddy 2022-03-31T17:27:26+00:00 urn:sha1:3d8be07546f5ec331a0f851b0ea88212376ebb95 jmc@ dislikes a comma before "then" in a conditional, so leave those untouched. ok jmc@