openbsd, branch libressl-v3.5.0

openbsd, branch libressl-v3.5.0 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v3.5.0 2022-02-21T18:22:20+00:00 Factor out alert handing code in the legacy stack. 2022-02-21T18:22:20+00:00 jsing 2022-02-21T18:22:20+00:00 urn:sha1:95e90dc06dccc0b309c252ec72524e567b7291fd Pull out the code that processes incoming alerts - a chunk of the complexity is due to the fact that in TLSv1.2 and earlier, alerts can be fragmented across multiple records or multiple alerts can be delivered in a single record. In DTLS there is no way that we can reassemble fragmented alerts (although the RFC is silent on this), however we could have multiple alerts in the same record. This change means that we will handle this situation more appropriately and if we encounter a fragmented alert we will now treat this as a decode error (instead of silently ignoring it). ok beck@ tb@ mutibyte -> multibyte 2022-02-21T00:22:03+00:00 jsg 2022-02-21T00:22:03+00:00 urn:sha1:932ea6b3c7444557aea0d561efe9ae3fad6aaeba Fix a buffer overread in OAEP padding removal 2022-02-20T19:16:34+00:00 tb 2022-02-20T19:16:34+00:00 urn:sha1:7628b3cbf8e092fc94951499208d3a7c349c590c This only occurs on very small payloads and tightly allocated buffers that don't usually occur in practice. This is OpenSSL f61c6804 ok inoguchi jsing Test OBJ_obj2txt() with NULL and short buffers. 2022-02-20T13:47:53+00:00 jsing 2022-02-20T13:47:53+00:00 urn:sha1:f92405709fc854ad7c4d81607cf11f15e95c65e6 Add memory BIO small I/O tests. 2022-02-19T16:00:57+00:00 jsing 2022-02-19T16:00:57+00:00 urn:sha1:596778bed0f220f781a81217cb21311ffb21a3e5 Remove references to performance issues caused by frequent memmove(). 2022-02-19T16:00:14+00:00 jsing 2022-02-19T16:00:14+00:00 urn:sha1:e842aa909fe02d891a253eacf804384bbfa396a0 ok inoguchi@ tb@ Reduce memmoves in memory BIOs. 2022-02-19T15:59:12+00:00 jsing 2022-02-19T15:59:12+00:00 urn:sha1:ecfbd0cd7a34e8b04af5f08a69bc02929f863d11 Currently, a read/write memory BIO pulls up the data via memmove() on each read. This becomes very expensive when a lot of small reads are performed, especially if there is a reasonable amount of data stored in the memory BIO. Instead, store a read offset into the buffer and only perform a memmove() to pull up the data on a write, if we have read more than 4096 bytes. This way we only perform memmove() when the space saving will potentially be of benefit, while avoiding frequent memmove() in the case of small interleaved reads and writes. Should address oss-fuzz #19881. ok inoguchi@ tb@ certificiate -> certificate 2022-02-19T13:09:36+00:00 jsg 2022-02-19T13:09:36+00:00 urn:sha1:c65c3cdf53ef02b91dc926fc65376098c26a1ae0 Provide a struct bio_mem for memory BIO specific data. 2022-02-19T08:11:16+00:00 jsing 2022-02-19T08:11:16+00:00 urn:sha1:5504d19c6403ab7e219eaf0b32151f79998f1d0d In order to fix and improve the memory BIO, we need to be able to track more than just a single BUF_MEM *. Provide a struct bio_mem (which currently only contains a BUF_MEM *) and rework the internals to use this struct. ok inoguchi@ tb@ Avoid gendered language in man pages when not referring to a specific 2022-02-18T23:17:15+00:00 jsg 2022-02-18T23:17:15+00:00 urn:sha1:b590ea2697783e317477d63480cdab6651a032f3 person. Rewrite or use singular they. ok thfr@ sthen@ daniel@ ian@ job@ kmos@ jcs@ ratchov@ phessler@ and others I'm likely missing on an earlier version. feedback tj@, feedback and ok jmc@