openbsd, branch libressl-v4.2.0

openbsd, branch libressl-v4.2.0 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v4.2.0 2025-09-30T12:51:18+00:00 This commit was manufactured by cvs2git to create branch 'OPENBSD_7_8'. 2025-09-30T12:51:18+00:00 cvs2svn admin@example.com 2025-09-30T12:51:18+00:00 urn:sha1:752aec5fac0b359c7a675abc05db2deccf8c53af cms: fix incorrect length check in kek_unwrap_key() 2025-09-30T12:51:16+00:00 tb 2025-09-30T12:51:16+00:00 urn:sha1:0da76a9548849eb542ab090dc5eace7a2be789cb An incorrect length check can result in a 4-byte overwrite and an 8-byte overread. From Stanislav Fort and Viktor Dukhovni via OpenSSL. CVE-2025-9230. ok jsing cms_RecipientInfo_pwri_crypt: fix incorrect return check 2025-09-30T12:49:34+00:00 tb 2025-09-30T12:49:34+00:00 urn:sha1:4867be3b7736b15337f62460c0a92c9f3f6f5005 ok jsing cms_RecipientInfo_pwri_crypt: plug leak of kekalg 2025-09-30T12:46:55+00:00 tb 2025-09-30T12:46:55+00:00 urn:sha1:9c492217dca486db9aacff39780c63445db043a4 ok jsing libcrypto: rsa gen: min. distance between p and q 2025-09-29T08:46:15+00:00 jan 2025-09-29T08:46:15+00:00 urn:sha1:46c56e258ad51543fa1d174ca9568ef545233a34 This is required in NIST Special Publication 800-56B Revision 2 "Recommendation for Pair-Wise Key Establishment Using Integer Factorization Cryptography": 6 RSA Key Pairs 6.2 Criteria for RSA Key Pairs for Key Establishment 6.2.1 Definition of a Key Pair 3. The prime factors p and q shall be generated using one of the methods specified in Appendix B.3 of FIPS 186 such that: c. |p – q| > 2nBits/2−100 ok djm@, tb@ Bump libressl version to 4.2.0 2025-09-28T14:17:52+00:00 tb 2025-09-28T14:17:52+00:00 urn:sha1:3d7417f2050e2c59d3bc34048d7ddf7f9335c1e0 The version check will break the rust-openssl regress unless you have rust-openssl-tests-20250927p0. Revert NULL,0 -> OPENSSL_FILE,OPENSSL_LINE from r1.78 2025-09-28T07:52:53+00:00 tb 2025-09-28T07:52:53+00:00 urn:sha1:dee41641c860153d9ff3214fdf9f43ae9a10429c This wasn't part of the initial proposal and causes issues in curl downstream. We could pile more hacks on top of this, but at some point this is getting too silly. Relatedly, most of the FOOerr() could be removed, although PEMerr(), RSAerr() and SSLerr() are used by some downstreams and probably not worth patching out. Discussed with @vszakats in https://github.com/libressl/portable/issues/1154 ec_asn1_test: add an example using BLS12-377 2025-09-17T16:13:11+00:00 tb 2025-09-17T16:13:11+00:00 urn:sha1:67355f1acbcfe22e391065386b442de8180421de This exercises the cofactor guessing code with a large cofactor. Thanks to Daniel Bleichenbacher for pointing out this example. This contains a hack to use a bogus OID since this curve has none. wycheproof: provide PBKDF2 test harness 2025-09-16T15:45:34+00:00 tb 2025-09-16T15:45:34+00:00 urn:sha1:61442379f1c0fd68060c13835a870f84283fa66f Skip the tests for now since they increase the test's runtime by ~50%. A later commit will gate these tests behind REGRESS_SKIP_SLOW. mlkem_generate_key_external_entropy: normalize sizeof() use 2025-09-16T06:12:04+00:00 tb 2025-09-16T06:12:04+00:00 urn:sha1:c0502723cf1da15eab87e3434cd70dfaae2910f6