A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v3.8.0 2023-05-23T11:51:12+00:00 2023-05-23T11:51:12+00:00 tb 2023-05-23T11:51:12+00:00 urn:sha1:6825aba8c0202893f32509537fbfa606a2459325 Instead of adding a NUL termination to OBJ_obj2txt(), move the aobj == NULL or aobj->data == NULL checks to i2t_ASN1_OBJECT_internal(). The only other caller, i2t_ASN1_OBJECT(), fails on aobj == NULL and aobj->length == 0, and the latter condition is implied by aobj->data. Cleaner solution for obj_dat.c r1.52 suggested by/ok jsing 2023-04-30T16:46:49+00:00 job 2023-04-30T16:46:49+00:00 urn:sha1:67a02c9c4524d27103131bc4b43b93606a9e28ee Without the cache, we verify CRL signatures on bytes that have been pulled through d2i_ -> i2d_, this can cause reordering, which in turn invalidates the signature. for example if in the original CRL revocation entries were sorted by date instead of ascending serial number order. There are probably multiple things we can do here, but they will need careful consideration and planning. OK jsing@ 2023-04-28T17:59:53+00:00 job 2023-04-28T17:59:53+00:00 urn:sha1:da3dc213d1c7cf62220f27441673778d6796c986 A long time ago a workflow was envisioned for X509, X509_CRL, and X509_REQ structures in which only fields modified after deserialization would need to be re-encoded upon serialization. Unfortunately, over the years, authors would sometimes forget to add code in setter functions to trigger invalidation of previously cached DER encodings. The presence of stale versions of structures can lead to very hard-to-debug issues and cause immense sorrow. Fully removing the concept of caching DER encodings ensures stale versions of structures can never rear their ugly heads again. OK tb@ jsing@ 2023-04-28T16:30:14+00:00 tb 2023-04-28T16:30:14+00:00 urn:sha1:83a0da50b7e7d8bf663824c7e46e6d0a39dd5b18 with beck 2023-04-26T19:11:33+00:00 beck 2023-04-26T19:11:33+00:00 urn:sha1:321a20d0a06980e029ce8bcdf37b4df1ff3c31d8 The old policy codes remains the default, with the new policy code selectable by defining LIBRESSL_HAS_POLICY_DAG. ok tb@ jsing@ 2023-04-25T19:08:30+00:00 tb 2023-04-25T19:08:30+00:00 urn:sha1:ca5efeb5b1e8d7d758ac5f1f193f58355db6ba99 2023-04-25T18:57:57+00:00 tb 2023-04-25T18:57:57+00:00 urn:sha1:7450dfd535433dd0476eedd11d4a04c9f5056928 2023-04-24T22:12:28+00:00 tb 2023-04-24T22:12:28+00:00 urn:sha1:3e4cfe2eee5d36f23368a113a6611df459b66c08 Discussed with jsing and beck 2023-04-24T08:09:29+00:00 job 2023-04-24T08:09:29+00:00 urn:sha1:bc4204740df46cf24509d764979a6fd747bb4f4a jsing@ noted that ASN1_OP_D2I_POST might not be the best place to introduce this check (as could lead to pushing errors (ASN1_R_AUX_ERROR) onto the stack). Additionally, without matching validation on the encoding side brittleness is introduced. 2023-04-23T21:31:16+00:00 job 2023-04-23T21:31:16+00:00 urn:sha1:182c5d6fe4249dcf1252e2a8985431d3f12968d6 Check whether the X.509 version is in the range of valid version values, and also checks whether the version is consistent with fields new to those versions (such as X.509 v3 extensions). X.690 section 11.5 states: "The encoding of a set value or a sequence value shall not include an encoding for any component value which is equal to its default value." However, enforcing version 1 (value 0) to be absent reportedly caused some issues as recent as July 2020, so accept version 1 even if it is explicitly encoded. OK tb@ beck@