A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v3.7.0 2022-11-26T16:08:57+00:00 2022-11-26T16:08:57+00:00 tb 2022-11-26T16:08:57+00:00 urn:sha1:81d98bf600a381a625eb11b39a725b08c0ba547f Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook 2022-11-19T11:53:38+00:00 tb 2022-11-19T11:53:38+00:00 urn:sha1:2dabf3e5e824591980d26d9b06b6b28be077f309 Since DSA_sign() and DSA_verify() ignore their type argument, don't bother to determine it here. Check all size_t for overflow before passing them as int arguments. Follow OpenSSL and add a check to see if the tbs blob's length matches the one of the md, in case it is set on the EVP_PKEY_CTX. Fix return value check of DSA_sign(). ok jsing 2022-11-19T11:48:24+00:00 tb 2022-11-19T11:48:24+00:00 urn:sha1:064aae90f56580b61b05fd56fc4c0fffaf8458e0 Change DSA_sign() to single exit and check the signed i2d_DSA_SIG() return value before assigning it to an unsigned int. In DSA_verify() let d2i_DSA_SIG() handle the allocation, split error check of i2d_DSA_SIG() from signature check and change an unnecessary freezero() to free. ok jsing 2022-11-19T06:33:00+00:00 tb 2022-11-19T06:33:00+00:00 urn:sha1:6048203d2b8ec4f0ea078c70eaa40d6beb109502 2022-11-10T12:37:00+00:00 tobhe 2022-11-10T12:37:00+00:00 urn:sha1:76fc0c1130db1fe7c3d20b66da51f81aa0fdf89c ok jsing@ 2022-11-08T19:17:05+00:00 tobhe 2022-11-08T19:17:05+00:00 urn:sha1:f7bbcf1f4086b29ea35299ac0eb719cc157e526f Found with CodeChecker ok jsing@ 2022-09-03T16:01:23+00:00 jsing 2022-09-03T16:01:23+00:00 urn:sha1:2b62b98b944c0df9fbd9e41e33ea96b45b98e84b CBIGNUM_it is supposed to be the "clear bignum" or "secure" bignum - that is one which zeros its memory after use and ensures that the constant time flags are set... in LibreSSL we always do both of these things for BIGNUMs, so just use BIGNUM_it instead. ok tb@ 2022-08-31T13:28:39+00:00 tb 2022-08-31T13:28:39+00:00 urn:sha1:bef184c688c711a88c484877b5864988ede7840d 2022-08-31T13:01:01+00:00 tb 2022-08-31T13:01:01+00:00 urn:sha1:5a012dc99251d6861841dbe500e21ff7a4f63ccc DSA_size() and ECDSA_size() have a very special hack. They fudge up an ASN1_INTEGER with a size which is typically > 100 bytes, backed by a buffer of size 4. This was "fine", however, since they set buf[0] = 0xff, where the craziness that was i2c_ASN1_INTEGER() only looks at the first octet (one may then ask why a buffer of size 4 was necessary...). This changed with the rewrite of i2c_ASN1_INTEGER(), which doesn't respect this particular hack and rightly assumes that it is fed an actual ASN1_INTEGER... Instead, create an appropriate signature and use i2d to determine its size. Fixes an out-of-bounds read flagged by ASAN and oss-fuzz. ok jsing 2022-07-12T14:42:50+00:00 kn 2022-07-12T14:42:50+00:00 urn:sha1:89e42d5857196a8071fbafb5565388d0e20ec32b This script is not used at all and files are edited by hand instead. Thus remove misleading comments incl. the obsolete script/config. Feedback OK jsing tb