A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_7_3_BASE 2023-03-07T09:27:10+00:00 2023-03-07T09:27:10+00:00 jsing 2023-03-07T09:27:10+00:00 urn:sha1:19dfe7f484e5739359ee8c102d879d125df916ad BN_clear_free() is a wrapper that calls BN_free() - call BN_free() directly instead. ok tb@ 2023-03-04T21:39:34+00:00 tb 2023-03-04T21:39:34+00:00 urn:sha1:7fe659346c2b7c00f6036742f72095b7ba4228d9 This makes sure that the elliptic curve is not completely stupid. This is conservative enough: the smallest named groups that we support have an order of 112 bits. ok beck jsing 2023-03-04T21:37:37+00:00 tb 2023-03-04T21:37:37+00:00 urn:sha1:baab9c01fb37087a0526edeaef01a30a05bd06a4 ECDSA is essentially the same thing as DSA, except that it is slightly less stupid. Signing specifies an infinite loop, which is only possible with arbitrary ECDSA domain parameters. Fortunately, most use of ECDSA in the wild is based on well-known groups, so it is known a priori that the loop is not infinite. Still, infinite loops are bad. A retry is unlikely, 32 retries have a probability of ~2^-8000. So it's pretty safe to error out. ok beck jsing 2022-12-26T07:18:53+00:00 jmc 2022-12-26T07:18:53+00:00 urn:sha1:2eb7e5ff6bb69760f9dd4a43e7e3520ebb930120 i removed the arithmetics -> arithmetic changes, as i felt they were not clearly correct ok tb 2022-11-26T17:23:18+00:00 tb 2022-11-26T17:23:18+00:00 urn:sha1:3a1908508efa61f3f77ac8036694af2f920df947 Not all of them, only those that didn't leak into a public header... Yes. 2022-11-26T16:08:57+00:00 tb 2022-11-26T16:08:57+00:00 urn:sha1:81d98bf600a381a625eb11b39a725b08c0ba547f Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook 2022-09-03T16:01:23+00:00 jsing 2022-09-03T16:01:23+00:00 urn:sha1:2b62b98b944c0df9fbd9e41e33ea96b45b98e84b CBIGNUM_it is supposed to be the "clear bignum" or "secure" bignum - that is one which zeros its memory after use and ensures that the constant time flags are set... in LibreSSL we always do both of these things for BIGNUMs, so just use BIGNUM_it instead. ok tb@ 2022-08-31T13:01:01+00:00 tb 2022-08-31T13:01:01+00:00 urn:sha1:5a012dc99251d6861841dbe500e21ff7a4f63ccc DSA_size() and ECDSA_size() have a very special hack. They fudge up an ASN1_INTEGER with a size which is typically > 100 bytes, backed by a buffer of size 4. This was "fine", however, since they set buf[0] = 0xff, where the craziness that was i2c_ASN1_INTEGER() only looks at the first octet (one may then ask why a buffer of size 4 was necessary...). This changed with the rewrite of i2c_ASN1_INTEGER(), which doesn't respect this particular hack and rightly assumes that it is fed an actual ASN1_INTEGER... Instead, create an appropriate signature and use i2d to determine its size. Fixes an out-of-bounds read flagged by ASAN and oss-fuzz. ok jsing 2022-07-12T14:42:50+00:00 kn 2022-07-12T14:42:50+00:00 urn:sha1:89e42d5857196a8071fbafb5565388d0e20ec32b This script is not used at all and files are edited by hand instead. Thus remove misleading comments incl. the obsolete script/config. Feedback OK jsing tb 2022-06-30T11:14:47+00:00 tb 2022-06-30T11:14:47+00:00 urn:sha1:b9750dad90805ab9064b083f792c0c680759708a Pointed out by and ok jsing