A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v4.2.1 2025-06-03T08:42:15+00:00 2025-06-03T08:42:15+00:00 kenjiro 2025-06-03T08:42:15+00:00 urn:sha1:0fc5b6d312fea35d788e92ffc5a6dc32638d32bc Replace memcmp() with timingsafe_memcmp() for authentication tag comparison in AES-CCM, GCM, PKCS12 and AES key unwrap code paths to ensure constant-time behavior and avoid potential timing side channels. This aligns with OpenSSL 1e4a355. ok tb@ 2025-05-10T19:01:16+00:00 tb 2025-05-10T19:01:16+00:00 urn:sha1:5747076436203e94cc042d06e2a8ae46b0ea5a47 Currently PKCS12_setup_mac() function uses salt length of 8 bytes / 64 bits when no salt length is specified. Increase this fallback default to 16 bytes / 128 bits, as recommended by NIST SP 800-132. Note this is for interoperability purposes. Some FIPS implementations enforce minimum salt length of 16 bytes. Examples of such FIPS implemenations are Bouncycastle FIPS Java API and Chainguard FIPS Provider for OpenSSL. Also future v3.6 release of OpenSSL will also increase the default salt length to 16 bytes. From Dimitri John Ledkov, thanks 2025-05-10T05:54:39+00:00 tb 2025-05-10T05:54:39+00:00 urn:sha1:41e8f99dd1625a9f0c80ce9d4383e95b18e85709 ok jsing 2025-03-09T15:45:52+00:00 tb 2025-03-09T15:45:52+00:00 urn:sha1:9971249d16e9e04b0af48f612febcd91710abad9 Unfortunately, this is used in acsm-calibre-plugin, via oscrypto. Fixes https://github.com/Leseratte10/acsm-calibre-plugin/issues/112 ok jsing 2025-01-06T23:35:25+00:00 tb 2025-01-06T23:35:25+00:00 urn:sha1:f62644a3fec4a1c2ba18134913f454106247493d 2024-08-22T12:22:42+00:00 tb 2024-08-22T12:22:42+00:00 urn:sha1:de9723d006cceb5ae0915a4891de3155c9232629 It is no longer possible to set an attribute on an EVP_PKEY, so this code is dead. ok miod 2024-07-15T15:43:25+00:00 tb 2024-07-15T15:43:25+00:00 urn:sha1:beafda5998db0cbb734723cf1f2897bbf6046bdb This tries to copy some microsoft attributes which are not usually present and chokes on the now disabled EVP_PKEY_*attr* API. Instead of reviving about four layers of traps and indirection, just inline the two functions in a way that should be more obvious. found by anton via the ruby-openssl tests ok jsing 2024-07-09T06:13:22+00:00 beck 2024-07-09T06:13:22+00:00 urn:sha1:a40dc77f12153071625af9215f01a8be78a4539a ok tb@ 2024-06-24T06:43:23+00:00 tb 2024-06-24T06:43:23+00:00 urn:sha1:c9802a5afe29675d69b605ce906d34fd89c024ac These constitute the bulk of the remaining global mutable state in libcrypto. This commit moves most of them into data.rel.ro, leaving out ERR_str_{functs,libraries,reasons} (which require a slightly different approach) and SYS_str_reasons which is populated on startup. The main observation is that if ERR_load_strings() is called with a 0 lib argument, the ERR_STRING_DATA argument is not actually modified. We could use this fact to cast away const on the caller side and be done with it. We can make this cleaner by adding a helper ERR_load_const_strings() which explicitly avoids the assignment to str->error overriding the error code already set in the table. In order for this to work, we need to sprinkle some const in err/err.c. CMS called ERR_load_strings() with non-0 lib argument, but this didn't actually modify the error data since it ored in the value already stored in the table. Annoyingly, we need to cast const away once, namely in the call to lh_insert() in int_err_set_item(). Fixing this would require changing the public API and is going to be tricky since it requires that the LHASH_DOALL_FN_* types adjust. ok jsing 2024-03-24T06:48:03+00:00 tb 2024-03-24T06:48:03+00:00 urn:sha1:5670d7c719ea7eed499f4bf4c0621968b6e5cab0 noticed/ok beck