A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_7_8_BASE 2025-07-31T02:24:21+00:00 2025-07-31T02:24:21+00:00 tb 2025-07-31T02:24:21+00:00 urn:sha1:939b14b31a0ec57a91982f54dd055e000bf5f6ac This is nearly identical to CMS_add_simple_smimecap(). We can reuse its doc comment mutatis mutandis and use the same construction. Maybe this wants deduplicating. Maybe not. ok kenjiro 2025-07-31T02:21:01+00:00 tb 2025-07-31T02:21:01+00:00 urn:sha1:0422dbe1ad1c175070e7cebc4bbb202b15ffea21 There's nothing really wrong here (at least when compared to the rest of this file an hour or so ago), but we can make this look somewhat more like code. That there's no bug here is not really related to the fact that it's an add1 function, not an add0 one. In fact, it's kind of surprising that the author had an uncharacteristic moment of lucidity and remembered to free the last argument passed to PKCS7_add_signed_attribute() on failure. ok kenjiro 2025-07-31T02:10:55+00:00 tb 2025-07-31T02:10:55+00:00 urn:sha1:4815d09a66fcc2a3ecabae72d77e841265da2451 Since we finally found a use for i2d_X509_ALGORS(), make use of its sibling here. This avoids some ridiculous contortions in not quite peak muppet code (obviously this was a first test run for the grand finale in CMS). ok kenjiro 2025-07-31T02:02:35+00:00 tb 2025-07-31T02:02:35+00:00 urn:sha1:5c9cc2d0035cb59dfcacb47001ca9b8392b3732b set0/add0 functions that can fail are the worst. Without fail this trips up both users and authors (by and large these are two identical groups consisting of a single person), resulting in leaks and double frees. In today's episode of spelunking in the gruesome gore provided by the PKCS#7 and Time-Stamp protocol "implementations", we fix a couple of leaks in PKCS7_add_attrib_smimecap() and ESS_add_signing_cert(). We do so by recalling that there is i2d_X509_ALGORS(), so we might as well put it to use instead of inlining it poorly (aka, without error checking). Normalize said error checking and ensure ownership is handled correctly in the usual single-exit idiom. ESS_add_signing_cert() can also make use of proper i2d handling, so it's simpler and correct and in the end looks pretty much the same as PKCS7_add_attrib_smimecap(). ok kenjiro 2025-07-28T04:29:00+00:00 tb 2025-07-28T04:29:00+00:00 urn:sha1:24f1a240459f5178954a0c2f54c2afdd8a6f6e2e 2025-07-27T07:11:36+00:00 tb 2025-07-27T07:11:36+00:00 urn:sha1:33683d7f8034ad6ba3e6e873d6e5d5801cebba29 If the caller passes in NULL, helpfully a new ASN1_TIME is allocated with X509_gmtime_adj() and leaked if PKCS7_add0_attrib_signing_time() fails afterward. Fix this. Also don't blindly set the signing time to a UTCTime. Validate the usual RFC 5280 format before setting it, as that's what RFC 5652, section 11.3 mandates. ok kenjiro 2025-07-27T07:06:41+00:00 tb 2025-07-27T07:06:41+00:00 urn:sha1:5d593caa4397fa2eafb4771d98476f5a53cecd1a This little gem has a number of issues. On failure, the caller can't know whether ownership of value was taken or not, so to avoid a double free, the only option is to leak value on failure. As X509_ATTRIBUTE_create() takes ownership on success, this call must be the last one that can fail. This way ownership is only taken on success. Next, if X509_ATTRIBUTE_create() fails in the case that the input stack already contains an attribute of type nid, that attr is freed and the caller freeing the stack with pop_free() will double free. So, rework this in a few ways. Make this transactional, so we don't fail with a modified *in_sk, so work with a local sk as usual. Then walk the stack and see if we have an attribute with the appropriate nid already. If not, make sure there's room to place the new attribute. Create the new attribute, free the old attribute if necessary and replace it with the new one. Finally assign the local sk to *in_sk and return success. On error unwind all we did. The behavior now matches OpenSSL 3's new behavior, except that we don't leave an empty stack around on error. ok kenjiro 2025-07-02T10:24:17+00:00 tb 2025-07-02T10:24:17+00:00 urn:sha1:90aa4c4a99821aa2140aa91b15ab788fb21f5c61 fixes in particular ./check_complete.pl pkcs7 2025-06-11T18:11:55+00:00 tb 2025-06-11T18:11:55+00:00 urn:sha1:e8072ea25f6fbdb48e65889fec46a27e8f5e3ab1 2025-06-05T07:50:30+00:00 tb 2025-06-05T07:50:30+00:00 urn:sha1:fdfd3dad8e21a95f3e542d8d9648bc3c1eb4d5d3