A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=master 2026-01-27T14:18:32+00:00 2026-01-27T14:18:32+00:00 tb 2026-01-27T14:18:32+00:00 urn:sha1:b468f25e20a1bbfbabbc534c5c2b1b862fe98bbe A malformed v2 signing cert can lead to a type confusion, and the result is a read from an invalid memory address or NULL, so a crash. Unlike for OpenSSL, v1 signing certs aren't affected since miod fixed this in '14. Reported by Luigino Camastra, fix by Bob Beck, via OpenSSL, CVE 2025-69420. ok jsing 2025-12-05T14:19:27+00:00 tb 2025-12-05T14:19:27+00:00 urn:sha1:9d2d9214b79d3c58a92235befe0378b7ada96773 Almost entirely mechanical diff that ensures that for read-only accesses we use the const correct ASN1_STRING_get0_data(). Arguably, in most places the better fix would be to reach into ASN1_STRING but then we have to think and bikeshed... ok beck kenjiro 2025-07-31T02:02:35+00:00 tb 2025-07-31T02:02:35+00:00 urn:sha1:5c9cc2d0035cb59dfcacb47001ca9b8392b3732b set0/add0 functions that can fail are the worst. Without fail this trips up both users and authors (by and large these are two identical groups consisting of a single person), resulting in leaks and double frees. In today's episode of spelunking in the gruesome gore provided by the PKCS#7 and Time-Stamp protocol "implementations", we fix a couple of leaks in PKCS7_add_attrib_smimecap() and ESS_add_signing_cert(). We do so by recalling that there is i2d_X509_ALGORS(), so we might as well put it to use instead of inlining it poorly (aka, without error checking). Normalize said error checking and ensure ownership is handled correctly in the usual single-exit idiom. ESS_add_signing_cert() can also make use of proper i2d handling, so it's simpler and correct and in the end looks pretty much the same as PKCS7_add_attrib_smimecap(). ok kenjiro 2025-05-10T05:54:39+00:00 tb 2025-05-10T05:54:39+00:00 urn:sha1:41e8f99dd1625a9f0c80ce9d4383e95b18e85709 ok jsing 2025-01-07T14:22:19+00:00 tb 2025-01-07T14:22:19+00:00 urn:sha1:a1684faa4be27a9ef1e107c73728a13717cb63c4 This eliminates another stupid BN_free(&bn) and uses BIO_printf() rather than a ludicrously silly result dance. In fact it appears that this dance was so hard to grok that OpenSSL misread it and made this function return the value -1 on ASN1_INTEGER_to_BN() failure, a value that it had never returned before. It doesn't matter anyway. The only uses of this function are internal to OpenSSL's code and since TS fully conforms to OpenSSL's high QA standards, no caller checks the return of TS_ASN1_INTEGER_print_bio(). ok jsing 2024-08-26T22:01:28+00:00 op 2024-08-26T22:01:28+00:00 urn:sha1:07d3f305ea24da68aec66c7e4be39317f6ea7dae 2024-06-24T06:43:23+00:00 tb 2024-06-24T06:43:23+00:00 urn:sha1:c9802a5afe29675d69b605ce906d34fd89c024ac These constitute the bulk of the remaining global mutable state in libcrypto. This commit moves most of them into data.rel.ro, leaving out ERR_str_{functs,libraries,reasons} (which require a slightly different approach) and SYS_str_reasons which is populated on startup. The main observation is that if ERR_load_strings() is called with a 0 lib argument, the ERR_STRING_DATA argument is not actually modified. We could use this fact to cast away const on the caller side and be done with it. We can make this cleaner by adding a helper ERR_load_const_strings() which explicitly avoids the assignment to str->error overriding the error code already set in the table. In order for this to work, we need to sprinkle some const in err/err.c. CMS called ERR_load_strings() with non-0 lib argument, but this didn't actually modify the error data since it ored in the value already stored in the table. Annoyingly, we need to cast const away once, namely in the call to lh_insert() in int_err_set_item(). Fixing this would require changing the public API and is going to be tricky since it requires that the LHASH_DOALL_FN_* types adjust. ok jsing 2024-04-15T15:52:46+00:00 tb 2024-04-15T15:52:46+00:00 urn:sha1:0131401e0b9d7c3536cf6e5e16d17bc82cfda939 ok jsing 2024-03-26T00:39:22+00:00 beck 2024-03-26T00:39:22+00:00 urn:sha1:3604a06d3b1412f3b3b3959a358b2c8e2a07836a RFC 3631 allows for sub second ASN1 GENERALIZED times, if you choose to support sub second time precison. It does not indicate that an implementation must support them. Supporting sub second timestamps is just silly and unrealistic, so set our maximum to one second of precision. We then simplify this code by removing some nasty eye-bleed that made artisinally hand crafted strings and jammed them into an ASN1_GENERALIZEDTIME. ok tb@, jsing@, with one second precision tested by kn@ 2024-03-25T07:02:22+00:00 beck 2024-03-25T07:02:22+00:00 urn:sha1:d8847ca61ace2c9c6c3adf2a3ef9505e4eb1fb8a ok tb@