openbsd/src/lib/libcrypto, branch libressl-v3.2.3

openbsd/src/lib/libcrypto, branch libressl-v3.2.3 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v3.2.3 2020-12-08T15:08:47+00:00 Fix a NULL dereference in GENERAL_NAME_cmp() 2020-12-08T15:08:47+00:00 tb 2020-12-08T15:08:47+00:00 urn:sha1:267ac14fa6781b6553b05a6d8dcdf99eaacc0edf Comparing two GENERAL_NAME structures containing an EDIPARTYNAME can lead to a crash. This enables a denial of service attack for an attacker who can control both sides of the comparison. Issue reported to OpenSSL on Nov 9 by David Benjamin. OpenSSL shared the information with us on Dec 1st. Fix from Matt Caswell (OpenSSL) with a few small tweaks. ok jsing this is errata/6.8/008_asn1.patch.sig Ensure leaf is set up on X509_STORE_CTX before verification. 2020-09-26T15:44:06+00:00 jsing 2020-09-26T15:44:06+00:00 urn:sha1:4e8347390553060ef9ddb7e486d3c945d2af54ab Previously the leaf certificate was only being set up on the X509_STORE_CTX after two verification steps were performed, however at least one of those steps could result in the verification callback being triggered and existing code breaking. Issue noticed by Raf Czlonka when attempting to connect to talk.google.com using profanity (which does not set SNI and ends up receiving an invalid certificate). ok beck@ deraadt@ tb@ jumping into the x509 fray with a bunch of whitespace repair 2020-09-26T02:06:28+00:00 deraadt 2020-09-26T02:06:28+00:00 urn:sha1:3e6655fb0b20e8ae2d4546bab15df8fe320eec75 bump to LibreSSL 3.2.2 ahead of lock 2020-09-25T11:31:39+00:00 bcook 2020-09-25T11:31:39+00:00 urn:sha1:33b8c9d48b4113d7a8f7d647bbf752c75a0a83e3 ok tb@ KNF for a few comments and indent a label 2020-09-25T11:25:31+00:00 tb 2020-09-25T11:25:31+00:00 urn:sha1:595cb14b635063eb152a7a571795b041671c0869 Remove some dangling elses for consistency with the rest of the file 2020-09-25T11:17:52+00:00 tb 2020-09-25T11:17:52+00:00 urn:sha1:1efcbc50096abcd1a19ce4d45d4d127e06e04413 Simplify UI_new_method() 2020-09-25T11:05:21+00:00 tb 2020-09-25T11:05:21+00:00 urn:sha1:66d1ad87ddaa338c343987d00bcc03cf1d438b4a Use calloc() instead of malloc() and setting all members manually to 0. Avoid unnecessary else branch. Move variable declaration to the top of UI_set_result and ditch 2020-09-25T10:56:36+00:00 tb 2020-09-25T10:56:36+00:00 urn:sha1:1b9a5c6ef789bd22c50707defa5b78bfdc8d6fec a pointless local scope. suggested by jsing The default branch of a switch somehow got moved inside of a pointless 2020-09-25T10:50:26+00:00 tb 2020-09-25T10:50:26+00:00 urn:sha1:b0df497f3e068a862fde134eaf345ace1b76bb36 local scope of a case branch. Move it into the proper location. No binary change on amd64. "sure" jsing Simplify call to ERR_print_errors_cb() 2020-09-25T10:46:12+00:00 tb 2020-09-25T10:46:12+00:00 urn:sha1:e7ab003bf6d776e3b7e60d930414a50a6375989b There is no reason for print_error()'s third argument to be a UI *. It may just as well be a void * to match what ERR_print_errors_cb() expects. This avoids casting the function pointer. Also, there's no need for a (void *) cast. ok jsing