openbsd/src/lib/libcrypto, branch libressl-v3.5.3A mirror of https://github.com/libressl/openbsd.git
https://git.lua4.win/openbsd/atom?h=libressl-v3.5.32022-05-14T15:06:09+00:00Fix d2i_ASN1_OBJECT()2022-05-14T15:06:09+00:00tb2022-05-14T15:06:09+00:00urn:sha1:9f9c4fab3ed4b876aac3fa82d052dca0c1af9827
Due to a confusion of two CBS, the API would incorrectly advance the
*der_in pointer, resulting in a DER parse failure.
Issue reported by Aram Sargsyan
ok jsing
This is patches/7.1/004_asn1.patch.sig
Set ASN1_OBJECT_FLAG_DYNAMIC_DATA flag with t2i_ASN1_OBJECT_internal2022-04-10T12:42:33+00:00inoguchi2022-04-10T12:42:33+00:00urn:sha1:c694612e6569c6b13f7f2c75a3a1c4d9479509c2
'flags' should have ASN1_OBJECT_FLAG_DYNAMIC_DATA bit to free 'data'
by ASN1_OBJECT_free as c2i_ASN1_OBJECT_cbs does.
ok jsing@ tb@
Avoid infinite loop on parsing DSA private keys2022-04-07T17:38:24+00:00tb2022-04-07T17:38:24+00:00urn:sha1:3340c71f78097b15a0cacb114e0b6c483ad85c02
DSA private keys with ill-chosen g could cause an infinite
loop on deserializing. Add a few sanity checks that ensure
that g is according to the FIPS 186-4: check 1 < g < p and
g^q == 1 (mod p). This is enough to ascertain that g is a
generator of a multiplicative group of order q once we know
that q is prime (which is checked a bit later).
Issue reported with reproducers by Hanno Boeck.
Additional variants and analysis by David Benjamin.
ok beck jsing
Avoid infinite loop for custom curves of order 12022-04-07T17:37:25+00:00tb2022-04-07T17:37:25+00:00urn:sha1:1061feec63ce8eec5e559ca2697b80bc73044484
If a private key encoded with EC parameters happens to have
order 1 and is used for ECDSA signatures, this causes an
infinite loop since a random integer x in the interval [0,1)
will be 0, so do ... while (x == 0); will loop indefinitely.
Found and reported with a reproducer by Hanno Boeck.
Helpful comments and analysis from David Benjamin.
ok beck jsing
man pages: fix some typos found while looking for other issues2022-03-31T17:30:05+00:00naddy2022-03-31T17:30:05+00:00urn:sha1:3d8a2499d7a0a70420723f21fbf735e079a6e74cman pages: add missing commas between subordinate and main clauses2022-03-31T17:27:26+00:00naddy2022-03-31T17:27:26+00:00urn:sha1:3d8be07546f5ec331a0f851b0ea88212376ebb95
jmc@ dislikes a comma before "then" in a conditional, so leave those
untouched.
ok jmc@
Fix leak in ASN1_TIME_adj_internal()2022-03-31T13:04:47+00:00tb2022-03-31T13:04:47+00:00urn:sha1:31dad1243d69de787b0589750cc4b78379c43734
p is allocated by asprintf() in one of the *_from_tm() functions, so
it needs to be freed as in the other error path below.
CID 346194
ok jsing
Simplify priv_key handling in d2i_ECPrivateKey()2022-03-31T13:00:58+00:00tb2022-03-31T13:00:58+00:00urn:sha1:91087446015ebb4341a9f7c6accff0e586a0ba5d
d2i_EC_PRIVATEKEY() can handle the allocation of priv_key internally,
no need to do this up front and reach it through the dangerous reuse
mechanism. There's also no point in freeing a variable we know to be
NULL.
ok jsing
Avoid segfaults in EVP_PKEY_CTX_free()2022-03-30T07:17:48+00:00tb2022-03-30T07:17:48+00:00urn:sha1:c650ef2b4f969ce6b8d9a39f9e86c5e181dfafbc
It is possible to call pmeth->cleanup() with an EVP_PKEY_CTX whose data
is NULL. If pmeth->init() in int_ctx_new() fails, EVP_PKEY_CTX_free() is
called with such a context. This in turn calls pmeth->cleanup(), and thus
these cleanup functions must be careful not to use NULL data. Most of
them are, but one of GOST's functions and HMAC's aren't.
Reported for HMAC by Masaru Masada
https://github.com/libressl-portable/openbsd/issues/129
ok bcook jsing
pkey_hmac_init(): use calloc()2022-03-30T07:12:30+00:00tb2022-03-30T07:12:30+00:00urn:sha1:4f0946cf87d94f094252f696625cc100be8bbd76
Instead of using malloc() and setting most struct members to 0,
simply use calloc().
ok bcook jsing