openbsd/src/lib/libcrypto, branch libressl-v3.7.1

openbsd/src/lib/libcrypto, branch libressl-v3.7.1 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v3.7.1 2023-03-16T12:01:47+00:00 Update manpage for X509_CRL_get0_tbs_sigalg() 2023-03-16T12:01:47+00:00 job 2023-03-16T12:01:47+00:00 urn:sha1:7c7ac05cca1a17a89c567f98db291ca8474921c9 OK tb@ Bump LibreSSL version to 3.7.2 2023-03-16T08:16:21+00:00 tb 2023-03-16T08:16:21+00:00 urn:sha1:afebd6e09d6b1db7d1e315cda01608c0052797d1 Return the signature length after successful signing operation 2023-03-15T06:34:07+00:00 tb 2023-03-15T06:34:07+00:00 urn:sha1:40ffd290cb3438bcc29da70c71f6aa0d745b108a This is required behavior of the EVP_DigestSign() API, but seemingly almost nothing uses this. Well, turns out ldns does. Reported by Stephane. Helpful comments by sthen. ok jsing Add comments that explain why things are done in this strange order. 2023-03-15T06:30:21+00:00 tb 2023-03-15T06:30:21+00:00 urn:sha1:0d6436e7ce4a2c17cfea40b64872c615b4ff93da There's some method to this madness. ok jsing Push calloc() of ndef_aux down as far as possible and 2023-03-15T06:28:55+00:00 tb 2023-03-15T06:28:55+00:00 urn:sha1:fe08170ae5385adab5596b5e0d20cd32170b58ba pull the setting of the ex_arg up, so we can do error checking. ok jsing Error check BIO_asn1_set_{prefix,suffix}() calls 2023-03-15T06:22:42+00:00 tb 2023-03-15T06:22:42+00:00 urn:sha1:2986e4f991df4a0bedeeaec8466f95a24be09909 ok jsing Streaming BIOs assume they can write to NULL BIOs 2023-03-15T06:14:02+00:00 tb 2023-03-15T06:14:02+00:00 urn:sha1:3bd54020171e9b2e7330ee5ed831533a5344cee8 At least SMIME_text() relies on this. Pushing an error on the stack trips PKCS7 regress in py-cryptography, so indicate nothing was written instead of throwing an error. Reported by Alex Gaynor a while back ok jsing Ensure negative input to BN_mod_exp_mont_consttime() is correctly reduced. 2023-03-15T04:30:20+00:00 jsing 2023-03-15T04:30:20+00:00 urn:sha1:d3cf2a2533c22b330e12679aad10a700eb6fc870 A negative input to BN_mod_exp_mont_consttime() is not correctly reduced, remaining negative (when it should be in the range [0, m)). Fix this by unconditionally calling BN_nnmod() on the input. Fixes ossfuzz #55997. ok tb@ Stop confusing out and asn_bio in BIO_new_NDEF() 2023-03-13T07:31:09+00:00 tb 2023-03-13T07:31:09+00:00 urn:sha1:1a2e5d994000e27e8d3809226045e1ebd95bb0df BIO_new_NDEF() sets up an ASN.1 BIO to the output chain and then adds even more BIOs. Since BIO_push(bio, new_tail) returns bio on success, after the if ((out = BIO_push(asn_bio, out)) != NULL) the 'out' BIO and the 'asn_bio' are the same. The code then goes on and uses one or the other. This is very confusing. Simply stop using out once it's appended to asn_bio. ok jsing pk7_cb() and cms_cb() 2023-03-12T17:29:02+00:00 tb 2023-03-12T17:29:02+00:00 urn:sha1:a000ef26734da6ea7f446ae52ac64059cf358592 Add and fix FALLTHROUGH statement. I was confused for way too long since I hadn't noticed that this case fell through to the next. Also add and move some empty lines in the cms_cb() to make this resemble KNF more.