openbsd/src/lib/libcrypto, branch libressl-v4.2.1

openbsd/src/lib/libcrypto, branch libressl-v4.2.1 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v4.2.1 2025-09-30T12:51:16+00:00 cms: fix incorrect length check in kek_unwrap_key() 2025-09-30T12:51:16+00:00 tb 2025-09-30T12:51:16+00:00 urn:sha1:0da76a9548849eb542ab090dc5eace7a2be789cb An incorrect length check can result in a 4-byte overwrite and an 8-byte overread. From Stanislav Fort and Viktor Dukhovni via OpenSSL. CVE-2025-9230. ok jsing cms_RecipientInfo_pwri_crypt: fix incorrect return check 2025-09-30T12:49:34+00:00 tb 2025-09-30T12:49:34+00:00 urn:sha1:4867be3b7736b15337f62460c0a92c9f3f6f5005 ok jsing cms_RecipientInfo_pwri_crypt: plug leak of kekalg 2025-09-30T12:46:55+00:00 tb 2025-09-30T12:46:55+00:00 urn:sha1:9c492217dca486db9aacff39780c63445db043a4 ok jsing libcrypto: rsa gen: min. distance between p and q 2025-09-29T08:46:15+00:00 jan 2025-09-29T08:46:15+00:00 urn:sha1:46c56e258ad51543fa1d174ca9568ef545233a34 This is required in NIST Special Publication 800-56B Revision 2 "Recommendation for Pair-Wise Key Establishment Using Integer Factorization Cryptography": 6 RSA Key Pairs 6.2 Criteria for RSA Key Pairs for Key Establishment 6.2.1 Definition of a Key Pair 3. The prime factors p and q shall be generated using one of the methods specified in Appendix B.3 of FIPS 186 such that: c. |p – q| > 2nBits/2−100 ok djm@, tb@ Bump libressl version to 4.2.0 2025-09-28T14:17:52+00:00 tb 2025-09-28T14:17:52+00:00 urn:sha1:3d7417f2050e2c59d3bc34048d7ddf7f9335c1e0 The version check will break the rust-openssl regress unless you have rust-openssl-tests-20250927p0. Revert NULL,0 -> OPENSSL_FILE,OPENSSL_LINE from r1.78 2025-09-28T07:52:53+00:00 tb 2025-09-28T07:52:53+00:00 urn:sha1:dee41641c860153d9ff3214fdf9f43ae9a10429c This wasn't part of the initial proposal and causes issues in curl downstream. We could pile more hacks on top of this, but at some point this is getting too silly. Relatedly, most of the FOOerr() could be removed, although PEMerr(), RSAerr() and SSLerr() are used by some downstreams and probably not worth patching out. Discussed with @vszakats in https://github.com/libressl/portable/issues/1154 mlkem_generate_key_external_entropy: normalize sizeof() use 2025-09-16T06:12:04+00:00 tb 2025-09-16T06:12:04+00:00 urn:sha1:c0502723cf1da15eab87e3434cd70dfaae2910f6 Simplify MLKEM_{private,public}_key_new() 2025-09-16T06:10:24+00:00 tb 2025-09-16T06:10:24+00:00 urn:sha1:e7b57a14f72bfb330c5d26dd387f302ecbb52b42 This removes two unnecessary variables in each of these functions, normalizes the sizeof() use and undoes unnecessary line wraps. ok deraadt djm kenjiro aes: move explicit_bzero() after NULL check 2025-09-15T07:36:12+00:00 tb 2025-09-15T07:36:12+00:00 urn:sha1:1f8d0b443d28c5e431333f56e1a6384d8123e15c CID 621601 621602 ok djm jsg jsing miod MLKEM_private_key_new: add missing space before = 2025-09-15T03:34:58+00:00 tb 2025-09-15T03:34:58+00:00 urn:sha1:0eed5822a87e695248d6828aca5291e4b942d39a