openbsd/src/lib/libtls, branch OPENBSD_7_3

openbsd/src/lib/libtls, branch OPENBSD_7_3_BASE A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_7_3_BASE 2023-03-10T16:45:50+00:00 Crankl libcrypto/libssl/libtls minors after symbol addition 2023-03-10T16:45:50+00:00 tb 2023-03-10T16:45:50+00:00 urn:sha1:fade9f4f04b548ca781e7f632f1d2cbed088db59 Bump libtls minor to match libcrypto and libssl 2022-11-13T14:07:15+00:00 tb 2022-11-13T14:07:15+00:00 urn:sha1:4fb26602f2e5c0701783dcb35eb1b94cb55cbbea bump major after libcrypto and libssl major bump 2022-09-11T17:43:27+00:00 tb 2022-09-11T17:43:27+00:00 urn:sha1:24348e1c1354449953c9349761db9397ce489a7a Bump libtls minor after libcrypto and libssl minor bump 2022-07-07T13:05:13+00:00 tb 2022-07-07T13:05:13+00:00 urn:sha1:fe3d95b4f679c1b52d2b587ae54f0eaf8c783dcf Crank major after symbol removal. 2022-03-24T15:57:04+00:00 tb 2022-03-24T15:57:04+00:00 urn:sha1:8965c1424bfbc8c3e9e03d863ed1eb8c83c22eac Hide the tls_signer from public visibility. It's not ready yet and 2022-03-24T15:56:34+00:00 tb 2022-03-24T15:56:34+00:00 urn:sha1:3ec89a9ed2faefa8b6b6deaf561a2a72744e1335 should not be used. It will be revisited after release. ok beck inoguchi jsing Plug a long standing leak in libtls CRL handling 2022-02-08T19:13:50+00:00 tb 2022-02-08T19:13:50+00:00 urn:sha1:f474d427587fdca7920adc59f098e68ed6c975f0 X509_STORE_add_crl() does not take ownership of the CRL, it bumps its refcount. So nulling out the CRL from the stack will leak it. Issue reported by KS Sreeram, thanks! ok jsing Provide our own signature padding defines. 2022-02-01T17:18:38+00:00 jsing 2022-02-01T17:18:38+00:00 urn:sha1:1b0a76785c6e9fe8eb4f8f36bad366fe9a4d399c Rather than leaking libcrypto defines through the tls_sign_cb and tls_signer_sign() interfaces, provide and use our own TLS_PADDING_* defines. ok inoguchi@ tb@ Revise signer callback interface. 2022-02-01T17:13:10+00:00 jsing 2022-02-01T17:13:10+00:00 urn:sha1:f88d8440214889b6d855585bedc525a8ce92fc26 The current design of tls_sign_cb provides a pointer to a buffer where the signature needs to be copied, however it fails to provide a length which could result in buffer overwrites. Furthermore, tls_signer_sign() is designed such that it allocates and returns ownership to the caller. Revise tls_sign_cb so that the called function is expected to allocate a buffer, returning ownership of the buffer (along with its length) to the caller of the callback. This makes it far easier (and safer) to implement a tls_sign_cb callback, plus tls_signer_sign can be directly plugged in (with an appropriate cast). While here, rename and reorder some arguments - while we will normally sign a digest, there is no requirement for this to be the case hence use 'input' and 'input_len'. Move padding (an input) before the outputs and add some additional bounds/return value checks. This is technically an API/ABI break that would need a libtls major bump, however since nothing is using the signer interface (outside of regress), we'll ride the original minor bump. With input from tb@ ok inoguchi@ tb@ Add limits.h for INT_MAX in tls_signer.c 2022-01-29T02:03:19+00:00 inoguchi 2022-01-29T02:03:19+00:00 urn:sha1:929db083963cebef863cbadb2c2375b5441e0aad ok jsing@ tb@