A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v3.5.3 2022-03-24T15:57:04+00:00 2022-03-24T15:57:04+00:00 tb 2022-03-24T15:57:04+00:00 urn:sha1:8965c1424bfbc8c3e9e03d863ed1eb8c83c22eac 2022-03-24T15:56:34+00:00 tb 2022-03-24T15:56:34+00:00 urn:sha1:3ec89a9ed2faefa8b6b6deaf561a2a72744e1335 should not be used. It will be revisited after release. ok beck inoguchi jsing 2022-02-08T19:13:50+00:00 tb 2022-02-08T19:13:50+00:00 urn:sha1:f474d427587fdca7920adc59f098e68ed6c975f0 X509_STORE_add_crl() does not take ownership of the CRL, it bumps its refcount. So nulling out the CRL from the stack will leak it. Issue reported by KS Sreeram, thanks! ok jsing 2022-02-01T17:18:38+00:00 jsing 2022-02-01T17:18:38+00:00 urn:sha1:1b0a76785c6e9fe8eb4f8f36bad366fe9a4d399c Rather than leaking libcrypto defines through the tls_sign_cb and tls_signer_sign() interfaces, provide and use our own TLS_PADDING_* defines. ok inoguchi@ tb@ 2022-02-01T17:13:10+00:00 jsing 2022-02-01T17:13:10+00:00 urn:sha1:f88d8440214889b6d855585bedc525a8ce92fc26 The current design of tls_sign_cb provides a pointer to a buffer where the signature needs to be copied, however it fails to provide a length which could result in buffer overwrites. Furthermore, tls_signer_sign() is designed such that it allocates and returns ownership to the caller. Revise tls_sign_cb so that the called function is expected to allocate a buffer, returning ownership of the buffer (along with its length) to the caller of the callback. This makes it far easier (and safer) to implement a tls_sign_cb callback, plus tls_signer_sign can be directly plugged in (with an appropriate cast). While here, rename and reorder some arguments - while we will normally sign a digest, there is no requirement for this to be the case hence use 'input' and 'input_len'. Move padding (an input) before the outputs and add some additional bounds/return value checks. This is technically an API/ABI break that would need a libtls major bump, however since nothing is using the signer interface (outside of regress), we'll ride the original minor bump. With input from tb@ ok inoguchi@ tb@ 2022-01-29T02:03:19+00:00 inoguchi 2022-01-29T02:03:19+00:00 urn:sha1:929db083963cebef863cbadb2c2375b5441e0aad ok jsing@ tb@ 2022-01-28T03:46:46+00:00 jsing 2022-01-28T03:46:46+00:00 urn:sha1:db03b8939a7c59c86ed4cc95d271a511183befe0 Add tls_signer_error to Symbols.list - this was missed during the last libtls minor bump and can ride along. ok deraadt@ 2022-01-25T21:53:45+00:00 eric 2022-01-25T21:53:45+00:00 urn:sha1:f95dbb17ba0c56a2959e39d3bd83970c90b3bb95 2022-01-25T21:51:24+00:00 eric 2022-01-25T21:51:24+00:00 urn:sha1:bff2f4430c3c0f9cc4584883118372ffbdcbd1e6 to implement. Add a tls_config_set_sign_cb() function that allows to register a callback for the signing operation on a tls_config. When used, the context installs fake pivate keys internally, and the callback receives the hash of the public key. Add a tls_signer_*() set of functions to manage tls_signer objects. A tls_signer is an opaque structure on which keys are added. It is used to compute signatures with private keys identified by their associated public key hash. Discussed with and ok jsing@ tb@ 2022-01-19T11:10:55+00:00 inoguchi 2022-01-19T11:10:55+00:00 urn:sha1:a0f676076e1dde29f618a1e8ac62b1dd15e406d2 EVP_EncryptInit_ex, EVP_DecryptInit_ex and HMAC_Init_ex are possible to fail and return error. Error from these functions will be fatal for the callback, and I choose to return -1. SSL_CTX_set_tlsext_ticket_key_cb.3 explains the return value of callback. This also could fix Coverity CID 345319. ok jsing@ tb@