openbsd/src/lib, branch OPENBSD_7

openbsd/src/lib, branch OPENBSD_7_2 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_7_2 2023-05-26T08:48:38+00:00 Add missing pointer invalidation 2023-05-26T08:48:38+00:00 tb 2023-05-26T08:48:38+00:00 urn:sha1:242532e946dd73e728b67bfe0915634d91462442 ok tb from jcs This is errata/7.2/026_ssl.patch.sig Fix a number of out of bound reads in DNS response parsing. 2023-03-16T13:26:49+00:00 bluhm 2023-03-16T13:26:49+00:00 urn:sha1:8bcc41f1c6cf13cb61fcdc50df536f1883264565 from millert@; originally from djm@; OK deraadt@ florian@ bluhm@ this is errata/7.2/022_resolv.patch.sig Fix arbitrary memory read in GENERAL_NAME_cmp() 2023-02-07T15:59:13+00:00 bluhm 2023-02-07T15:59:13+00:00 urn:sha1:15882269f22f488b8e18605493bb7c0608ab350e The ASN.1 template for GENERAL_NAME and its corresponding C structure disagree on the type of the x400Address member. This results in an ASN.1 string to be considered as an ASN.1 type, which allows an attacker to read (essentially) arbitrary memory. Fix this by forcing comparison as strings. While the underlying type confusion has been present since time immemorial, this particular bug came with the EdiPartyName fix (6.8/008_asn1.patch.sig). Reported by David Benjamin, fix suggested by jsing. Release date for this was set to be January 31. Unilaterally pushed back to February 7 by OpenSSL by way of announcement of many completely unrelated embargoed issues, some of which they had been sitting on since July 2020. from tb@; OK beck@ jsing@ this is errata/7.2/018_x509.patch.sig Unbreak ASN.1 indefinite length encoding. 2022-10-20T09:47:01+00:00 tb 2022-10-20T09:47:01+00:00 urn:sha1:83249055024eb55369c80ad88645d5d52b8eeae6 In r1.25 of tasn_enc.c a check was added to ensure that asn1_ex_i2c() returned the same value on both calls, however in the ndef case the len variable gets changed between calls. Keep a copy of the original value to test against. Issue reported by niklas, who encountered a test failure in rust-openssl. ok miod@ tb@; from jsing This is errata/7.2/002_asn1.patch.sig Store errors that result from leaf certificate verification. 2022-10-20T09:45:18+00:00 tb 2022-10-20T09:45:18+00:00 urn:sha1:2e08bcb01b2d496908faf5968f289cda7e088285 In the case that a verification callback is installed that tells the verifier to continue when a certificate is invalid (e.g. expired), any error resulting from the leaf certificate verification is not stored and made available post verification, resulting in an incorrect error being returned. Also perform leaf certificate verification prior to adding the chain, which avoids a potential memory leak (as noted by tb@). Issue reported by Ilya Shipitsin, who encountered haproxy regress failures. ok tb@; from jsing This is errata/7.2/001_x509.patch.sig Remove PKCS12_MAKE_{,SH}KEYBAG from Symbols.list 2022-09-19T12:25:52+00:00 tb 2022-09-19T12:25:52+00:00 urn:sha1:8c6b171d46b1c38f2d049466913944f62bc162e2 These functions were renamed in the last bump #define PKCS12_MAKE_KEYBAG PKCS12_SAFEBAG_create0_p8inf #define PKCS12_MAKE_SHKEYBAG PKCS12_SAFEBAG_create_pkcs8_encrypt They don't appear in the compiled library itself, so no further bump required. Fixes libressl-portable/portable#791 Found the hard way by vollkommenheit ok deraadt jsing Allow TLSv1.3 clients to send CCS without middlebox compatibility mode. 2022-09-17T17:14:06+00:00 jsing 2022-09-17T17:14:06+00:00 urn:sha1:74f7c264c9c7cf9fa2bbccfe73e2d98bf2e07476 While RFC 8446 is clear about what legacy session identifiers can be sent by a TLSv1.3 client and how middlebox compatibility mode is requested, it is delightfully vague about the circumstances under which a client is permitted to send CCS messages. While it does not make sense for a client to send CCS messages when they are not requesting middlebox compatibility mode, it is not strictly forbidden by the RFC and at least one (unknown) TLSv1.3 stack has been observed to do this in the wild. Revert part of the previous change and allow clients to send CCS messages, even if they are not requesting middlebox compatibility mode. Found the hard way by florian@ ok tb@ Link to SSL_read_early_data(3) 2022-09-17T16:03:21+00:00 kn 2022-09-17T16:03:21+00:00 urn:sha1:70f7b2faa17684b3944dd57095e0993328b1b4a3 OK tb Add OID for RPKI signedTAL objects 2022-09-15T08:20:34+00:00 job 2022-09-15T08:20:34+00:00 urn:sha1:5e986ba9f9b316020df4d510e27b6b7d1a19effe IANA made a permanent registration in the SMI Security for S/MIME CMS Content Type registry at https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1 for signed objects conforming to draft-ietf-sidrops-signed-tal. OK tb@ Use LONG_MAX as the limit for ciphers with long based APIs. 2022-09-15T07:04:19+00:00 jsing 2022-09-15T07:04:19+00:00 urn:sha1:69a6645367fe0e98f414f8ce038c6a4c2e3fb102 These ciphers have long based APIs, while EVP has a size_t based API. The intent of these loops is to handle sizes that are bigger than LONG_MAX. Rather than using the rather crazy EVP_MAXCHUNK construct, use LONG_MAX rounded down to a large block size, ensuring that it is a block size multiple. Revert the recently added overflow checks now that this is handled more appropriately. ok tb@