A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_7_8 2026-02-27T20:31:13+00:00 2026-02-27T20:31:13+00:00 bluhm 2026-02-27T20:31:13+00:00 urn:sha1:3af81c05117c0432f15903e9e8c488243a7c3b7b mktemp(3) type operations, unveil "/" "r" for reading all over the tree, and pledge "stdio rpath wpath cpath" to permit both unveils subject to their own limitations. pledge "rpath tmppath" is replace with unveil "/" "r", unveil "/tmp" "rwc", and "rpath wpath cpath" from deraadt@; ok semarie This was using pledge "tmppath" with "rpath wpath cpath". The "tmppath" is not needed. from deraadt@; ok semarie and others uses tmpfile(), which is why it used "tmppath", which is why it now needs "rpath wpath cpath" from deraadt@; spotted by brynet Instead of pledge "tmppath rpath", setup a "rwc" unveil on "/tmp", a "r" unveil on "/", and then pledge "rpath wpath cpath". from deraadt@; ok semarie and others This is using pledge "tmppath" with "rpath wpath cpath". The "tmppath" is not needed. from deraadt@; ok semarie and others These programs are using pledge "tmppath" with "rpath wpath cpath". The "tmppath" is not needed. from deraadt@; ok semarie and others Use unveil() instead of pledge "tmppath". There is a bit of bulldozering here to handle the many codeflows regarding output files, and I hope ingo improves it later. from deraadt@; Some help with regression validation from job nc(1) has the more crazy unveil + pledge configuration based upon argument flags. I think this correctly replaces "tmppath" with an unveil. from deraadt@ Since this program is "rpath wpath cpath", it does not need to use "tmppath" from deraadt@; ok op replace pledge "tmppath" with unveil "/tmp" "rwc" and "rpath wpath cpath". from deraadt@; ok ok this is errata/7.8/015_tmppath.patch.sig 2025-10-23T15:26:57+00:00 tb 2025-10-23T15:26:57+00:00 urn:sha1:a0dca9ee89cde95a556cd215202b7542ee5f598f When processing the client supported groups and key shares extensions, the group selection is currently based on client preference. However, when building a HRR the preferred group is identified by calling tls1_get_supported_group(). If SSL_OP_CIPHER_SERVER_PREFERENCE is enabled, group selection will be based on server instead of client preference. This in turn can result in the server sending a HRR for a group that the client has already provided a key share for, violating the RFC. Avoid this issue by storing the client preferred group when processing the key share extension, then using this group when creating the HRR. Thanks to dzwdz for identifying and reporting the issue. ok beck@ tb@ from jsing@ This is errata/7.8/003_libssl.patch.sig 2025-09-30T12:51:16+00:00 tb 2025-09-30T12:51:16+00:00 urn:sha1:0da76a9548849eb542ab090dc5eace7a2be789cb An incorrect length check can result in a 4-byte overwrite and an 8-byte overread. From Stanislav Fort and Viktor Dukhovni via OpenSSL. CVE-2025-9230. ok jsing 2025-09-30T12:49:34+00:00 tb 2025-09-30T12:49:34+00:00 urn:sha1:4867be3b7736b15337f62460c0a92c9f3f6f5005 ok jsing 2025-09-30T12:46:55+00:00 tb 2025-09-30T12:46:55+00:00 urn:sha1:9c492217dca486db9aacff39780c63445db043a4 ok jsing 2025-09-29T08:46:15+00:00 jan 2025-09-29T08:46:15+00:00 urn:sha1:46c56e258ad51543fa1d174ca9568ef545233a34 This is required in NIST Special Publication 800-56B Revision 2 "Recommendation for Pair-Wise Key Establishment Using Integer Factorization Cryptography": 6 RSA Key Pairs 6.2 Criteria for RSA Key Pairs for Key Establishment 6.2.1 Definition of a Key Pair 3. The prime factors p and q shall be generated using one of the methods specified in Appendix B.3 of FIPS 186 such that: c. |p – q| > 2nBits/2−100 ok djm@, tb@ 2025-09-28T14:17:52+00:00 tb 2025-09-28T14:17:52+00:00 urn:sha1:3d7417f2050e2c59d3bc34048d7ddf7f9335c1e0 The version check will break the rust-openssl regress unless you have rust-openssl-tests-20250927p0. 2025-09-28T07:52:53+00:00 tb 2025-09-28T07:52:53+00:00 urn:sha1:dee41641c860153d9ff3214fdf9f43ae9a10429c This wasn't part of the initial proposal and causes issues in curl downstream. We could pile more hacks on top of this, but at some point this is getting too silly. Relatedly, most of the FOOerr() could be removed, although PEMerr(), RSAerr() and SSLerr() are used by some downstreams and probably not worth patching out. Discussed with @vszakats in https://github.com/libressl/portable/issues/1154 2025-09-17T16:13:11+00:00 tb 2025-09-17T16:13:11+00:00 urn:sha1:67355f1acbcfe22e391065386b442de8180421de This exercises the cofactor guessing code with a large cofactor. Thanks to Daniel Bleichenbacher for pointing out this example. This contains a hack to use a bogus OID since this curve has none. 2025-09-16T15:45:34+00:00 tb 2025-09-16T15:45:34+00:00 urn:sha1:61442379f1c0fd68060c13835a870f84283fa66f Skip the tests for now since they increase the test's runtime by ~50%. A later commit will gate these tests behind REGRESS_SKIP_SLOW.