A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v3.2.7 2021-09-30T18:28:12+00:00 2021-09-30T18:28:12+00:00 deraadt 2021-09-30T18:28:12+00:00 urn:sha1:517a5e9757e78e04e459753bde999cf67de1aaf8 ok sthen, beck, jsing, tb, etc etc This cannot be issued as an errata/syspatch, because syspatch cannot handle "etc set" changes, but is still worth putting into -stable 2021-09-30T18:26:16+00:00 deraadt 2021-09-30T18:26:16+00:00 urn:sha1:93cc8c68508817e38329d627c5154ca849988f6c In order to work around the expired DST Root CA X3 certficiate, enable X509_V_FLAG_TRUSTED_FIRST in the legacy verifier. This means that the default chain provided by Let's Encrypt will stop at the ISRG Root X1 intermediate, rather than following the DST Root CA X3 intermediate. Note that the new verifier does not suffer from this issue, so only a small number of things will hit this code path. ok millert@ robert@ tb@ this is errata 6.8/032_cert.patch 2021-09-26T14:07:09+00:00 deraadt 2021-09-26T14:07:09+00:00 urn:sha1:72c91ffe59378f4b690c1fd772fcbec9722bf30d The length checks need to be >= rather than > in order to ensure the string remains NUL terminated. While here consistently check wi before using it so we have the same idiom throughout this function. Issue reported by GoldBinocle on GitHub. ok deraadt@ tb@ this is 6.8 errata 031 2021-08-20T19:54:16+00:00 benno 2021-08-20T19:54:16+00:00 urn:sha1:a0edaa1df7ef2c86291fda512c1ac0b4bee8b545 X509_CERT_AUX_print(). Commit in -current: CVSROOT: /cvs Module name: src Changes by: schwarze@cvs.openbsd.org 2021/07/10 11:45:16 Modified files: lib/libcrypto/asn1: t_x509a.c Log message: Fix a read buffer overrun in X509_CERT_AUX_print(3), which by implication also affects X509_print(3). The ASN1_STRING_get0_data(3) manual explitely cautions the reader that the data is not necessarily NUL-terminated, and the function X509_alias_set1(3) does not sanitize the data passed into it in any way either, so we must assume the alias->data field is merely a byte array and not necessarily a string in the sense of the C language. I found this bug while writing manual pages for these functions. OK tb@ As an aside, note that the function still produces incomplete and misleading results when the data contains a NUL byte in the middle and that error handling is consistently absent throughout, even though the function provides an "int" return value obviously intended to be 1 for success and 0 for failure, and even though this function is called by another function that also wants to return 1 for success and 0 for failure and even does so in many of its code paths, though not in others. But let's stay focussed. Many things would be nice to have in the wide wild world, but a buffer overflow must not be allowed to remain in our backyard. This is patches/6.8/common/029_x509.patch.sig 2021-03-15T15:59:04+00:00 tb 2021-03-15T15:59:04+00:00 urn:sha1:00ac1a9c447d64f268cd57eb3cf9206c725e2d54 A TLS client doing session reuse in a certain way could run into a use-after-free. Set the sequence numbers inside ssl3_clear() to make sure this points at valid memory and do the initialization of the record layer a bit earlier so that this works as desired. Additionally, explicitly clear the sequence numbers in ssl3_free() which would have turned the use-after-free into a NULL dereference. Issue reported by Ilya Chipitsine. Fix from jsing This is errata/6.8/017_libssl.patch.sig 2021-02-03T07:06:14+00:00 tb 2021-02-03T07:06:14+00:00 urn:sha1:5eca2774fbb65f0eac0df1f87aaa91c139b0f724 Various interoperability issues and memory leaks were discovered in libcrypto and libssl. The new verifier is not bug compatible with the old verifier and caused many issues by failing to propagate errors correctly, returning different error codes than some software was trained to expect and otherwise failing when it shouldn't. While much of this is fixed in -current, it's still not perfect, so switching back to the legacy verifier is preferable at this point. Other included fixes: * Unbreak DTLS retransmissions for flights that include a CCS * Only check BIO_should_read() on read and BIO_should_write() on write * Implement autochain for the TLSv1.3 server * Use the legacy verifier for AUTO_CHAIN * Implement exporter for TLSv1.3 * Free alert_data and phh_data in tls13_record_layer_free() * Plug leak in x509_verify_chain_dup() * Free the policy tree in x509_vfy_check_policy() Original commits by jsing and tb ok inoguchi jsing 2020-12-08T15:08:47+00:00 tb 2020-12-08T15:08:47+00:00 urn:sha1:267ac14fa6781b6553b05a6d8dcdf99eaacc0edf Comparing two GENERAL_NAME structures containing an EDIPARTYNAME can lead to a crash. This enables a denial of service attack for an attacker who can control both sides of the comparison. Issue reported to OpenSSL on Nov 9 by David Benjamin. OpenSSL shared the information with us on Dec 1st. Fix from Matt Caswell (OpenSSL) with a few small tweaks. ok jsing this is errata/6.8/008_asn1.patch.sig 2020-09-26T15:44:06+00:00 jsing 2020-09-26T15:44:06+00:00 urn:sha1:4e8347390553060ef9ddb7e486d3c945d2af54ab Previously the leaf certificate was only being set up on the X509_STORE_CTX after two verification steps were performed, however at least one of those steps could result in the verification callback being triggered and existing code breaking. Issue noticed by Raf Czlonka when attempting to connect to talk.google.com using profanity (which does not set SNI and ends up receiving an invalid certificate). ok beck@ deraadt@ tb@ 2020-09-26T14:43:17+00:00 jsing 2020-09-26T14:43:17+00:00 urn:sha1:b147e2d737372e25e4ae27eb3f3cf46c472e9055 Currently dtls1_drain_fragments() has a incomplete handrolled version of dtls1_hm_fragment_free(), which has the potential to leak memory. Replace the handrolled free with a call to dtls1_hm_fragment_free(). ok inoguchi@ tb@ 2020-09-26T09:01:05+00:00 jsing 2020-09-26T09:01:05+00:00 urn:sha1:16a00524267404e94d8c26a27dd54a75587920e7 Allocate into the appropriate structures and call dtls1_free() on failure, rather than allocating into local variables and then remembering to free various things on failure. ok tb@