openbsd/src, branch libressl-v3.5.3 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v3.5.3 2022-05-14T15:06:09+00:00 Fix d2i_ASN1_OBJECT() 2022-05-14T15:06:09+00:00 tb 2022-05-14T15:06:09+00:00 urn:sha1:9f9c4fab3ed4b876aac3fa82d052dca0c1af9827 Due to a confusion of two CBS, the API would incorrectly advance the *der_in pointer, resulting in a DER parse failure. Issue reported by Aram Sargsyan ok jsing This is patches/7.1/004_asn1.patch.sig Set ASN1_OBJECT_FLAG_DYNAMIC_DATA flag with t2i_ASN1_OBJECT_internal 2022-04-10T12:42:33+00:00 inoguchi 2022-04-10T12:42:33+00:00 urn:sha1:c694612e6569c6b13f7f2c75a3a1c4d9479509c2 'flags' should have ASN1_OBJECT_FLAG_DYNAMIC_DATA bit to free 'data' by ASN1_OBJECT_free as c2i_ASN1_OBJECT_cbs does. ok jsing@ tb@ Avoid infinite loop on parsing DSA private keys 2022-04-07T17:38:24+00:00 tb 2022-04-07T17:38:24+00:00 urn:sha1:3340c71f78097b15a0cacb114e0b6c483ad85c02 DSA private keys with ill-chosen g could cause an infinite loop on deserializing. Add a few sanity checks that ensure that g is according to the FIPS 186-4: check 1 < g < p and g^q == 1 (mod p). This is enough to ascertain that g is a generator of a multiplicative group of order q once we know that q is prime (which is checked a bit later). Issue reported with reproducers by Hanno Boeck. Additional variants and analysis by David Benjamin. ok beck jsing Avoid infinite loop for custom curves of order 1 2022-04-07T17:37:25+00:00 tb 2022-04-07T17:37:25+00:00 urn:sha1:1061feec63ce8eec5e559ca2697b80bc73044484 If a private key encoded with EC parameters happens to have order 1 and is used for ECDSA signatures, this causes an infinite loop since a random integer x in the interval [0,1) will be 0, so do ... while (x == 0); will loop indefinitely. Found and reported with a reproducer by Hanno Boeck. Helpful comments and analysis from David Benjamin. ok beck jsing Initialize the mutex before making us of it from many threads. Prevents 2022-04-03T16:52:50+00:00 anton 2022-04-03T16:52:50+00:00 urn:sha1:a46afc15b79c1deda49ec8ee141c1c5cdcd050d9 a race in which one thread is currently initializing the mutex which is not an atomic operation whereas another thread tries to use it too early. With and ok schwarze@ man pages: fix some typos found while looking for other issues 2022-03-31T17:30:05+00:00 naddy 2022-03-31T17:30:05+00:00 urn:sha1:3d8a2499d7a0a70420723f21fbf735e079a6e74c man pages: add missing commas between subordinate and main clauses 2022-03-31T17:27:26+00:00 naddy 2022-03-31T17:27:26+00:00 urn:sha1:3d8be07546f5ec331a0f851b0ea88212376ebb95 jmc@ dislikes a comma before "then" in a conditional, so leave those untouched. ok jmc@ Fix leak in ASN1_TIME_adj_internal() 2022-03-31T13:04:47+00:00 tb 2022-03-31T13:04:47+00:00 urn:sha1:31dad1243d69de787b0589750cc4b78379c43734 p is allocated by asprintf() in one of the *_from_tm() functions, so it needs to be freed as in the other error path below. CID 346194 ok jsing Simplify priv_key handling in d2i_ECPrivateKey() 2022-03-31T13:00:58+00:00 tb 2022-03-31T13:00:58+00:00 urn:sha1:91087446015ebb4341a9f7c6accff0e586a0ba5d d2i_EC_PRIVATEKEY() can handle the allocation of priv_key internally, no need to do this up front and reach it through the dangerous reuse mechanism. There's also no point in freeing a variable we know to be NULL. ok jsing Check EVPDigest* return values. 2022-03-31T09:36:09+00:00 tb 2022-03-31T09:36:09+00:00 urn:sha1:cf868958cea31b1ed1d80e83b4b5f03121ab1c48 CID 351293