diff options
author | jsing <> | 2022-02-01 17:13:10 +0000 |
---|---|---|
committer | jsing <> | 2022-02-01 17:13:10 +0000 |
commit | f88d8440214889b6d855585bedc525a8ce92fc26 (patch) | |
tree | 094581913aa4d49534ea38296879b81b985d64b5 /src/lib/libssl/man/SSL_CTX_set1_groups.3 | |
parent | 276491ea1659b32e3194c4ea7c5278679eb15495 (diff) | |
download | openbsd-f88d8440214889b6d855585bedc525a8ce92fc26.tar.gz openbsd-f88d8440214889b6d855585bedc525a8ce92fc26.tar.bz2 openbsd-f88d8440214889b6d855585bedc525a8ce92fc26.zip |
Revise signer callback interface.
The current design of tls_sign_cb provides a pointer to a buffer where the
signature needs to be copied, however it fails to provide a length which
could result in buffer overwrites. Furthermore, tls_signer_sign() is
designed such that it allocates and returns ownership to the caller.
Revise tls_sign_cb so that the called function is expected to allocate a
buffer, returning ownership of the buffer (along with its length) to the
caller of the callback. This makes it far easier (and safer) to implement
a tls_sign_cb callback, plus tls_signer_sign can be directly plugged in
(with an appropriate cast).
While here, rename and reorder some arguments - while we will normally
sign a digest, there is no requirement for this to be the case hence use
'input' and 'input_len'. Move padding (an input) before the outputs and
add some additional bounds/return value checks.
This is technically an API/ABI break that would need a libtls major bump,
however since nothing is using the signer interface (outside of regress),
we'll ride the original minor bump.
With input from tb@
ok inoguchi@ tb@
Diffstat (limited to 'src/lib/libssl/man/SSL_CTX_set1_groups.3')
0 files changed, 0 insertions, 0 deletions