| Commit message (Collapse) | Author | Files | Lines | ||
|---|---|---|---|---|---|
| 2020-12-14 | Switch finish{,_peer}_md_len from int to size_t | tb | 1 | -3/+3 | |
| This is the natural type for these and it simplifies an upcoming commit. The few consumers have been carefully checked to be fine with this. ok inoguchi jsing | |||||
| 2020-12-08 | LibreSSL 3.3.1libressl-v3.3.1 | bcook | 1 | -3/+3 | |
| 2020-12-08 | Fix a NULL dereference in GENERAL_NAME_cmp() | tb | 6 | -11/+94 | |
| Comparing two GENERAL_NAME structures containing an EDIPARTYNAME can lead to a crash. This enables a denial of service attack for an attacker who can control both sides of the comparison. Issue reported to OpenSSL on Nov 9 by David Benjamin. OpenSSL shared the information with us on Dec 1st. Fix from Matt Caswell (OpenSSL) with a few small tweaks. ok jsing | |||||
| 2020-12-06 | Enable t_mmap-1 test. It is skipped on NetBSD, but works for us. | bluhm | 2 | -3/+10 | |
| 2020-12-05 | Mark bitmask_{start,end}_values[] and g_probable_mtu[] const. | tb | 1 | -4/+4 | |
| ok jsing kn | |||||
| 2020-12-05 | Mark nid_list[] const. This moves 116 bytes to .rodata. | tb | 1 | -2/+2 | |
| ok jsing kn | |||||
| 2020-12-04 | Move point-on-curve check to set_affine_coordinates | tb | 4 | -18/+50 | |
| Bad API design makes it possible to set an EC_KEY public key to a point not on the curve. As a consequence, it was possible to have bogus ECDSA signatures validated. In practice, all software uses either EC_POINT_oct2point*() to unmarshal public keys or issues a call to EC_KEY_check_key() after setting it. This way, a point on curve check is performed and the problem is mitigated. In OpenSSL commit 1e2012b7ff4a5f12273446b281775faa5c8a1858, Emilia Kasper moved the point-on-curve check from EC_POINT_oct2point to EC_POINT_set_affine_coordinates_*, which results in more checking. In addition to this commit, we also check in the currently unused codepath of a user set callback for setting compressed coordinates, just in case this will be used at some point in the future. The documentation of EC_KEY_check_key() is very vague on what it checks and when checks are needed. It could certainly be improved a lot. It's also strange that EC_KEY_set_key() performs no checks, while EC_KEY_set_public_key_affine_coordinates() implicitly calls EC_KEY_check_key(). It's a mess. Issue found and reported by Guido Vranken who also tested an earlier version of this fix. ok jsing | |||||
| 2020-12-03 | grammar fixes from Varik "The Genuine Article!!!" Valefor; | jmc | 3 | -9/+9 | |
| 2020-12-01 | Extend the methods test to cover dtls methods as well | tb | 1 | -1/+57 | |
| 2020-12-01 | Enable ssl_methods unit test. | tb | 1 | -1/+2 | |
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |