summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
* delete expired DST Root CA X3 to work around bugs various librarieslibressl-v3.2.7OPENBSD_6_8deraadt2021-09-301-44/+1
| | | | | | | ok sthen, beck, jsing, tb, etc etc This cannot be issued as an errata/syspatch, because syspatch cannot handle "etc set" changes, but is still worth putting into -stable
* Enable X509_V_FLAG_TRUSTED_FIRST by default in the legacy verifier.deraadt2021-09-301-1/+2
| | | | | | | | | | | | | | In order to work around the expired DST Root CA X3 certficiate, enable X509_V_FLAG_TRUSTED_FIRST in the legacy verifier. This means that the default chain provided by Let's Encrypt will stop at the ISRG Root X1 intermediate, rather than following the DST Root CA X3 intermediate. Note that the new verifier does not suffer from this issue, so only a small number of things will hit this code path. ok millert@ robert@ tb@ this is errata 6.8/032_cert.patch
* Avoid a potential overread in x509_constraints_parse_mailbox()deraadt2021-09-261-5/+9
| | | | | | | | | | | | The length checks need to be >= rather than > in order to ensure the string remains NUL terminated. While here consistently check wi before using it so we have the same idiom throughout this function. Issue reported by GoldBinocle on GitHub. ok deraadt@ tb@ this is 6.8 errata 031
* In LibreSSL, printing a certificate can result in a crash inlibressl-v3.2.6benno2021-08-201-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | X509_CERT_AUX_print(). Commit in -current: CVSROOT: /cvs Module name: src Changes by: schwarze@cvs.openbsd.org 2021/07/10 11:45:16 Modified files: lib/libcrypto/asn1: t_x509a.c Log message: Fix a read buffer overrun in X509_CERT_AUX_print(3), which by implication also affects X509_print(3). The ASN1_STRING_get0_data(3) manual explitely cautions the reader that the data is not necessarily NUL-terminated, and the function X509_alias_set1(3) does not sanitize the data passed into it in any way either, so we must assume the alias->data field is merely a byte array and not necessarily a string in the sense of the C language. I found this bug while writing manual pages for these functions. OK tb@ As an aside, note that the function still produces incomplete and misleading results when the data contains a NUL byte in the middle and that error handling is consistently absent throughout, even though the function provides an "int" return value obviously intended to be 1 for success and 0 for failure, and even though this function is called by another function that also wants to return 1 for success and 0 for failure and even does so in many of its code paths, though not in others. But let's stay focussed. Many things would be nice to have in the wide wild world, but a buffer overflow must not be allowed to remain in our backyard. This is patches/6.8/common/029_x509.patch.sig
* This is errata/6.8/013_libressl.patch.siglibressl-v3.2.4tb2021-02-033-5/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | Various interoperability issues and memory leaks were discovered in libcrypto and libssl. The new verifier is not bug compatible with the old verifier and caused many issues by failing to propagate errors correctly, returning different error codes than some software was trained to expect and otherwise failing when it shouldn't. While much of this is fixed in -current, it's still not perfect, so switching back to the legacy verifier is preferable at this point. Other included fixes: * Unbreak DTLS retransmissions for flights that include a CCS * Only check BIO_should_read() on read and BIO_should_write() on write * Implement autochain for the TLSv1.3 server * Use the legacy verifier for AUTO_CHAIN * Implement exporter for TLSv1.3 * Free alert_data and phh_data in tls13_record_layer_free() * Plug leak in x509_verify_chain_dup() * Free the policy tree in x509_vfy_check_policy() Original commits by jsing and tb ok inoguchi jsing
* Fix a NULL dereference in GENERAL_NAME_cmp()libressl-v3.2.3tb2020-12-086-11/+94
| | | | | | | | | | | | | | Comparing two GENERAL_NAME structures containing an EDIPARTYNAME can lead to a crash. This enables a denial of service attack for an attacker who can control both sides of the comparison. Issue reported to OpenSSL on Nov 9 by David Benjamin. OpenSSL shared the information with us on Dec 1st. Fix from Matt Caswell (OpenSSL) with a few small tweaks. ok jsing this is errata/6.8/008_asn1.patch.sig
* Ensure leaf is set up on X509_STORE_CTX before verification.jsing2020-09-261-9/+7
| | | | | | | | | | | | | Previously the leaf certificate was only being set up on the X509_STORE_CTX after two verification steps were performed, however at least one of those steps could result in the verification callback being triggered and existing code breaking. Issue noticed by Raf Czlonka when attempting to connect to talk.google.com using profanity (which does not set SNI and ends up receiving an invalid certificate). ok beck@ deraadt@ tb@
* jumping into the x509 fray with a bunch of whitespace repairderaadt2020-09-261-6/+6
|
* bump to LibreSSL 3.2.2 ahead of lockbcook2020-09-251-3/+3
| | | | ok tb@
* KNF for a few comments and indent a labeltb2020-09-251-8/+12
|
* Remove some dangling elses for consistency with the rest of the filetb2020-09-251-25/+19
|
* Simplify UI_new_method()tb2020-09-251-10/+4
| | | | | Use calloc() instead of malloc() and setting all members manually to 0. Avoid unnecessary else branch.
* Move variable declaration to the top of UI_set_result and ditchtb2020-09-251-19/+16
| | | | | | a pointless local scope. suggested by jsing
* The default branch of a switch somehow got moved inside of a pointlesstb2020-09-251-3/+3
| | | | | | | | local scope of a case branch. Move it into the proper location. No binary change on amd64. "sure" jsing
* Simplify call to ERR_print_errors_cb()tb2020-09-251-5/+4
| | | | | | | | | There is no reason for print_error()'s third argument to be a UI *. It may just as well be a void * to match what ERR_print_errors_cb() expects. This avoids casting the function pointer. Also, there's no need for a (void *) cast. ok jsing
* Error out if ok_chars and cancel_chars overlaptb2020-09-241-2/+4
| | | | | | | It is a bit silly to push an error on the stack without erroring out, so error out if the ok_chars and cancel_chars overlap. ok jsing
* Fix a number of leaks in the UI_dup_* functionstb2020-09-241-143/+99
| | | | | | | | | | | | | | | | | | | | | | | | | If any of general_allocate_{prompt,string,boolean}() fail, the UI_dup_* functions may leak the strings they strduped beforehand. Instead, use strdup inside these functions, so we can free as necessary. This makes the UI_add_* and UI_dup_* simple wrappers around general_allocate_{string,boolean}() that differ only in passing a Boolean that indicates whether or not to use strdup. Make a general cleanup pass over these functions, simplify the logic and make it overall a bit easier to follow. While there, use strcspn() instead of a handrolled variant. The only changes in behavior are that ERR_R_MALLOC_FAILURE is now pushed onto the stack a bit more often and that UI_dup_input_string() now returns -1 on failure to dup prompt like all the other UI_dup_* functions. This is not a problem since the manual already documents that errors are signaled with <= 0. The only consumer of this function according to Debian's codesearch is libp11, I sent them a PR to fix their (already broken) error handling. Addresses about 10 errors thrown by the LLVM static analyzer in ui/. ok jsing
* Push ERR_R_MALLOC_FAILURE onto the error stacktb2020-09-241-3/+3
| | | | | | | If sk_UI_STRING_new_null() fails, this must be due to a memory error, so signal this to the user. ok jsing
* Make free_strings() NULL safetb2020-09-241-1/+3
| | | | ok jsing
* KNF and grammar tweaks for comments; wrap a few overlong prototypes.tb2020-09-241-163/+188
|
* Ensure chain is set on the X509_STORE_CTX before triggering callback.jsing2020-09-231-12/+39
| | | | | | | | | | | | Various software expects the previous behaviour where the certificate chain is available on the X509_STORE_CTX when the verify callback is triggered. Issue hit by bket@ with lastpass-cli which has built in certificate pinning that is checked via the verify callback. Fix confirmed by bket@. ok beck@
* Fix some line wrapping and other whitespace issues.tb2020-09-211-45/+34
| | | | No change in the generated assembly on amd64.
* Move freeing and zeroing up to right after the while loop.tb2020-09-211-5/+5
| | | | Requested by jsing
* Avoid memleak caused by shadowingtb2020-09-201-2/+5
| | | | | | | | | | | The outer scope in x509_constraints_extract_names() contains a vname variable which will be freed on error, but an inner scope contains another vname that won't be freed, e.g., if x509_constraints_names_add fails. Found by llvm scan-build. ok beck
* KNF/whitespace nitstb2020-09-202-6/+7
|
* Correct a 1 byte read overflow in x509_contraints_uri and addbeck2020-09-201-4/+9
| | | | | | | | regress to catch it in the future. found by Guido Vranken's cryptofuzzer ok tb@
* Fix a memory leak in x509_constraints_extract_namestb2020-09-201-6/+6
| | | | | | | | | | | | | If the default path of the switch is taken, vname will not be added to the names list and will leak when it is set to NULL. Simplify the logic by eliminating the add Boolean. Instead, free and zero vname in the default case and continue the while loop directly. At the bottom of the switch, add vname to the names list unconditionally zero it out since it's now owned by names. Found by Guido Vranken's cryptofuzzer ok beck
* remove superfluous NULL checkbeck2020-09-191-2/+2
| | | | ok tb@
* Fix potential overflow in CN subject line parsing, thanks tobeck2020-09-181-4/+5
| | | | | | | | ASN1_STRING - the gift that keeps on giving. Found by Guido Vranken's cryptofuzzer. ok tb@
* Add a comment saying that the public function NAME_CONSTRAINTS_check(3)schwarze2020-09-171-2/+5
| | | | | is intentionally undocumented and needs to be deprecated. No change of the formatted text.
* Install the new page SSL_set1_host(3), link to it from relevant places,schwarze2020-09-172-10/+14
| | | | | | | and add two other .Xrs that might help readers find their way. Update the merge notices of all files touched and merge a few trivial changes from the OpenSSL 1.1.1 branch. OK tb@
* revert my putting this on a diet. sadly the NAME_CONSTRAINTS_checkbeck2020-09-161-7/+1
| | | | symbol is exposed api and we probably need to deprecate it thoughtfully.
* noop NAME_CONSTRAINTS_check stubinoguchi2020-09-161-4/+5
| | | | | | | | | | | On OSX and Windows platform portable build fails since it can't find NAME_CONSTRAINTS_check. It is still remain in x509v3.h and Symbols.list but '#if 0'ed from x509_ncons.c. In this situation, some platforms appears to get error. Add noop NAME_CONSTRAINTS_check stub to solve this issue. ok beck@
* Make check in x509_verify_ctx_set_max_signatures() consistent with others.jsing2020-09-161-4/+2
| | | | ok beck@
* Dedup code in x509_verify_ctx_new_from_xsc().jsing2020-09-161-14/+7
| | | | | | | Rather than duplicating code, have x509_verify_ctx_new_from_xsc() call x509_verify_ctx_new(), then handle the xsc specific parts. ok beck@
* set error_depth and current_cert to make more legacy callbacks that don't checkbeck2020-09-151-1/+3
| | | | | | happy ok tb@
* Deduplicate the time validation code between the legacy and newbeck2020-09-153-27/+8
| | | | | | verification code. ok jsing@
* ifdef out code that is no longer used in here. once we are certainbeck2020-09-151-2/+5
| | | | | | of staying with the new name constraint code this will be deleted ok jsing@
* simplify RETURN VALUES for x509_verify(3) after beck@ made the rulesschwarze2020-09-141-7/+3
| | | | | simpler and more consistent in x509_verify.c rev. 1.6; OK beck@
* Add initial man page for new x509_verify chain validatorbeck2020-09-141-0/+225
| | | | | | | | | | This may be changed substantially before we enable the public api, as discussions are still happening over it's final form, however after one pass by ingo he would rather this was here and it can be adjusted in tree, but not installed by the makefile until we make this visible ok schwarze@
* Set error if we are given an NULL ctx in x509_verify, and set errorbeck2020-09-141-5/+3
| | | | | | | | to X509_V_ERR_OUT_OF_MEM instead of UNSPECIFIED in chain_append when allocation fails. noticed by ingo@ ok tb@
* nuke a stray spacetb2020-09-141-2/+2
|
* Fix potential leak when tmpext fails to be added tobeck2020-09-141-2/+6
| | | | | | | the extension list. found by llvm static analyzer ok tb@
* remove unneeded variable "type".beck2020-09-141-6/+5
| | | | | Yak for my shaving pleasure found by llvm static analyzer ok tb@
* Don't leak names on successbeck2020-09-141-1/+2
| | | | | found by llvm static analyzer. ok tb@
* remove unneded variable "time1"beck2020-09-141-6/+6
| | | | | noticed by llvm static analyzer ok tb@
* remove unneded variable "time"beck2020-09-141-3/+2
| | | | | noticed by llvm static analyzer ok tb@
* fix bug introduced on review where refactor made it possible tobeck2020-09-141-2/+2
| | | | | | | eat a NULL. found by clang static analyzer ok tb@
* re-enable new x509 chain verifier as the defaultbeck2020-09-141-3/+1
| | | | ok tb@
* Correctly fix double free introduced on review.beck2020-09-142-3/+3
| | | | | | | the roots for a ctx are only freed in the free function, not in the clear function, so that a ctx can be re-used with the same roots. ok tb@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-19 16:40:43 +0000