| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
logic in the rtr process. It does not implement the new RTR messages yet
but it is possible to specify an aspa-set in the config. Also the validation
code in the RDE is missing so this does not do anything.
With this in it will be possible to extend rpki-client to publish an
aspa-set as part of the openbgpd config file.
OK tb@
|
|
discussed with schwarze
|
|
ok schwarze
|
|
|
|
|
|
stack growth from setrlimit was never updated to set UVM_ET_STACK on
the entries, so the check-sp-at-system-call check failed. Quite strange
it took this long to find this.
ok kettenis
|
|
concerning arithmetic in Galois fields of power-of-2 order
|
|
by libkvm and procmap(8). struct mutex can change based upon kernel
compile options, and the fields were dancing around
ok kettenis
|
|
Turns out that after ~40 years of practice I still can't do addition
with carry correctly :S
|
|
things.
|
|
OK tb@
|
|
If the operator specifies the '-H' option once (or more) followed by a FQDN,
the utility will *only* connect to those hosts and skip all others.
OK claudio@ tb@
|
|
|
|
Generate random signatures of random messages and verify them. Then check
that the signature modified by adding the edwards25519 group order to the
upper half are rejected. This would not always be accepted without the
check in curve25519.c r1.14, but often enough that a few iterations suffice
to expose the missing check.
|
|
Add a check that ensures that the upper half s of an Ed25519 signature is
bounded by the group order, i.e, 0 <= s < order. This is required by the
Verify procedure in RFC 8032, section 5.1.7, step 1, and prevents simple
modifications of signatures such as adding (a multiple of) the group order
to the upper half of the signature.
Found with EdDSA testcase 63 of project Wycheproof.
ok beck jsing
|
|
the entries, so the check-sp-at-system-call check failed. Quite strange
it took this long to find this.
ok kettenis
|
|
|
|
Programs assume that a successful call to getaddrinfo(3) validates the
input as "safe", but that's not true. Characters like '$', '`', '\n'
or '*' can traverse the DNS without problems, but have special
meaning, for example a shell.
There is a function res_hnok() already in libc, but it validates if a
string is a host name, which is too strict in practice. For example
foo-.example.com is not a valid host name, but is used on the
Internet.
Posix has this to say:
"The getaddrinfo() function shall translate the name of a service
location (for example, a host name)"
It hints that the input should be a host name, but it does not
restrict it to it.
This introduces a function hnok_lenient() which restricts the input to
getaddrinfo(3) to the set [A-z0-9-_.]. Additionally two consecutive
dots ('.') are not allowed nor can the string start with - or '.'.
glibc introduced a similar restriction years ago, so this should not
cause problems.
It has been known in the DNS community for years, probably decades
that getaddrinfo(3) is too lenient what it accepts, but it has always
been kicked down the road as "not a DNS problem". Unfortunately this
information never made it out of the DNS community and no coordinated
effort happened to have this addressed in operating systems.
David Leadbeater recently demonstrated how ssh(1) and ftp(1) are too
trusting with what getaddrinfo(3) accepts. Both have been fixed
independently of this.
Input deraadt, eric
OK millert, deraadt
|
|
The pattern matches the printed CPU_IMPL_APPLE name as in:
cpu0 at mainbus0 mpidr 0: Apple Icestorm Pro r2p0
cpu0 at mainbus0 mpidr 0: Apple Blizzard r1p0
ok deraadt@ afresh@ kettenis@
|
|
these sections like ld.bfd(1)
e.g:
add.c(add.o:(add)): warning: sprintf() is often misused, please use snprintf()
add.c(add.o:(add)): warning: strcpy() is almost always misused, please use strlcpy()
add.c(add.o:(add)): warning: strcat() is almost always misused, please use strlcat()
ok deraadt@
|
|
|
|
ok hackroom
tested by plenty
|
|
There are some possible strange side effects noticed by the
openssl cms regress tests that I missed. Backing this out
until I untangle it
ok tb@
|
|
|
|
uppercase.
While here use the correct idiom of casting to unsigned char.
OK millert, farewell to ultrix deraadt
|
|
and BN_X931_generate_Xpq as intentionally undocumented because
they are unused outside OpenSSL/LibreSSL and deprecated in OpenSSL 3.0
|
|
and X509_STORE_set_verify(3) and document X509_STORE_get_verify(3)
which tb@ all provided with x509_vfy.h revisions 1.48 and 1.49
|
|
which tb@ provided with x509_vfy.h revisions 1.48 and 1.49
|
|
It appears to be intended for internal use by DSA_do_verify(3) and using
codesearch.debian.net, i found nothing outside OpenSSL/LibreSSL using it.
In April 2018, jsing@ questioned whether the five related functions
BN_mod_exp_mont() and friends should even be exposed by <openssl/bn.h>,
so we decided to not document them. Now tb@ agrees that there is no
reason to document BN_mod_exp2_mont() as long as we don't want to
document BN_mod_exp_mont().
|
|
OK claudio@
|
|
|
|
|
|
A lot of code depends on a eui64 address to be present. So revert this
bit of the last commit.
OK florian@
|
|
|
|
panics [1].
1. https://marc.info/?l=openbsd-bugs&m=165012301707403&w=2
from Leo Larnack <leo at pseven.xyz>
ok kn@ mpi@
|
|
|
|
The global interface group list is also protected by the net lock and all
access to it (all within if.c) take it accordingly.
Getting all
- members of a group (SIOCGIFGMEMB),
- attributes of a group (SIOCGIFGATTR),
- groups (SIOCGIFGLIST)
are each read-only operations on the global interface group `ifg_head'.
The global interface list `ifnetlist' or its per-interface group lists are
not used in these ioctls.
OK mvs
|
|
As netintro(4) explains, this copies a bunch of data from the global
interface list as well as its per-interface address lists.
All of this is never written to by ifconf(), protected by the net lock
and documented as such in the struct comments already.
OK mvs
|
|
The per-interface group list is protected by the net lock and already
documented as such.
The global interface group list `ifg_head' is also protected by the net
lock and all access to it (all within if.c) take it accordingly.
Feedback OK mvs
|
|
|
|
|
|
|
|
|
|
ok tb@
|
|
OK deraadt@ kettenis@
|
|
|
|
Fixes unexpected delays that have occurred with mips64 clock(4).
|
|
No longer require IFF_MULTICAST for all interfaces. It is save to skip
this for interfaces that don't require a ND cache. Also do not assign a
link-local address in such cases. This affects point-to-point interfaces
and the NBMA / point-to-multipoint interfaces like mpe(4), mgre(4) and wg(4).
The NBMA interfaces need some alternative way to figure out the address
mapping. In the end this allows non-multicast interfaces to work with IPv6.
OK dlg@ kn@
|
