| Age | Commit message (Collapse) | Author |
|---|
|
Rather than leaking libcrypto defines through the tls_sign_cb and
tls_signer_sign() interfaces, provide and use our own TLS_PADDING_*
defines.
ok inoguchi@ tb@
|
|
The current design of tls_sign_cb provides a pointer to a buffer where the
signature needs to be copied, however it fails to provide a length which
could result in buffer overwrites. Furthermore, tls_signer_sign() is
designed such that it allocates and returns ownership to the caller.
Revise tls_sign_cb so that the called function is expected to allocate a
buffer, returning ownership of the buffer (along with its length) to the
caller of the callback. This makes it far easier (and safer) to implement
a tls_sign_cb callback, plus tls_signer_sign can be directly plugged in
(with an appropriate cast).
While here, rename and reorder some arguments - while we will normally
sign a digest, there is no requirement for this to be the case hence use
'input' and 'input_len'. Move padding (an input) before the outputs and
add some additional bounds/return value checks.
This is technically an API/ABI break that would need a libtls major bump,
however since nothing is using the signer interface (outside of regress),
we'll ride the original minor bump.
With input from tb@
ok inoguchi@ tb@
|
|
we can verify at build time. Track dt_pltgot as an Elf_Addr instead
of an Elf_Addr* to eliminat casts on both setting and using. Set
RELATIVE_RELOC so the ld.so Makefile can verify that it has just
the relocation types we expect.
Nothing depends on archdep.h pulling in other #includes anymore, so delete
the #includes and hide the RELOC_* functions that are only used by lib/csu
behind "#ifdef RCRT0"
Tested with full build.
|
|
Relevant for OpenBSD are security fixes #550 #551 and other changes
#553 (missing in change log). No library bump necessary.
OK millert@
|
|
ok jsing@ tb@
|
|
CID 118976 118979
ok tb@
|
|
CID 24838
comment and ok tb@
|
|
to memcpy() is UB no matter if len is 0.
Reported by fouzhe on openbgpd-portable github page.
OK tb@
|
|
apostrophe.
|
|
Add tls_signer_error to Symbols.list - this was missed during the last
libtls minor bump and can ride along.
ok deraadt@
|
|
|
|
|
|
|
|
|
|
to implement.
Add a tls_config_set_sign_cb() function that allows to register
a callback for the signing operation on a tls_config. When used,
the context installs fake pivate keys internally, and the callback
receives the hash of the public key.
Add a tls_signer_*() set of functions to manage tls_signer objects.
A tls_signer is an opaque structure on which keys are added.
It is used to compute signatures with private keys identified by
their associated public key hash.
Discussed with and ok jsing@ tb@
|
|
to match reality.
spotted by/ok jmc
|
|
spotted by/ok jmc
|
|
If tls13_recod_layer_send_pending() returns TLS13_IO_EOF, we will
bubble this up to the caller via tls13_legacy_return_code(), which
translates TLS13_IO_EOF to 0. This can happen if we have pending
post handshake-handshake data and the peer closes the pipe.
Presumably tls13_legacy_shutdown() should be rewritten yet again.
ok jsing
|
|
If the peer closed the write side of the connection and we have not
yet received the close_notify, SSL_shutdown() makes an extra read to
try and read the peer's close_notify from the pipe. In that situation,
we receive EOF. The legacy stack will return -1 while the TLSv1.3
stack will end up returning 0.
Since the documentation is not super explicit about what should be
done if SSL_shutdown() returns 0, some applications will enter an
infinite loop. The code and documentation indicate that SSL_shutdown()
should only be called once more if it returned 0. Newer versions
of the OpenSSL documentation explicitly say that one should call
SSL_read() if SSL_shutdown() returns 0 in order to retrieve the
close_notify. Doing this would also have avoided this infinite loop.
Reported by Carsten Arzig and bluhm with a test case extracted from the
syslogd tests using IO::Socket::SSL, which has such an infinite loop.
ok bluhm jsing
|
|
to claudio
|
|
ret is used to bubble up an error from ssl3_get_message() and is unused
otherwise. Zap dead store and silly ret = 1; return ret;
ok inoguchi jsing
|
|
'goto fatal_err' so that the illegal_parameter alert is
actually sent in case of X509_get0_pubkey() failure.
ok inoguchi jsing
|
|
If the hostname is too long, tlsext_sni_is_valid_hostname() will fail
without having initialized *is_ip. As a result, the garbage value could
lead to accepting (but otherwise ignoring) overlong and possibly invalid
hostnames without erroring in tlsext_sni_server_parse().
ok inoguchi jsing
|
|
convert to usual form of error checking.
ok inoguchi jsing
|
|
CID 251047 251094
OK beck@ jsing@ millert@ tb@
|
|
CID 250936 251103
OK beck@ jsing@ millert@ tb@
|
|
CID 345116
ok beck@ tb@
|
|
CID 25131
ok beck@ tb@
suggest using X509_REQ_get0_pubkey() and remove the EVP_PKEY_free() from tb@
|
|
ok beck@ tb@
suggest using X509_get0_pubkey() and remove EVP_PKEY_free() from tb@
|
|
ok beck@ tb@
|
|
ok beck@ tb@
|
|
changed the entire tree to use fd_set allocation, and this manpage documented
the "calloc(howmany(max+1, NFDBITS), sizeof(fd_mask))" idiom. Since then we
completed converting the entire tree to poll(2), for many reasons, even ssh/sshd.
Now the use of kernel-only sys/param.h-found howmany() and related macross grate
on me, so it is time to recommend use of poll(2) instead. [On a related note,
MacOS poll(2) is been dangerously broken for many years; that is their problem to
handle as the whole ecosystem joins us in pivoting select -> poll)
ok millert
|
|
Our poll does not use EAGAIN but code needs to handle it for portability.
OK deraadt@ visa@
|
|
Subset of FreeBSD commit 4339c67c485f0b1f7699863fc29f6c06862d1dde:
Moved the optimization for tiny x from __kernel_{cos,sin}[f](x) to
{cos_sin}[f](x) so that x doesn't need to be reclassified in the
"kernel" functions to determine if it is tiny (it still needs to be
reclassified in the cosine case for other reasons that will go away).
...
Parts of the original change were applied separately before.
Suggested by kettenis@
OK mbuhl@, tested by mbuhl@ and phessler@
|
|
The same change was done by NetBSD some time back as:
Disable x87 implementations of sin, cos, tan.
The x87 hardware uses a bad approximation to pi for argument
reduction, and consequently yields bad answers for inputs near pi or
pi/2.
OK mbuhl@, tested by mbuhl@ and phessler@
|
|
The result passes more tests from msun suite. In particular,
testacc(cos, -0.34061437849088045332L, 0.94254960031831729956L,
ALL_STD_EXCEPT, FE_INEXACT);
matches instead of being 1e-16 off.
OK mbuhl@, tested by mbuhl@ and phessler@
|
|
|
|
|
|
... including those inlined into print_dname(). This also fixes
-Wunused-but-set-variable warnings warnings in smtpd and smtpctl.
The code was imported with asr and then copied around.
ok deraadt@ guenther@
|
|
suggestion from tb@
|
|
CID 21653
ok jsing@ millert@ tb@
|
|
input from tb@
|
|
CID 24893
ok jsing@ millert@ tb@
|
|
ok jsing@ millert@ tb@
|
|
CID 24839
ok jsing@ millert@ tb@
|
|
ok jsing@ millert@ tb@
|
|
CID 24778
ok jsing@ millert@ tb@
|
|
ok jsing@ millert@ tb@
|
|
ok jsing@ millert@ tb@
|
|
CID 24812
ok jsing@ millert@ tb@
|
