| Age | Commit message (Collapse) | Author |
|---|
|
arguments, so we have to cope.
|
|
|
|
ok kettenis, some tweaks from jmc
|
|
with {uint offset, uint syscall#} entries in libc & ld.so.
In libc a few syscall# entries (break, sigprocmask, _tfork, _threxit)
are duplicated because additional or inline uses occur (that situation
is handled elsewhere)
ok kettenis
|
|
non-libc users. This is a two-liner macro anyway, and this will make
deraadt@'s future changes in this area easier to make. NFC
|
|
|
|
|
|
malloc option D (aka 1), 2, 3 or 4. No performance impact if not
used. ok asou@
|
|
They make no sense. These are thin wrappers of EVP_*Final_ex() and behave
exactly the same way. The minor behavior difference of Init and Init_ex is
likely a historical artefact of this abomination of an API. Deprecation of
the Init functions was recently removed from the manpage. The only reason
to prefer the _ex versions over the normal versions is ENGINE. This is no
longer an argument.
The warnings were added in an attempt at adding automatic cleanup. This
broke stuff and was therefore backed out. The warnings remained.
discussed with schwarze
|
|
|
|
The commit was about checking EVP_CIPHER_CTX_iv_length(), but the function
called here is EVP_CIPHER_CTX_key_length(). The result of the computation
is still correct, the check and local variable simply make no sense.
|
|
Remove some lies and some irrelevant historical information
about the non_ex variants and waste fewer words deprecating them.
Telling people to type longer function names and to pass an
ignored NULL argument doesn't really help anything.
Also talk less about those ignored ENGINE arguments.
OK tb@
|
|
but it is still excessively long and complicated. To reduce the amount
of distractions a bit, split out three deprecated functions into a new
manual page EVP_CIPHER_CTX_init(3). No text change.
In part suggested by tb@, who agrees with the direction.
|
|
The correct way of wrapping foo() is 'int ret; ret = foo(); return ret;'
because 'return foo();' would be too simple... Also unify branching from
EVP_Cipher* into EVP_Encrypt* EVP_Decrypt*.
|
|
I had to read this for other purposes and it exceeded my muppetry
tolerance.
ok tb@
|
|
This removes the remaining ENGINE members from various internal structs
and functions. Any ENGINE passed into a public API is now completely
ignored functions returning an ENGINE always return NULL.
ok jsing
|
|
Add explanatory comments that refer to the spec so that all the weird
dances make a little more sense. It turns out that this implmeentation
only supports block ciphers with block sizes of 64 and 128 bits, so
enforce this with a check.
Simplify make_kn() to make a little more sense and make it constant
time. Some stylistic fixes like checking pointers explicitly against
NULL and shuffle things into an order that makes a bit more sense.
Includes a fix for a warning reported by Viktor Szakats in
https://github.com/libressl/portable/issues/926
ok jsing
|
|
This was previously the only user of OBJ_bsearch_ssl_cipher_id(), which
in turn is the one remaining user of OBJ_bsearch_() outside of libcrypto.
OBJ_bsearch_() is OpenSSL's idiosyncratic reimplementation of ANSI C89's
bsearch(). Since this used to be hidden behind macro insanity, the result
was three inscrutable layers of comparison functions.
It is much simpler and cleaner to use the standard API. Move all the code
to s3_lib.c, since it's ony used there.
In a few further diffs, OBJ_bsearch_() will be removed from libcrypto.
Unfortunately, we'll need to keep OBJ_bsearch_ex(), because it is
exposed via sk_find_ex(), which is exposed by M2Crypto...
ok jsing
|
|
While the cipher id is effectively a 32-bit value, someone decided that
it should be represented by a long in various internal structs, whose
mameber is passed as id. So use a long because of this and also to make
an upcoming diff simpler.
ok jsing
|
|
If memory allocation of s->init_buf fails in ssl3_setup_init_buffer()
during downgrade to the legacy stack, the legacy state machine would
resume with an incorrectly set up SSL, resulting in a NULL dereference.
The fix is to switch to the legacy method only after the SSL is fully
set up. There is a second part to this fix, which will be committed
once we manage to agree on the color of the bikeshed.
Detailed analysis and patch from Masaru Masuda, many thanks!
https://github.com/libressl/openbsd/issues/146
ok jsing
|
|
|
|
ok sthen
New Roots for existing CA:
/CN=Atos TrustedRoot Root CA ECC TLS 2021/O=Atos/C=DE
/CN=Atos TrustedRoot Root CA RSA TLS 2021/O=Atos/C=DE
New CA:
BEIJING CERTIFICATE AUTHORITY
/C=CN/O=BEIJING CERTIFICATE AUTHORITY/CN=BJCA Global Root CA1
/C=CN/O=BEIJING CERTIFICATE AUTHORITY/CN=BJCA Global Root CA2
Two E-Tugra roots were removed due to a breach:
/C=TR/L=Ankara/O=E-Tugra EBG A.S./OU=E-Tugra Trust Center/CN=E-Tugra Global Root CA ECC v3
/C=TR/L=Ankara/O=E-Tugra EBG A.S./OU=E-Tugra Trust Center/CN=E-Tugra Global Root CA RSA v3
https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A
Removed expired root:
/C=HK/O=Hongkong Post/CN=Hongkong Post Root CA 1
Removed expired CA:
SECOM Trust.net
/C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1
New CA:
Sectigo Limited
/C=GB/O=Sectigo Limited/CN=Sectigo Public Server Authentication Root E46
/C=GB/O=Sectigo Limited/CN=Sectigo Public Server Authentication Root R46
New roots for existing CA:
/C=US/O=SSL Corporation/CN=SSL.com TLS ECC Root CA 2022
/C=US/O=SSL Corporation/CN=SSL.com TLS RSA Root CA 2022
|
|
x509_prn.c r1.6 changed the output of 'openssl -in foo.pem -noout -text'
by removing trailing whitespace from non-critical certificate extensions.
Committing the difference now to reduces noise in an upcoming diff.
There's some trailing whitespace remaining. That's because we try to print
a BMPString in an User Notice's Explicit Text with "%*s". That doesn't work
so well with an encoding full of NULs...
|
|
|
|
|
|
It was left alone and forlorn in the middle of other nonsense. Since there
is only one caller (the OBJ_bsearch_ stupidity), it can be static and there
is no need to prototype it in ssl_local.h.
|
|
from Ryan Kavanagh (rak [at] debian [dot] org), ok tb@
|
|
ok jsing
|
|
This way it doesn't do nonsensical work for all those who cargo culted an
init sequence. There's no point in having SSL_library_init() as a cheaper
version of OPENSSL_init_ssl(): once you do crypto, you'll init crypto...
Also move the now trivial implementation to ssl_init.c which has a good
license.
ok jsing
|
|
It's pointless: all the ciphers and digests added by SSL_library_init()
are already added by OPENSSL_init_crypto(), which was already called at
that point.
ok jsing
|
|
Its current position makes no sense and it will become a wrapper of the
latter in a subsequent commit.
ok jsing
|
|
Otherwise gethostbyname(3) returns stack garbage when it is called
with an invalid host name, indicating success.
Problem observed in segfaulting ifconfig(8) by bluhm.
|
|
|
|
Instead of printing to a temporary buffer with weird gymnastics, we can
simply write things out to the BIO using proper indent. This still isn't
perfect since we have a CBS version of this in ecx_buf_print(), which is
basically what used to be ASN1_buf_print(). Annotate this with an XXX for
future cleanup.
ok beck
|
|
If the offset is > 124, this function would overwrite between 1 and 5 bytes
of stack space after str[128]. So for a quick fix extend the buffer by 5
bytes. Obviously this is the permanent fix chosen elswehere. The proper fix
will be to rewrite this function from scratch.
Reported in detail by Masaru Masuda, many thanks!
Fixes https://github.com/libressl/openbsd/issues/145
begrudging ok from beck
|
|
localhost is not a valid IP address and so getaddrinfo(3) has to fail.
Found by anton in pfctl & ipsecctl regress.
OK anton
|
|
RFC 6761, 6.3 Domain Name Reservation Considerations for "localhost.":
3. Name resolution APIs and libraries SHOULD recognize localhost
names as special and SHOULD always return the IP loopback address
for address queries and negative responses for all other query
types. Name resolution APIs SHOULD NOT send queries for
localhost names to their configured caching DNS server(s).
This makes sure that the getaddrinfo(3) and gethostbyname(3) family of
functions always return the loopback address and do not send queries
to name servers. This includes "localhost", "localhost." and
everything under ".localhost" and ".localhost.".
For example, a host underneath the .com.ar zone will per default have
a search list of "com.ar.". resolv.conf(5) has a default of "lookup
bind file". Both combined will result in lookups for "localhost" to
not return 127.0.0.1 because localhost.com.ar is registered in DNS.
It has been known for decades that this is a problem, especially for
localhost.
Problem recently spotted by gonzalo@ and debugged by sthen@
Testing sthen, gonzalo
Input & OK phessler, eric, millert
OK sthen, kn, deraadt
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
As usual, a few manual fixes to avoid duplicate lines.
ok jsing
|
|
This allows us to simplify ssl_do_client_cert_cb() a bit.
ok jsing
|
|
|
|
This is mechanical apart from a few manual edits to avoid doubled empty
lines.
ok jsing
|
|
This includes a manual intervention for the call to EVP_PKEY_meth_find()
which ended up in the middle of nowhere.
ok jsing
|
