| Age | Commit message (Collapse) | Author |
|---|
|
hopefully remove it completely - nothing in LibreSSL should be making use
of any of these defines.
|
|
that use AEAD instead of a MAC. This allows for TLSv1.2 AEAD ciphers
(effectively the only ciphers that are still considered to be secure) to be
selected using TLSv1.2+AEAD as a cipher string.
ok bcook@ doug@ miod@
|
|
|
|
ok millert@, tobiasu@
|
|
ok nicm@
|
|
suite uses ephemeral keys. This avoids an issue where an ECHDE cipher suite can
effectively be downgraded to ECDH, if the server omits the ServerKeyExchange
message and has provided a certificate with an ECC public key.
Issue reported to OpenSSL by Karthikeyan Bhargavan.
Based on OpenSSL.
Fixes CVE-2014-3572.
ok beck@
|
|
similar changes in FreeBSD a few years ago.
|
|
|
|
jail may inadvertanly allow a process to escape. Also mention the
problem of directory fd passing. Based on a diff from deraadt@
|
|
No change to generated assembly.
|
|
|
|
|
|
specifying a file. This enables CA verification in privsep'ed
processes that are running chroot'ed without direct access to the
certificate files.
With feedback, tests, and OK from bluhm@
|
|
access to the certificates. SSL_CTX_load_verify_mem() is a frontend
to the new X509_STORE_load_mem() function that allows to load the CA
chain from a memory buffer that is holding the PEM-encoded files.
This function allows to handle the verification in privsep'ed code.
Adopted for LibreSSL based on older code from relayd (by pyr@ and myself)
With feedback and OK bluhm@
|
|
instead of disk. OpenSSL didn't provide a built-in API from loading
certificates in a chroot'ed process that doesn't have direct access to
the files. X509_STORE_load_mem() provides a new backend that will be
used by libssl and libtls to implement such privsep-friendly
functionality.
Adopted for LibreSSL based on older code from relayd (by pyr@ and myself)
With feedback and OK bluhm@
|
|
Change the runtime check for whether a long is smaller than a pointer to a
compile-time check. Replace the silly hash for LLP64 platforms.
ok tedu@
|
|
doing so.
|
|
information also makes it through. This is a compromise to cope with
the absolutely ridiculous setprogname() API.
ok various discussions
|
|
There were four bugs fixed by this patch:
* dtls1_buffer_record() now frees rdata->rbuf.buf on error. Since
s->s3->rbuf was memset, rdata->rbuf is the only pointer left which
points to the old rbuf. On error, rdata is freed so there will not
be any way of freeing this memory unless we do it here.
* Changed the return code of dtls1_buffer_record() to differentiate
between queue full (0) and error (-1). See below as this differs
from upstream.
* Handle errors if calls to dtls1_buffer_record() fail with -1.
Previously, it did not check the return value.
* Changed the way receipts are recorded. Previously, it was recorded
when processed successfully (whether buffered or not) in
dtls1_process_record(). Now, it records when it is handled in
dtls1_get_record(): either when it is entered into the queue to buffer
for the next epoch or when it is processed directly. Processing
buffered records does not add a receipt because it needed one in
order to get into the queue.
The above bugs combined contributed to an eventual DoS through memory
exhaustion. The memory leak came from dtls1_buffer_record()'s error
handling. The error handling can be triggered by a duplicate record
or malloc failure. It was possible to add duplicate records because
they were not being dropped. The faulty receipts logic did not detect
replays when dealing with records for the next epoch. Additionally,
dtls1_buffer_record()'s return value was not checked so an attacker
could send repeated replay records for the next epoch.
Reported to OpenSSL by Chris Mueller.
Patch based on OpenSSL commit 103b171d8fc282ef435f8de9afbf7782e312961f
and BoringSSL commit 44e2709cd65fbd2172b9516c79e56f1875f60300.
Our patch matches BoringSSL's commit. OpenSSL returns 0 when the queue
is full or when malloc() or pitem_new() fails. They return -1 on error
including !ssl3_setup_buffers() which is another failure to allocate
memory.
BoringSSL and LibreSSL changed the return code for dtls1_buffer_record()
to be 1 on success, 0 when the queue is full and -1 on error.
input + ok bcook@, jsing@
|
|
delete <sys/param.h> if now possible
ok guenther
|
|
Suggested by deraadt@
|
|
OK jmc@ guenther@
|
|
ok deraadt@
|
|
description.
|
|
Also correct the string version of error 0. OK guenther@
|
|
The latest NetBSD (6.1.5) arc4random does not appear to reseed the CRNG state
after a fork, so provide an override until the fork-safe version in CVS appears
in a release.
These are the same as the FreeBSD shims.
ok deraadt@
|
|
description.
|
|
|
|
reportID because the kernel skips it.
Problem reported and fix tested by Benjamin Baier.
|
|
1. it's not a bug; it's a caveat.
2. "slightly unsafe" gives me the willies.
3. one .Xr to malloc should suffice
ok deraadt jmc
|
|
|
|
|
|
otherwise we end up needlessly replacing a NUL with a NUL.
OK deraadt@
|
|
|
|
OK deraadt@
|
|
review by millert, binary checking process with doug, concept with guenther
|
|
using the name of relayd relay or smtpd pki, use a 32 byte arc4random
buffer that should be unique for the context. This fixes an issue in
OpenSMTPD when a long pki name could break the configuration.
OK gilles@ benno@
|
|
ok guenther millert doug
|
|
errbuf needs to hold at least PCAP_ERRBUF_SIZE chars.
|
|
public pcap_* functions that use errbuf. Mainline libpcap also uses
"errbuf" for pcap_create().
No object file change.
|
|
|
|
file change.
|
|
pcap_cleanup_bpf() to disable monitor mode on 802.11 devices.
feedback blambert@
ok deraadt@ mikeb@ millert@
|
|
since yesterday, "mandoc -Tlint -Wfatal" can no longer fail.
Instead, as suggested by deraadt@, provide a manlint target
that is *not* run during make build, but can be run
whenever you want to check syntax of manuals.
"nice stuff" deraadt@
|
|
|
|
|
|
|
|
ok tedu@
|
|
OK deraadt@ djm@
|
|
other systems to fit into the same mold, so add copyright
|
