| Age | Commit message (Collapse) | Author |
|---|
|
|
|
remove the unused _wait() function in librthread such that we don't have to
add the save/restore sequence there.
Fixed building Python as a race with another thread unlocking a futex(2)
would make futex(2) set errno to EAGAIN which would confuse Python in
beleiving that readdir(2) failed instead of reaching the end of the
directory.
Spotted and tested by tb@
ok bluhm@
|
|
This is an alert that was added in TLSv1.3 - we already use it internally,
but did not provide the SSL_AD_* define previously.
ok tb@
|
|
Rather than having SSL_AD_* as defines that refer to SSL3_AD_* or
TLS1_AD_*, just give them actual values directly since it is more readable
and the indirection provides no value. Place SSL3_AD_* and TLS1_AD_* under
#ifndef LIBRESSL_INTERNAL to prevent further usage.
ok tb@
|
|
After running the preprocessor, this function becomes:
switch (code) {
case 0:
return (0);
case 10:
return (10);
case 20:
return (20);
...
}
Its intended purpose was to prevent SSLv3 alerts being sent from TLS code,
however now that we've removed "no_certificate" from LibreSSL's reach, it
no longer does anything useful.
ok tb@
|
|
ok tb@
|
|
The "no_certificate" alert only existed in SSLv3, while the
"decryption_failed" and "export_restriction" alerts were removed in
TLSv1.1.
ok tb@
|
|
|
|
|
|
from miod; ok millert
while here, knock out an instance of ".Tn"
|
|
RFC 5077. Note that session resumption via session tickets is
only for TLSv1.2 and earlier.
prompted by a question by/ok jmc
|
|
|
|
|
|
|
|
Due to hysterical raisins there are three different types of defines for
alerts. SSL3_AD_* are from SSLv3, TLS1_AD_* are from TLSv1.0 onwards and
SSL_AD_* currently map to either an SSL3_AD_* or TLS1_AD_* define.
Currently, all three of these are used in various places - switch to using
just SSL_AD_* values internally, as a first step in cleaning this up.
ok tb@
|
|
SRTP_AEAD_AES_128_GCM/SRTP_AEAD_AES_256_GCM can be used as DTLS-SRTP
protection profiles - seen with an update of telephony/baresip i'm
working on.
adapted from openssl commit 43e5faa2539ae8aae6ef55be2239b9b1a77fea45
ok tb@ jsing@
|
|
(certificates with the "server auth" trust purpose permitted).
ok tb@
-AC Camerfirma S.A.
- /C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Chambers of Commerce Root - 2008
- /C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Global Chambersign Root - 2008
-
FNMT-RCM
/C=ES/O=FNMT-RCM/OU=AC RAIZ FNMT-RCM
+ /C=ES/O=FNMT-RCM/OU=Ceres/2.5.4.97=VATES-Q2826004J/CN=AC RAIZ FNMT-RCM SERVIDORES SEGUROS
-GeoTrust Inc.
- /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
- /C=US/O=GeoTrust Inc./OU=(c) 2007 GeoTrust Inc. - For authorized use only/CN=GeoTrust Primary Certification Authority - G2
-
GlobalSign nv-sa
+ /C=BE/O=GlobalSign nv-sa/CN=GlobalSign Root E46
+ /C=BE/O=GlobalSign nv-sa/CN=GlobalSign Root R46
/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
Staat der Nederlanden
/C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden EV Root CA
- /C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Root CA - G3
Unizeto Technologies S.A.
/C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA
+ /C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA 2
-
-VeriSign, Inc.
- /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2008 VeriSign, Inc. - For authorized use only/CN=VeriSign Universal Root Certification Authority
(Note, "Staat der Nederlanden Root CA - G3" was changed to email trust only,
so is removed from this due to it only listing "server auth" purposes).
|
|
Use SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER instead.
ok tb@
|
|
This ensures that diff reports the correct function prototype.
Prompted by tb@
|
|
issues on powerpc64 and sparc64.
Note that this makes the lib/libpthread/errno test fail since that test
detects that we are touching errno now. This will be addressed in a
future diff as it is not entirely clear whether the test is correct.
ok mpi@, bluhm@
|
|
Suggested by brad@
|
|
The default alert in the tlsext parsing code is a decode_error, so
there's no need for an error path that only sets that alert.
suggested by/ok jsing
|
|
|
|
On receiving the first flight from the peer, we do not yet know if
we are using TLSv1.3. In particular, we might get an alert record
with record version 0x0300 from a pre-TLSv1.2 peer in response to
our client hello. Ignore the record version instead of sending a
protocol version alert in that situtation. This may also be hit
when talking to a LibreSSL 3.3 server with an illegal SNI.
Part of an issue reported by danj.
ok jsing
|
|
As soon as we know that we're dealing with a TLSv1.3 client, set
the legacy version in the record layer to 0x0303 so that we send
alerts with the correct record version. Previously we would send
early alerts with a record version of 0x0300.
ok jsing
|
|
According to RFC 8422, we must send an illegal_parameter alert on
receiving an ECPF extension that doesn't include the uncompressed
format, not a decode_error.
Reported via GitHub issue #675.
ok jsing
|
|
In libssl.pc, Libs: should not have '-lcrypto', and Requires.private:
should have it as 'libcrypto'.
openssl.pc does not need Libs: and Cflags:, but should have Requires:.
OK millert@
|
|
secure_path(3) hasn't been called since we recognized the TOCTOU issues a few
years back, so we can remove it. Since nothing in the ecosystem calls it, I
am not cranking the libc major as required, surely another crank will come
along soon.
noticed by Dante Catalfamo
ok millert
|
|
years back, so we can remove it. Since nothing in the ecosystem calls it, I
am not cranking the libc major as required, surely another crank will come
along soon.
noticed by Dante Catalfamo
ok millert
|
|
OK bluhm@
|
|
if RTLD_NODELETE isn't POSIX, it is widely deployed: at least linux,
freebsd, dragonfly, netbsd, solaris, illumos, apple, and fuchsia have
it.
ok kettenis@ on previous version
with help from and ok guenther@
diff partially inspired from a diff from brad@
|
|
|
|
While an FQDN includes a trailing dot for the zero-length label of
the root, SNI explicitly does not contain it. Contrary to other TLS
implementations, our tlsext_sni_is_valid_hostname() rejects a trailing
dot. The result is that LibreSSL TLS servers encountering an SNI with
trailing dot abort the connection with an illegal_parameter alert.
This fixes an issue reported by danj in nc(1) and by sthen in ftp(1).
DNS cluebat from florian.
ok jsing
|
|
ok jsing
|
|
This updates the manual to match the change made in 2019.
OK deraadt@
|
|
|
|
data without needing to export the report_desc struct definition.
suggested by and ok anton@
|
|
When converting a long or long long to a double, there may be loss
of precision and clang >= 10 warns about this unless there is a cast.
Add casts to silence this warning - the code is designed to handle
precisely this loss of precision, so this is harmless.
From CheriBSD via FreeBSD
ok millert
|
|
expat uses arc4random_buf(3) as first option if available. Drop
our local patch. Behavior stays the same. Updates will be easier.
Environment variable EXPAT_ENTROPY_DEBUG can be used to check that
arc4random_buf() is really used.
OK sthen@
|
|
OpenBSD are security fixes #34 #466 #484 and other changes #467
#473 #483. A new error number in a public header requires a major
library bump. Two functions have been added to API.
OK tb@
|
|
operation. System calls should return -1 and set errno when they fail.
They should not return an errno value directly. This matches how
the Linux version of futex(2) behaves and what Mesa expects. This fixes
a bug in Mesa where a timeout wouldn't be reported properly.
Technically this is an ABI break. But libc and libpthread were changed
to be compatible with both the old and new ABI, and code outside of base
almost certainly expects Linux compatible behaviour. If you have not
rebuilt libc and the last few days, upgrade using a snap.
Mesa issue discovered by jsg@
ok mpi@, deraadt@
|
|
Unfortunately libc and libpthread rely on the broken behaviour. Adjust
the code in those libraries such that it works with both the old and the
proposed new behaviour. The kernel changes that fix the issue will be
committed in a week or so to give those who do their own builds a chance
to update these libraries before we make the change.
ok mpi@, deraadt@
|
|
EVP_DigestSign{,Init,Update,Final}() and EVP_DigestVerify{Init,Update}()
always returned 1 for success and 0 for failure. EVP_DigestVerify()
and EVP_DigestVerifyFinal() can return -1 or -2, though.
Based on OpenSSL 1.1.1 56c59ddd99da05c2f30832cccaffb873a8481555
ok inoguchi
|
|
To generate current obj_xref.h, third item of lines
id_tc26_signwithdigest_gost3410_2012_256/512 should be id_GostR3410_2001.
obj_xref.txt r1.2 and obj_xref.h r1.3 were committed at the same time,
and these third item were coded different value each other.
This adjusts obj_xref.txt to current obj_xref.h.
ok tb@
|
|
OK mvs@
|
|
|
|
correctly and do not overwrite it in csu.
allows most ld.so regressions to pass
confirmed by jsg@, ok kettenis
|
|
The information contained in SSL_AEAD_CTX really belongs in the
tls12_record_protection struct. Absorb SSL_AEAD_CTX, using more appropriate
types in the process.
ok tb@
|
|
In tls12_record_protection_clear(), rather than zeroing or NULLing
individual fields once a pointer has been freed, zero the entire struct once
the pointers have been dealt with.
ok tb@
|
|
While the implementation needs tls13_internal.h, consumers of
tls13_record.h should not.
|
