summaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2021-01-07Rename two local variables ssl to s for consistencyTheo Buehler
In our tls13_* files, we use SSL *s for local variables and SSL *ssl for function arguments. This is odd, but probably the result of finger memory. We intended to use ssl everywhere. Be that as it may, all local variables except in two functions ended up being called s, so align the two outliers with that. As noted by jsing, this is not ideal either as in tls13_legacy_servername_process() the ssl_ctx is now inconsistent. Renaming all s to ssl is a substantial amount of unnecessary churn at a moment that isn't ideal, so we have to live with that. ok bcook inoguchi jsing
2021-01-07Make tls12_record_layer_free() NULL safe.Joel Sing
This is not an issue currently, but avoids future surprises. Noted by tb@
2021-01-07Move the read MAC key into the TLSv1.2 record layer.Joel Sing
ok inoguchi@ tb@
2021-01-07sleep(3): don't bypass nanosleep(2) if seconds is zerocheloha
sleep(3) does not call nanosleep(2) if seconds is zero. This is bad. As a simplified interface to nanosleep(2), sleep(3) should delegate all decisions about whether or not to yield the CPU to nanosleep(2). This patch removes the nanosleep(2) bypass from sleep(3). This means that this code: sleep(0); will block for up to 1 tick, just like the equivalent nanosleep(2) call. Neither FreeBSD nor NetBSD bypass nanosleep(2) in the zero case, so this commit brings our sleep(3) closer to theirs in behavior. As an added bonus, sleep(3) will now *always* appear in a ktrace(1) as a call to nanosleep(2). ok millert@
2021-01-06Use tls13_secret_{init,cleanup}() for the finished_keyTheo Buehler
This trades an array on the stack for a dynamically allocated secret in tls13_{client,server}_finished_send() but has the benefit of wiping out an intermediate secret on function exit. ok jsing
2021-01-06Fix two issues related to thread private data in asr.Otto Moerbeek
- setting up asr in single thread mode and then starting threads using asr would lead to multiple threads sharing the same resolver. - destruction of a thread that has been using asr would leak data. Problem originally reported by Alexey Sokolov and Uli Schlachter. ok kettenis@
2021-01-05Avoid local variable in tls13_secret_init().Theo Buehler
suggested by jsing
2021-01-05Convert tls13_record_layer.c to tls13_secret_{init,cleanup}()Theo Buehler
ok jsing
2021-01-05Convert tls13_exporter() to tls13_secret_{init,cleanup}()Theo Buehler
ok jsing
2021-01-05Use KNF for licence commentTheo Buehler
ok jsing
2021-01-05Move tls13_secrets_destroy() below _create()Theo Buehler
ok jsing
2021-01-05Convert tls13_secrets_{create,destroy}() to tls13_secret_{init,cleanup}()Theo Buehler
ok jsing
2021-01-05Add tls13_secret_{init,cleanup}()Theo Buehler
These are two functions that will help streamlining various functions in the TLSv1.3 code that do not need to know about the interna of this struct. input/ok jsing
2021-01-05Fix indent.Joel Sing
2021-01-05Use consistent names in tls13_{client,server}_finished_{recv,send}().Joel Sing
In tls13_{client,server}_finished_recv() we use verify_data_len, which makes more sense than hmac_len. Use the same name in tls13_{client,server}_finished_send(), keeping things consistent between functions. ok tb@
2021-01-05Use legacy verifier when building auto chains.Joel Sing
The new verifier builds all chains, starting with the shortest possible path. It also does not currently return partial chains. Both of these things conflict with auto chain, where we want to build the longest possible chain (to include all intermediates, and probably the root unnecessarily), as well as using an incomplete chain when a trusted chain is not known. Depending on software configuration, we can end up building a chain consisting only of a leaf certificate, rather than a longer chain. This results in auto chain not including intermediates, which is undesireable. For now, switch auto chain building to use the legacy verifier. This should resolve the issues encountered by ajacoutot@ with sendmail. ok tb@
2021-01-05Handle X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE in new verifier.Joel Sing
Yet another mostly meaningless error value... Noted by and ok tb@
2021-01-05Gracefully handle root certificates being both trusted and untrusted.Joel Sing
When a certificate (namely a root) is specified as both a trusted and untrusted certificate, the new verifier will find multiple chains - the first being back to the trusted root certificate and a second via the root that is untrusted, followed by the trusted root certificate. This situation can be triggered by a server that (unnecessarily) includes the root certificate in its certificate list. While this validates correctly (using the first chain), it means that we encounter a failure while building the second chain due to the root certificate already being in the chain. When this occurs we call the verify callback indicating a bad certificate. Some sensitive software (including bacula and icinga), treat this single bad chain callback as terminal, even though we successfully verify the certificate. Avoid this problem by simply dumping the chain if we encounter a situation where the certificate is already in the chain and also a trusted root - we'll have already picked up the trusted root as a shorter path. Issue with icinga2 initially reported by Theodore Wynnychenko. Fix tested by sthen@ for both bacula and icinga2. ok tb@
2021-01-05Remove memset that was made redundant with the ASN1_time_parse()Theo Buehler
fix in libcrypto/asn1/a_time_tm.c r1.16. Suggested by jsing
2021-01-05double word fix; from martin vahlensieckJason McIntyre
2021-01-04whitespaceTheo Buehler
2021-01-04Keep the various free calls of tls13_record_layer_free() in theTheo Buehler
order of the struct members for reviewability. ok jsing
2021-01-03Make consistent reference to pathname.rob
OK schwarze@, jmc@, deraadt@
2021-01-03Make CHIN() Boolean-valued and use this to turn an expression with aTheo Buehler
quintuple negation into one with a simple negation. From miod, ok millert
2021-01-03Turn macros into inline functions so that there is no need to document inTheo Buehler
comments that they will evaluate their arguments multiple times. From miod, ok millert
2021-01-02Remove two now-unused functions; a result of the categories removal.Todd C. Miller
From miod@, OK tb@
2021-01-02Move Makefiles for libc++ and libc++abi to gnu/lib in preparation for anPatrick Wildt
upcoming update to those, which will see both codebases heading into the gnu/llvm dumpster. Feedback from jsg@ ok deraadt@ kettenis@
2021-01-02Tweak previous:Ingo Schwarze
* Do not abuse .Bl -tag for lists without bodies, use .Bl -item instead. * In tagged lists, put bodies into bodies, not into heads. * Add a few missing macros. * Drop some useless quoting.
2021-01-02Make list of DHE parameters more prominentkn
Follow the previous commit and complete the manual page for consistency; better readable and tags for free. OK tb
2021-01-02Free {alert,phh}_data in tls13_record_layer_free()Theo Buehler
httpd(8)'s incorrect tls_close() after closing the underlying socket led to a leak: tls_close()'s attempt to send out the close_notify won't work very well over a closed pipe. This resulted in alert_data still hanging off the TLSv1.3 context's record layer struct. The tls_free() call should have cleaned this up but failed to do so. The record layer's phh_data potentially has the same issue, so free it as well. This diff makes -current httpd(8) run in constant memory over hundreds of thousands TLS connections with a static site. ok inoguchi jsing
2021-01-02Remove libunwind 8.0.0 now that we switched to libunwind 11.0.0 in thePatrick Wildt
gnu/ directory.
2021-01-02Switch libc++ and libc++abi to use libunwind 11.0.0. Bump major for bothPatrick Wildt
libraries due to dynamic export additions and removals in libc++abi. Tested by kettenis@, visa@ and myself ok kettenis@
2018-09-11import of libunwind 6.0.0Robert Nagy
2016-09-03Import libunwind 3.9.0Patrick Wildt
2021-01-02Whitespace.rob
OK martijn@
2020-12-31More regular error handling with the REQUIRE macro.Todd C. Miller
Changing it from ((condition) || function call) to an if() wrapped in a do/while is easier to read and more stylistically consistent. The seterr() function no longer needs to return a value. From miod@, OK tb@
2020-12-31Remove unused categories in re_guts; they are written to but never read.Todd C. Miller
From miod@, OK tb@
2020-12-31Strings in struct parse can be const, they are never modified.Todd C. Miller
Also, the temporary array in nonnewline() can be made static const. From miod@, OK tb@
2020-12-30getifaddrs() can return entries where ifa_addr is NULL. Check for thisSebastian Benoit
before accessing anything in ifa_addr. ok claudio@
2020-12-30Make the list of supported protocols more prominentkn
Manuals like httpd.conf(5) refer to this for valid protocol strings, but elements inlined into sentences are hard find to spot. Use a list as already done elsewhere in this manual. OK jmc on earlier version Feeback OK tb
2020-12-30regcomp.c uses the "start + count < end" idiom to check that there areTheo Buehler
"count" bytes available in an array of char "start" and "end" both point to. This is fine, unless "start + count" goes beyond the last element of the array. In this case, pedantic interpretation of the C standard makes the comparison of such a pointer against "end" undefined, and optimizers from hell will happily remove as much code as possible because of this. An example of this occurs in regcomp.c's bothcases(), which defines bracket[3], sets "next" to "bracket" and "end" to "bracket + 2". Then it invokes p_bracket(), which starts with "if (p->next + 5 < p->end)"... Because bothcases() and p_bracket() are static functions in regcomp.c, there is a real risk of miscompilation if aggressive inlining happens. The following diff rewrites the "start + count < end" constructs into "end - start > count". Assuming "end" and "start" are always pointing in the array (such as "bracket[3]" above), "end - start" is well-defined and can be compared without trouble. As a bonus, MORE2() implies MORE() therefore SEETWO() can be simplified a bit. from miod, ok millert
2020-12-30Constify the strings in regerror.c and make use of the strlcpy()Theo Buehler
return value to avoid a redundant strlen() call. from miod, ok millert
2020-12-30cclasses[] multis field is always an empty string. Remove it and codeTheo Buehler
dealing with it. This code was incomplete anyway. from miod, ok millert
2020-12-30Constify the strings in cnames[]. No functional change.Theo Buehler
from miod, ok millert
2020-12-29Allocate new buffer space based on requested need.rob
OK martijn@
2020-12-29Remove unnecessary assignment.rob
OK martijn@
2020-12-29Update libexpat to 2.2.10. Relevant are only bug fixes #390 #395Alexander Bluhm
#398 #404 #405 and other changes #354 #355 #412. OK deraadt@
2020-12-29Document kern.video.record.Marcus Glocker
With help/input from jmc@ and kn@. ok jmc@
2020-12-28Fix an off-by-one error in the marking of the O_CH operator followingTodd C. Miller
an OOR2 operator. Also includes a regress test for the issue. From FreeBSD via miod@
2020-12-22Destroy the mutex in tls_config objects when tls_config_free is called.Brent Cook
Add a stub for pthread_mutex_destroy() for installers. ok tb@