IABSD.fr/src/lib

Branch :


Log

Author Commit Date CI Message
c701dc03 2024-08-27 01:19:27 cms_att.c: tidy includes and add x509_local.h for upcoming change
40e63673 2024-08-26 22:01:28 replace atoi(3) usage with strtonum(3); ok/tweaks tb@
1e10d066 2024-08-26 22:00:47 replace strtol(3) usage with strtonum(3); idea/ok/tweaks tb@
eff908c2 2024-08-26 13:57:34 Replace recallocarray() with a realloc() + memset() combo. recallocarray(), with its guarantee that memory becoming unallocated is explicitly discarded, is too slow. In rpki-client forming one particular ibuf takes more then 4mins because every recallocarray() call ends up doing a fresh malloc + memcpy + freezero call. For sensitive data use ibuf_open() instead of ibuf_dynamic() to avoid any memory reallocations. OK tb@
46a25271 2024-08-24 19:31:09 More precision on what exactly OCSP_id_cmp and OCSP_issuer_id_cmp compare. The existing description was lacking and incorrect, respectively.
b6c247c1 2024-08-24 12:08:49 conf_def.c: add two trailing commas
fc09b128 2024-08-24 09:23:09 X509at_get_attr: zap trailing comma. reminded by mandoc -Tlint
a9d2f0ce 2024-08-24 09:15:36 LibreSSL no longer supports adding X.501 attributes to an EVP_PKEY Remove the corresponding documentation.
46c79823 2024-08-24 07:51:19 Switch UI_UTIL_read_pw* to LCRYPTO_UNUSED() ok jsing
82859680 2024-08-24 07:50:23 Neuter the completely broken UI_UTIL_read_pw* API Return 0 on success, return <= 0 on failure. Sigh. In particular, if an allocation failed, the password that no one entered was considered valid. ok jsing
3b161766 2024-08-24 07:48:37 Remove documentation of UI_UTIL_read_pw* According to some, a fail-open password verification function is par for the course for libcrypto. Unfortunately, we have been recommending its use over similarly named EVP functions after what amounted to a coin toss a few years back. Luckily enough, no one followed that advice and we can soon remove this API for good.
94b44fb8 2024-08-23 15:10:40 Fix some program names that were not expanded correctly when ncurses was updated and were instead replaced by ?. ok millert
d2f31222 2024-08-22 12:26:01 PKCS12_create(3): remove Xr to EVP_PKEY_add1_attr(3) This API family has been neutered and will be removed in the next bump. Further cross references will be untangled in the future.
ce6bee98 2024-08-22 12:24:24 Garbage collect unused attributes member from EVP_PKEY ok miod
e12df184 2024-08-22 12:22:42 Remove copy_bag_attr() It is no longer possible to set an attribute on an EVP_PKEY, so this code is dead. ok miod
2f15dad5 2024-08-22 12:21:07 Neuter EVP_PKEY_add1_attr_by_NID() The last consumer in openssl(1) pkcs12 has been removed, so we no longer need this function. ok miod
d1f9129b 2024-08-21 05:53:10 Make sure ai_canonname is set when AI_CANONNAME was requested. We document, and posix requires, to return a NUL-terminated string on a successful call to getaddrinfo(3) when AI_CANONNAME was set. If the canonical name cannot be determined, return the node name as suggested by posix. OK guenther
ff9a56be 2024-08-18 17:50:10 conf_def.c: shuffle things into a slightly more sensible Reduces upcoming diffs and avoids annoying prototypes.
41af09dc 2024-08-18 11:04:55 Remove documentation for X509_REQ_[gs]et_extension_nids These functions have been disabled for a while and they will be removed in the next major bump.
076a4f8b 2024-08-18 02:25:51 Use struct __sFILE instead of FILE in thread locking callback declarations to reduce <stdio.h> pollution. Declare __isthreaded in thread_private.h where it's really needed. ok deraadt@
909e7910 2024-08-18 02:22:29 Adjust locale/rune*.h files so <stdio.h> and <wchar.h> get pulled into fewer files that don't need them. ok deraadt@
66e5b30f 2024-08-18 02:20:29 Pull in <stdio.h> (for snprintf()) directly instead of assuming some local .h will pull it in ok deraadt@
792c719e 2024-08-17 09:48:31 effectively revert revision 1.7. The original reason was some corner cases around COPY relocations, which caused problems for miniperl which directly modified environ and accessed environ via libc functions. This causes duplicate symbols for environ/__progname in some (poorly written) apps, but is allowed on most other architectures. Since the time this was added other arm architecture changes mean that we don't need it, so remove it. debugged with kettenis@ and jca@ tested and OK guenther@
ef61d040 2024-08-17 09:19:04 Zap a trailing comma to appease mandoc -Tlint
9b160abf 2024-08-17 09:16:37 Remove docs of various X509_TRUST "functionality" that no longer exists Some macros are still exposed, but apart from the loss of a very nice way of saying "this is completely misdesigned, overengineered and not properly thought through" the only thing we would have learned from it is that this stuff is "probably useless".
45cee0b3 2024-08-15 01:25:13 Support describing ABI changes for static libraries too. Try the -S option
9c3f005c 2024-08-14 04:50:31 timingsafe_bcmp() is better than timingsafe_memcmp() for the purpose.
7606e65b 2024-08-13 05:52:09 zap extra word;
474c46d7 2024-08-12 22:37:57 fflush.3: zap trailing whitespace
a37daf83 2024-08-12 21:27:57 Fix grammar in history section ok guenther
a9c2fbaa 2024-08-12 21:02:24 Give libtls the same bump as libssl
6d516ef5 2024-08-12 21:01:54 Bump minor after symbol addition
effebf15 2024-08-12 21:01:34 Add SSL_CTX_set1_cert_store() and SSL_CIPHER_get_handshake_digest() to Symbols.list
3b17b0f8 2024-08-12 21:01:00 Expose SSL_CTX_set1_cert_store() and SSL_CIPHER_get_handshake_digest()
24f9d669 2024-08-12 20:56:55 Add <stdio_ext.h> with the seven APIs needed to have gnulib operate without poking directly into the FILE structure. Repeated testing, "nope, need a few more" feedback, and ok tb@
e7b25768 2024-08-12 20:53:09 Make exit(), fclose(), fflush(), and freopen() comply with POSIX-2008 requirements for setting the underlying file position when flushing read-mode streams, and make an fseek()-after-fflush() not change the underlying file position. Much testing, review, and assistance from tb@ ok tb@ millert@
121bba80 2024-08-11 13:04:46 Add include path for crypto_arch.h.
09b34817 2024-08-11 13:02:39 Provide and use crypto_arch.h. Provide a per architecture crypto_arch.h - this will be used in a similar manner to bn_arch.h and will allow for architecture specific #defines and static inline functions. Move the HAVE_AES_* and HAVE_RC4_* defines here. ok tb@
a12c45b0 2024-08-10 06:41:49 Remove the empty ui_compat.h unused in ports and on codesearch
fee0068d 2024-08-08 23:50:29 ct.h: move two asterisks to the proper place
905bc6f9 2024-08-08 09:56:51 ui_util.c needs stdio.h and ui.h, but not ui_compat.h and ui_local.h
9c0ae8ff 2024-08-08 09:16:37 Use timingsafe_memcmp() when comparing the authenticators. from iij.
bcac9d59 2024-08-07 05:15:28 asprintf() and vasprintf() are in POSIX-2024. Update #include visibility and manpages and add restrict qualifiers in all the specified places to the *printf family. ok millert@
e4900374 2024-08-07 04:59:45 wcslcpy() and wcslcat() are in POSIX-2024. Update #include visibility and manpages and add restrict qualifiers. ok millert@
45fb58c6 2024-08-05 09:43:07 sync with upstream (noop for openbsd)
8d1d79aa 2024-08-04 22:28:08 ppoll() is in POSIX-2024. Update #include visibility and manpages and add restrict qualifiers. While here, rename the BUGS section to CAVEATS since they're really "these probably don't do what you want" notes and not things that need fixing. ok millert@
79ebf24a 2024-08-04 08:15:36 x509_vfy.c: drop some unnecessary parentheses
234b89c8 2024-08-03 23:06:56 A dozen interfaces in <endian.h> were standardized in POSIX-2024 as expected
4af81b37 2024-08-03 20:13:23 The improbable occurred: strlcpy(3) and strlcat(3) are in POSIX-2024. memmem(3) was also added. Update #include visibility and manpages and add restrict qualifiers. "never thought I'd see this day" millert@
dfc5f6fe 2024-08-03 20:09:24 mkostemp(3) and reallocarray(3) are in POSIX-2024: adjust #include visibility and update the reallocarray(3) manpage ok millert@
80eb38ce 2024-08-03 13:06:37 The EC_KEY method should use the EC_KEY index, not RSA Unbreaks ssh's t-agent-pkcs11-cert regress reported by anton. ok jsing
ef8f2a3f 2024-08-03 07:45:26 Bump CRYPTO_EX_DATA_MAX_INDEX to 32 rust-openssl tests do something weird and need lots of ex data (one index for each registered callback, for example). This makes the regress pass again. noticed by anton ok jsing
efea1aaa 2024-08-03 07:43:33 Use proper size for allocating indexes It's a double pointer, so we should allocate a pointer size, not the entire struct. This saves roughly 500B per class. CID 507397 ok jsing
946c9001 2024-08-03 04:53:01 Document SSL_CTX_set_cert_store From Kenjiro Nakayama
dcd96ea6 2024-08-03 04:50:27 Prepare to provide SSL_CTX_set1_cert_store() SSL_CTX_set_cert_store() should have been called SSL_CTX_set0_cert_store() since it takes ownership of the store argument. Apparently a few people ran into the issue of not bumping the refcount themselves, leading to use after frees about 10 years ago. This is a quite rarely used API and there are no misuses in the ports tree, but since someone did the work of writing a diff, we can still add it. Needless to say that SSL_CTX_get_cert_store() obviously has the exact same issue and nobody seems to have thought of adding a get0 or get1 version to match... Fixes https://github.com/libressl/openbsd/issues/71 From Kenjiro Nakayama
04933f16 2024-08-02 22:14:54 The {get,set}res[ug]id(2) family are in POSIX-2024's XSI option, so adjust the #include visibility and update the manpage. ok millert@
6a16e2b3 2024-08-02 15:00:01 libtls: fix legacy protocol parsing Redefining TLS_PROTOCOL_TLSv1_0 and TLS_PROTOCOL_TLSv1_1 to be the same as TLS_PROTOCOL_TLSv1_2 had undesired side effects, as witnessed in the accompanying regress tests. The protocol string all:tlsv1.0 would disable TLSv1.2 (so only enable TLSv1.3) and tlsv1.2:!tlsv1.1 would disable all protocols. It makes more sense to ignore any setting of TLSv1.0 and TLSv1.1, so if you request 'tlsv1.1' you get no protocol, but 'all:!tlsv1.1' will enable the two supported protocols TLSv1.3 and TLSv1.2. Restore the defines to their original values and adjust the parsing code to set/unset them. Issue reported by Kenjiro Nakayama Fixes https://github.com/libressl/openbsd/issues/151 with/ok jsing
723f2f96 2024-08-02 14:02:33 free class->indexes in CRYPTO_cleanup_all_ex_data() ok jsing
dc174772 2024-08-02 10:48:54 Rewrite CRYPTO_EX_DATA. CRYPTO_EX_DATA exists as a way to allow an application to attach data to various components in libcrypto and libssl. The general idea is that there are various "classes" (e.g. RSA) and an application can get an "index" (which can have new/dup/free functions provided). The application can then use the index to store a pointer to some form of data within that class, for later retrieval. However, even by OpenSSL standards, this is an insane API. The current implementation allows for data to be set without calling new, indexes can be used without allocation, new can be called without actually getting an index and dup can be called either after new or without new (see regress and RSA_get_ex_new_index(3)/CRYPTO_set_ex_data(3) for more details). On top of this, the previous "overhaul" of the code was written to be infinitely extensible. For now, the rewrite intends to maintain the existing behaviour - once we bed this down we can attempt to ratchet the API requirements and require some sort of sensible sequence. The only intentional change is that there is now a hard limit on the number of indexes that can be allocated (previously there was none, relying only on ENOMEM). ok tb@
92f420e6 2024-08-02 04:59:55 bump minor after yesterday's symbol addition requested by kettenis
e8780c77 2024-08-02 04:59:23 Put exported symbols of libz under our own control This adds a Symbols.list containing the exported symbols like in other libraries in base. If upstream adds new API this won't necessarily need a bump on our side. help/ok kettenis
c1d8b5d1 2024-08-02 01:53:21 getentropy(2) is in POSIX-2024, so adjust the #include visibility, change the "too much" error to EINVAL, add GETENTROPY_MAX to <limits.h> (via sys/syslimits.h), and update the manpage. ok deraadt@
05fd5574 2024-08-01 16:25:34 Bump libsndio pkg-config version to 1.10.0 ok tb@
a225ed82 2024-08-01 04:02:26 sync with upstream This adds a new public API, deflateUsed(), so is technically a minor bump. Nothing will be using this anytime soon, so no shared library bump. discussed with deraadt during c2k24
728f891c 2024-07-29 06:05:31 typo: regresss -> regress
3841e294 2024-07-26 13:34:56 Mark X509at_get_attr{,_count}() and X509at_delete_attr() as unused ok jsing
857ff97c 2024-07-26 13:33:39 Disable X509at_get_attr{,_count}() and X509at_delete_attr() These are (not so) thin wrappers around the stack API and only make things unreadable by adding an unneccesary layer of indirection and repeating checks already present in the stack API. X509at_delete_attr() is a masterpiece. ok jsing
1b0af581 2024-07-26 13:30:40 Inline last user of X509at_get_attr() ok jsing
e4518488 2024-07-26 13:24:39 Inline trivial X509at_* calls in x509_req ok jsing
6018a687 2024-07-26 13:23:52 Inline a few trivial X509at_* calls in cms ok jsing
6f625876 2024-07-26 03:40:43 Put opening brace on correct line
2aac3b3b 2024-07-25 17:29:51 document deflateUsed() text mostly from upstream, the function will soon be added to libz. ok jmc
d7c68325 2024-07-25 17:25:59 fix a small markup mistake (missing newline) ok jmc (as part of a larger diff)
1fc5fb45 2024-07-24 08:57:58 BUF_MEM_new.3: add a touch of KNF
ae6d468d 2024-07-24 08:22:26 Add Symbols.list and enable version script to hide some local functions.
834c20a7 2024-07-24 08:19:16 Place Message-Authenticator at the beginning of the attributes as draft-ietf-radext-deprecating-radius-02 suggests.
ae0a2582 2024-07-23 14:40:53 Remove get_cipher from SSL_METHOD. Inline the get_cipher implementation (including the special handling for DTLS) in ssl_cipher_collect_ciphers() (the only consumer), remove the get_cipher member of SSL_METHOD and mop up dtls1_get_cipher(). ssl3_get_cipher() has always had a strange property of being a reverse index, which is relied on by the cipher list ordering code, since it currently assumes that high cipher suite values are preferable. Rather than complicating ssl3_get_cipher() (and regress), change the iteration order in ssl_cipher_collect_ciphers() to match what it requires. Lastly, rename ssl3_get_cipher() to be more descriptive. ok tb@
544c3c00 2024-07-23 08:36:51 libsndio: Don't use poll(2) for output on the control device. The AUDIO_MIXER_WRITE ioctl always succeeds without blocking, so no need to use poll(2) for output. The audio(4) control device driver doesn't implement the corresponding struct filterops anyway. Fixes delayed level settings.
17423a06 2024-07-22 22:06:27 Specify a priority for _libc_preinit() to make sure it runs before other constructors (such as the constructor for libcompiler_rt). ok guenther@
f4fe6251 2024-07-22 14:47:15 Use cipher suite values instead of IDs. OpenSSL has had the concept of cipher IDs, which were a way of working around overlapping cipher suite values between SSLv2 and SSLv3. Given that we no longer have to deal with this issue, replace the use of IDs with cipher suite values. In particular, this means that we can stop mapping back and forth between the two, simplifying things considerably. While here, remove the 'valid' member of the SSL_CIPHER. The ssl3_ciphers[] table is no longer mutable, meaning that ciphers cannot be disabled at runtime (and we have `#if 0' if we want to do it at compile time). Clean up the comments and add/update RFC references for cipher suites. ok tb@
bc312e93 2024-07-21 09:24:07 Add back a .
f7825545 2024-07-21 08:36:43 Unify description of the obsolete ENGINE parameter This uses the same language in most manuals mentioning the obsolete ENGINE parameters. Make it clear that it is always ignored and that NULL should be passed. Always call it engine instead of a mix of e pe, impl, eng.
b64b2daf 2024-07-21 08:25:33 Drop ENGINE from EVP_PKEY_derive example
4ca2bb5b 2024-07-21 08:10:17 Garbage collect ENGINE "use" from EVP_PKEY_decrypt() example
fd819adc 2024-07-21 08:02:17 Make example slightly less terrible by dropping the ENGINE "handling"
387303bb 2024-07-20 04:04:23 Remove cipher from SSL_SESSION. For a long time SSL_SESSION has had both a cipher ID and a pointer to an SSL_CIPHER (and not both are guaranteed to be populated). There is also a pointer to an SSL_CIPHER in the SSL_HANDSHAKE that denotes the cipher being used for this connection. Some code has been using the cipher from SSL_SESSION and some code has been using the cipher from SSL_HANDSHAKE. Remove cipher from SSL_SESSION and use the version in SSL_HANDSHAKE everywhere. If resuming from a session then we need to use the SSL_SESSION cipher ID to set the SSL_HANDSHAKE cipher. And we still need to ensure that we update the cipher ID in the SSL_SESSION whenever the SSL_HANDSHAKE cipher changes (this only occurs in a few places). ok tb@
59ec10be 2024-07-19 08:56:17 Annotate issues with tls_session_secret_cb() related code.
1a5be6e3 2024-07-19 08:54:31 Move client ciphers from SSL_SESSION to SSL_HANDSHAKE. SSL_SESSION has a 'ciphers' member which contains a list of ciphers that were advertised by the client. Move this from SSL_SESSION to SSL_HANDSHAKE and rename it to match reality. ok tb@
070ee79a 2024-07-18 15:38:57 The source of a link (name1) may not be a directory. POSIX says this is implementation-dependent; OpenBSD does not allow it. OK guenther@
f326d806 2024-07-17 13:29:05 Be clear that RUSAGE_CHILDREN only works for terminated children that have been waited for. If you SIG_IGN SIGCHLD or don't call any of the wait functions then RUSAGE_CHILDREN wont report anything. OK deraadt@ millert@
eb67a850 2024-07-16 14:38:04 Clean up SSL_HANDSHAKE_MAC_DEFAULT. The handshake MAC needs to be upgraded when TLSv1.0 and TLSv1.1 ciphersuites are used with TLSv1.2. Since we no longer support TLSv1.0 and TLSv1.1, we can simply upgrade the handshake MAC in the ciphersuite table and remove the various defines/macros/code that existed to handle the upgrade. ok tb@
bf08afbe 2024-07-16 10:19:38 Fix .Ox for SSL_CIPHER_get_handshake_digest()
6e8d98da 2024-07-15 18:50:42 Switch the EVP_PKEY_*attr* API to LCRYPTO_UNUSED() This would have prevented the PKCS12 oopsie.
9982db7b 2024-07-15 15:43:25 Fix PKCS12_create() This tries to copy some microsoft attributes which are not usually present and chokes on the now disabled EVP_PKEY_*attr* API. Instead of reviving about four layers of traps and indirection, just inline the two functions in a way that should be more obvious. found by anton via the ruby-openssl tests ok jsing
2bfbbd8b 2024-07-15 14:45:15 Mop up TLS1_PRF* defines. These have not been used for a long time, however SSL_CIPHER was not opaque at the time, hence they had to stick around. Now that SSL_CIPHER is opaque we can simply mop them up. ok tb@
d148180b 2024-07-15 00:11:59 ocurred -> occurred
dc6fcfdc 2024-07-14 16:06:31 Rewrite EVP_PKEY_add1_attr_by_NID() Instead of jumping through many layers that cause headache, we can achieve the same in an entirely straightforward way without losing clarity. ok jsing
2a0af5fe 2024-07-14 16:04:10 Disable most EVP_PKEY_*attr* API There is a single consumer of this entire family of function, namely the openssl(1) pkcs12 command uses EVP_PKEY_add1_attr_by_NID, so leave that one intact for now. ok jsing
5dd6d43a 2024-07-14 15:56:08 Forgot to annotate the TMP UGLY CAST[S] as requested by jsing h/t to levitte
6071ac1f 2024-07-14 15:48:24 Document SSL_CIPHER_get_handshake_digest(3)