summaryrefslogtreecommitdiffstats
path: root/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Fix ilogb(3) implementation. The results have to match FP_ILOGB0 andkettenis2020-11-075-89/+3
| | | | | | | | | | FP_ILOGBNAN which isn't the case for the amd64 and i386 assembly versions. Drop these in favour of C implementations. Als reimplement ilogbl(3) by providing separate ld80 and ld128 implementations that replace the existing implementation which may hit an infinite loop when built for quad-precision long double. ok patrick@, gkoehler@
* Fix ilogb(3) implementation. The results have to match FP_ILOGB0 andkettenis2020-11-075-85/+110
| | | | | | | | | | FP_ILOGBNAN which isn't the case for the amd64 and i386 assembly versions. Drop these in favour of C implementations. Als reimplement ilogbl(3) by providing separate ld80 and ld128 implementations that replace the existing implementation which may hit an infinite loop when built for quad-precision long double. ok patrick@, gkoehler@
* Actually m88k assembler can not handle 'nop' mnemonic, use a macro instead.aoyama2020-11-071-2/+4
| | | | ok deraadt@
* double word fixes;jmc2020-11-051-3/+3
|
* Fix bad indent.jsing2020-11-031-7/+6
|
* Only check BIO_should_read() on read and BIO_should_write() on write.jsing2020-11-031-5/+1
| | | | | | | | | | | | | | | | | | The TLSv1.3 code that drives a BIO currently checks BIO_should_read() after BIO_write() and BIO_should_write() after BIO_read(), which was modelled on SSL_get_error(). However, there are certain cases where this can confuse the caller - primarily where the same BIO is being used for both read and write and the caller is manipulating the retry flags. SSL_get_error() tends avoids this issue by relying on another layer of state tracking. Unfortunately haproxy hits this situation - it has its own BIO_METHOD, the same BIO is used for both read and write and it manipulates the retry flags - resulting in it stalling. Issued noted by Thorsten Lockert <tholo@tzecmaun.org> ok beck@ tb@
* Hook X509_STORE_CTX get_issuer() callback from new X509 verifier.jsing2020-11-031-3/+17
| | | | | | | | | | | If we fail to find a parent certificate from either the supplied roots or intermediates and we have a X509_STORE_CTX, call its get_issuer() callback to see if it can supply a suitable certificate. This makes things like certificates by directory (aka by_dir) work correctly. Issue noted by Uwe Werler <uwe@werler.is> ok beck@ tb@
* typo: ASN1_parse_time -> ASN1_time_parsetb2020-11-021-3/+3
|
* Align with C99 (and our implementation) and describe the return values forkettenis2020-10-311-4/+7
| | | | NaN and 0 arguments using FP_ILOGB0 and FP_ILOGBNAN.
* The printf format string component %n is a nearly turning-complete gadget.deraadt2020-10-272-4/+83
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Largely considered attack surface nowadays. The benefit provided by %n is completely overshadowed by the risk. New uses of %n don't seem to be entering the C ecosystem, as static tools flag them. And everyone points fingers at those people.... The list of programs (and libraries) which use %n is therefore finite and shrinking. Most of the %n use comes out of the GNU ecosystem. jca@ has convinced gnulib to fix their code (so we need to wait for software including gnulib to make new releases). A few libraries have moved ahead of us and become more strict. Some n longer permit %n (for instance, andriod bionic). Others log the occurance. Some log and abort if the output location is W|X (MacOS). Our base tree is clean. The ports tree contains a handful during build time, and unknown count (more) during runtime. We would like to abort programs on any occurance of %n. Or we could be like MacOS, aborting for W|X pages (but would need a system call which can check that condition, and that introduces addressspace knowledge we don't want attackers to know, and may be a poor tradeoff). For now, we can syslog, to increase awareness, and involve more people in the greater community to remove %n uses. [If %n is at the end, use the *printf return value. If it occurs in the middle, split the printf calls into multiples] Hopefully one day, we can just abort() when %n happens. Help us get there? ok jca, plus naddy for ports team
* Add agentx_varbind_unsigned32 as a wrapper around agentx_varbind_gauge32 tomartijn2020-10-274-3/+16
| | | | | | | | | | be more clear what to use when a normal unsigned is desired. This is in conformance with RFC 2578/SMIv2. Ride yesterday's bump OK tb@
* Adjust manpage to uint32_t->int32_t change.martijn2020-10-271-9/+9
|
* According to SMI (RFC 2578) an integer is signed. Somehow I managed tomartijn2020-10-274-48/+83
| | | | | | | | | | | overlook this. This change prevens indices larger then INT32_MAX, but this shouldn't happen in the current code (relayd) anyway. In all other cases the bytes would've been passed on to SNMP anyway, so there's no effective difference there. Probably no ABI-change, but we can ride yesterday's bump anyway. OK tb@
* Retguard asm macros for powerpc libc, ld.sogkoehler2020-10-269-64/+87
| | | | | | | | | | Add retguard to some, but not all, asm functions in libc. Edit SYS.h in libc to remove the PREFIX macros and add SYSENTRY (more like aarch64 and powerpc64), so we can insert RETGUARD_SETUP after SYSENTRY. Some .S files in this commit don't get retguard, but do stop using the old prefix macros. Tested by deraadt@, who put this diff in a macppc snap.
* Set ax_rbsize before calling malloc and use it in malloc.martijn2020-10-261-3/+3
| | | | OK tb@ and kn@
* The agentx API will first appear in 6.9.tb2020-10-261-2/+2
|
* Add missing RCS tagstb2020-10-266-0/+6
|
* use installed include filederaadt2020-10-262-3/+3
| | | | ok martijn
* make includes should be more verbosederaadt2020-10-261-5/+8
| | | | ok martijn
* s/agentx_/ax_/g and s/subagentx_/agentx_/gmartijn2020-10-2615-6580/+6580
| | | | Requested by and OK deraadt@
* Initialize srl to NULL to silence gcc. There is no case where this ismartijn2020-10-261-1/+1
| | | | | | uninitialized and clang doesn't trip over this. Pointed out by and OK stsp@
* Add a safety net to ensure that we set an error on the store context.tb2020-10-261-1/+3
| | | | Suggested by and discussed with beck
* If x509_verify() fails, ensure that the error is also set on the storetb2020-10-261-10/+15
| | | | | | | context. This is what is returned in SSL_get_verify_result(). Spotted and initial diff from jeremy; discussed with jsing ok beck
* Make sure that x509_vfy_check_id() failure also sets ctx->error, not onlytb2020-10-261-3/+8
| | | | | | ctx->xsc->error. Will be needed in an upcoming diff. from beck
* Remove trailing spaces & tabsdenis2020-10-262-18/+17
| | | | OK martijn@
* clock_gettime.2: overhaul manpagecheloha2020-10-251-76/+241
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The clock_gettime.2 page is clumsy. It will be easier to use if it is reorganized to emphasize clock_gettime(2), a general and widely used interface, over clock_settime(2), a special-purpose and rarely used interface. While doing that I found a bunch of other things I wanted to tweak or improve: - Simplify the NAME summary. No need to mention "calibration" or "date". - "now", "res", and "clock" are better argument names than "tp" and "clock_id". - The CLOCK_* list is a bunch of fragments. Rewrite the list to make it easier to understand what the clocks represent and how they behave. - Mention clock_settime(2) *after* the list of clocks. Almost nobody needs to use it. It shouldn't lead the page alongside clock_gettime(2). - Drop the adjtime(2) reference. We could mention it in a CAVEATS section but it definitely doesn't belong here in the DESCRIPTION. - Drop the useless init(8) reference. - Add a bunch of EXAMPLES demonstrating how to actually use each clock. - Clean up the ERRORS. - Update the cross references. - Add a HISTORY for the interfaces and each clock. High-level structural ideas from jmc@ and schwarze@. Edited by jmc@. ok jmc@, probably ok schwarze@
* some fixes from varik valefor;jmc2020-10-242-12/+12
|
* Save and restore the MXCSR register and the FPU control word such thatkettenis2020-10-213-3/+15
| | | | | | floating-point control modes are properly restored by longjmp(3). ok guenther@
* Stop documenting some functions as macros.tb2020-10-213-19/+7
| | | | | | | In x509.h r1.70 (2018/08/24) I turned some macros into actual functions to follow what OpenSSL is doing since 1.1.0. The documentation still claims that they are implemented as macros. Update a doc sync commit hash while there.
* Align the basename(3) and dirname(3) prototypes with the POSIX spec:naddy2020-10-204-10/+10
| | | | | | | Both functions take a non-const parameter. Implementations may modify the passed string, even though ours do not. ok stsp@ deraadt@ millert@
* Use a trap instruction that unconditionally terminates the process.visa2020-10-202-4/+4
| | | | OK deraadt@
* Retguard sigsetjmp on powerpc64.mortimer2020-10-191-5/+10
| | | | ok deraadt@
* replace ad-hoc illegal instruction with the architecturally defined onenaddy2020-10-194-8/+8
| | | | | ("permanently undefined") ok deraadt@ kettenis@
* add retguard prologue/epiloguederaadt2020-10-191-2/+4
| | | | ok mortimer
* Save and restore the FPCR register such that floating-point control modeskettenis2020-10-192-6/+14
| | | | are properly restored by longjmp(3).
* On powerpc64, restore %r2 when needed while unwinding.kettenis2020-10-191-0/+10
| | | | | | Makes exception handling work on powerpc64. ok patrick@
* Add powerpc64 retguard macros for setjmp / longjmp.mortimer2020-10-181-5/+10
| | | | ok deraadt@
* SYS___threxit cannot fail, but this integration looks like a gadget.deraadt2020-10-1811-11/+24
| | | | | Put a hard-trap instruction after the syscall instruction. ok kettenis mortimer
* Fix typo in reference, period that should be comma.bentley2020-10-181-3/+3
| | | | | | | The error is present in the RFC byline, but that's no reason to ignore an obvious typo when the correct punctuation is visible right above it. ok jmc@ martijn@
* Adapt SYS.h to use retguard macros from asm.h, so that generated systemderaadt2020-10-168-46/+77
| | | | | | calls are guarded. Adapt the first few hand-written functions to this model (a few remain) ok kettenis mortimer
* double word fixes; from varik valeforjmc2020-10-161-3/+3
|
* Unbreak DTLS retransmissions for flights that include a CCS.jsing2020-10-151-7/+8
| | | | | | | | | | When retransmitting a flight that includes a CCS, the record protection from the previous epoch has to be used to send the messages up to and including the CCS, with messages after the CCS using record protection from the current epoch. The code that restores the record protection state failed to work correctly with the new TLSv1.2 record layer. ok tb@
* crt0 MD _dl_exit() performs syscall to SYS_exit directly, but thenderaadt2020-10-1512-30/+24
| | | | | | | | | | | some of these functions were returning. That makes the +1word address a fairly strong and easily located gadget. Put a hard-trap instruction after the syscall. This remains a gadget for 'terminal system' calls (such as execve), but hey that's why we have pledge w/o "exec" throughout the tree. Quite surprisingly, hppa's delay-slot load of SYS_exit makes it the safest of the bunch, not that this helps anyone. ok kettenis
* zap annoying stray spacestb2020-10-151-4/+4
|
* use symbolic SYS_exit rather than 1, and skip usingderaadt2020-10-141-4/+2
| | | | | the 0x400 %g2 syscall method ok kettenis
* use symbolic SYS_exit instead of the value 1deraadt2020-10-1412-31/+24
| | | | ok kettenis
* Accommodate POSIX basename(3) that takes a non-const parameter andnaddy2020-10-141-3/+4
| | | | may modify the string buffer. ok millert@
* Replace SSL_IS_DTLS with SSL_is_dtls().jsing2020-10-1411-96/+92
| | | | | | Garbage collect the now unused SSL_IS_DTLS macro. ok tb@
* Provide SSL_is_dtls().jsing2020-10-142-2/+11
| | | | | | | For now this is #ifdef LIBRESSL_INTERNAL and will be exposed during the next library bump. ok tb@
* Mark DTLS methods as DTLS.jsing2020-10-142-3/+10
| | | | | | | | Rather than inferring DTLS from the method version, add a field that marks a method as specifically being DTLS. Have SSL_IS_DTLS condition on this rather than on version. ok tb@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.