summaryrefslogtreecommitdiffstats
path: root/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Check the return value of tls1_enc() in the write path.jsing2020-08-022-6/+6
| | | | | | | | | The write path can return a failure in the AEAD path and there is no reason not to check a return value. Spotted by tb@ during another review. ok tb@
* Clean up/simplify more of the dtls1/ssl3 record writing code:jsing2020-08-012-73/+34
| | | | | | | | | | | | - Make the DTLS code much more consistent with the ssl3 code. - Avoid assigning wr->input and wr->length just so they can be used as arguments to memcpy(). - Remove the arc4random_buf() call for the explicit IV, since tls1_enc() already does this for us. ok tb@
* Pull record version selection code up and pass it as an argument tojsing2020-08-011-15/+15
| | | | | | ssl3_create_record(). ok tb@
* Have ssl_init_wbio_buffer() push the buffering BIO rather than doing itjsing2020-07-301-5/+2
| | | | | | ourselves. Spotted by tb@ during a previous review.
* Clean up and simplify some of the SSL3/DTLS1 record writing code.jsing2020-07-302-76/+72
| | | | | | | | | | | This will allow for further changes to be made with less complexity and easier review. In particular, decide if we need an empty fragment early on and only do the alignment calculation once (rather than in two separate parts of the function. ok tb@ inoguchi@
* Add minimal info callback support for TLSv1.3tb2020-07-303-3/+32
| | | | | | | | | | | | | | As abieber@ found the hard way, some python frameworks (twisted, synapse) thought it a great idea to use the info callback mechanism (designed to get state information about SSL objects) to modify state information such as setting and verifying the SNI. The switch of TLS_method() to default to TLSv1.3 broke these contraptions. Further bits of the info callback mechanism will likely metastasize throughout the TLSv1.3 stack if we need them, so we only do what's really necessary now. Lots of debugging, crucial hint and testing by abieber input & ok jsing
* Fix two cases where we shpould compare/store 64-bit values instead ofkettenis2020-07-271-3/+3
| | | | | | 32-bit values. ok gkoehler@, drahn@
* Fix powerpc64's sbrk()gkoehler2020-07-271-3/+5
| | | | | | | Initialize __curbrk = &_end. It's a 64-bit pointer, so use ld/std instead of lwz/stw. ok drahn@
* Reference unveil(2) in system accounting and daily.8.rob2020-07-261-6/+5
| | | | | | | Reminder that unveil does not kill from brynet and gsoares. Wording tweaks from jmc; feedback from deraadt. ok jmc@, millert@, solene@, "fine with me" deraadt@
* Handle SSL_MODE_AUTO_RETRY being changed during a TLSv1.3 session.jsing2020-07-251-1/+4
| | | | | | | | | | | | | | | Both Perl's HTTP::Tiny and IO::Socket::SSL know about SSL_MODE_AUTO_RETRY and try to work around the fact that OpenSSL enabled it by default. However, this can lead to the mode being disabled prior to the TLSv1.3 handshake and then enabled after the handshake has completed. In order to handle this correctly we have to check the mode and inform the record layer prior to every read. Issue reported and test case provided by Nathanael Rensen <nathanael@polymorpheus.com>. ok inoguchi@ tb@
* remove half a dozen "goto" statements and a labelschwarze2020-07-251-14/+1
| | | | | that change nothing whatsoever, except making the code harder to read; OK tb@
* tweak previous;jmc2020-07-241-4/+4
|
* document PEM_X509_INFO_read(3) and PEM_X509_INFO_read_bio(3)schwarze2020-07-237-14/+207
| | | | OK tb@
* Fix a bug in PEM_X509_INFO_read_bio(3) that is very likely to causeschwarze2020-07-231-21/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | use-after-free and double-free issues in calling programs. The bug was introduced in SSLeay-0.6.0 released on June 21, 1996 and has been present since OpenBSD 2.4. I found the bug while documenting the function. The bug could bite in two ways that looked quite different from the perspective of the calling code: * If a stack was passed in that already contained some X509_INFO objects and an error occurred, all the objects passed in would be freed, but without removing the freed pointers from the stack, so the calling code would probable continue to access the freed pointers and eventually free them a second time. * If the input BIO contained at least two valid PEM objects followed by at least one PEM object causing an error, at least one freed pointer would be put onto the stack, even though the function would return NULL rather than the stack. But the calling code would still have a pointer to the stack, so it would be likely to access the new bogus pointers sooner or later. Fix all this by remembering the size of the input stack on entry and cutting it back to exactly that size when exiting due to an error, but no further. While here, do some related cleanup: * Garbage collect the automatic variables "error" and "i" which were only used at one single place each. * Use NULL rather than 0 for pointers. I like bugfixes that make the code four lines shorter, reduce the number of variables by one, reduce the number of brace-blocks by one, reduce the number if if-statements by one, and reduce the number of else-clauses by one. Tweaks and OK tb@.
* DLT_LOOP does have a link header, so tell pcap-filter so it can use it.dlg2020-07-211-2/+2
| | | | | | | | | | | | | | matthieu@ reported that asking tcpdump to look at ip or ip6 traffic on a wg(4) interface caused all packets to be captured. this is because pcap assumes that if your link type doesn't have a link header then it is always ip or ip6 (which is weird anyway) and captures everything. there was already code to generate a filter for the DLT_LOOP link header, it was just bypassed cos earlier code said that there wasn't one. debugged with and ok kn@
* Userland timecounter implementation for octeonvisa2020-07-181-3/+30
| | | | OK naddy@; no objections from kettenis@
* Raw device access is not anymore a fall-back for when sndiod isn't runningratchov2020-07-181-8/+2
| | | | Found by Jan Stary <hans at stare.cz>, discussed with jmc@
* Userland timecounter for macppcgkoehler2020-07-171-2/+22
| | | | | | | Tested by cwen@ and myself. Thanks to pirofti@ for creating the userland timecounter feature. ok kettenis@ pirofti@ deraadt@ cheloha@
* "wroute" allows changes to the routing table; ok deraadtjmc2020-07-171-2/+2
|
* route and wroute were undocumented; ok florianderaadt2020-07-171-2/+7
|
* Remove obsolete LOCALE_HOME code we have never used (and never will).millert2020-07-161-146/+1
| | | | Upstream removed it in 2004. From Jan Stary.
* allow setenv LIBC_NOUSERTC to disable userland timekeeping, for ktrace.tedu2020-07-161-1/+3
| | | | ok deraadt pirofti
* Userland timecounter implementation for arm64.kettenis2020-07-151-3/+29
| | | | ok naddy@
* Dedup the use legacy stack code.jsing2020-07-141-56/+25
| | | | ok inoguchi@ tb@
* Revert the TLSv1.3 version switching fix/hack.jsing2020-07-141-10/+1
| | | | | | | | This is no longer necessary since the TLS_method() now supports TLSv1.3. Reverts r1.211 of ssl_lib.c. ok beck@ inoguchi@ tb@
* Fix TIB/TCB on powerpc64. Some bright sould decided that the TCB shouldkettenis2020-07-141-3/+3
| | | | | | | | | | | be 8 bytes in the 64-bit ABI just like in the 32-bit ABI. But that means there is no "spare" word in the TCB that we can use to store a pointer to our struct pthread. So we have to treat powerpc64 special. Also recognize that the thread pointer points 0x7000 bytes after the TCB. Since the TCB is 8 bytes this means that TCB_OFFSET should be 0x7008. Pointed out by guenther@; ok deraadt@
* Add usertc.c.kettenis2020-07-111-0/+1
|
* Add missing usertc.c file.kettenis2020-07-111-0/+21
|
* adjust %n description to vaguely say "pointer", becuase the followingderaadt2020-07-101-4/+6
| | | | | | list of "[size]n" includes "n" on it's own, thereby the "int" case is described correctly. ok schwarze
* As suggested by deraadt@, rewrite most of the printf(3) manual pageschwarze2020-07-101-453/+586
| | | | | | | | | | | | | | to properly show the (differing) syntaxes of all the conversion specifications, and reduce the amount of forward references from the list of modifiers to the list of specifiers. While here, properly explain %lc and %ls. Also correct RETURN VALUES, which incorrectly talked about counting characters while actually bytes are counted. Using feedback from millert@, deraadt@, tb@, and Martin Vahlensieck. OK deraadt@, millert@, and tb@ on intermediate versions of this diff and no objections from jmc@.
* The fegetexceptflag() function should not have a DEF_STD.kettenis2020-07-091-2/+1
| | | | | | Brings arm64 in line with all the other architectures. ok millert@
* adjfreq(2): limit adjustment to [-500000, +500000] ppmcheloha2020-07-091-2/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we recompute the scaling factor during tc_windup() there is an opportunity for arithmetic overflow if the active timecounter's adjfreq(2) adjustment is too large. If we limit the adjustment to [-500000, +500000] ppm the statement in question cannot overflow. In particular, we are concerned with the following bit of code: scale = (u_int64_t)1 << 63; scale += \ ((th->th_adjustment + th->th_counter->tc_freq_adj) / 1024) * 2199; scale /= th->th_counter->tc_frequency; th->th_scale = scale * 2; where scale is an int64_t. Overflow when we do: scale += (...) / 1024 * 2199; as th->th_counter->tc_freq_adj is currently unbounded. th->th_adjustment is limited to [-5000ppm, 5000ppm]. To see that overflow is prevented with the new bounds, consider the new edge case where th->th_counter->tc_freq_adj is 500000ppm and th->th_adjustment is 5000ppm. Both are of type int64_t. We have: int64_t th_adjustment = (5000 * 1000) << 32; /* 21474836480000000 */ int64_t tc_freq_adj = 500000000LL << 32; /* 2147483648000000000 */ scale = (u_int64_t)1 << 63; /* 9223372036854775808 */ scale += (th_adjustment + tc_freq_adj) / 1024 * 2199; /* scale += 2168958484480000000 / 1024 * 2199; */ /* scale += 4657753620480000000; */ 9223372036854775808 + 4657753620480000000 = 13881125657334775808, which less than 18446744073709551616, so we don't have overflow. On the opposite end, if th->th_counter->tc_freq_adj is -500000ppm and th->th_adjustment is -5000ppm we would have -4657753620480000000. 9223372036854775808 - 4657753620480000000 = 4565618416374775808. Again, no overflow. 500000ppm and -500000ppm are extreme adjustments. otto@ says ntpd(8) would never arrive at them naturally, so we are not at risk of breaking a working setup by imposing these restrictions. Documentation input from kettenis@. No complaints from otto@.
* Userland timecounter implementation for sparc64.kettenis2020-07-082-4/+41
| | | | ok deraadt@, pirofti@
* Clean up the amd64 userland timecounter implementation a bit:kettenis2020-07-081-10/+10
| | | | | | | | | * We don't need TC_LAST * Make internal functions static to avoid namespace pollution in libc.a * Use a switch statement to harmonize with architectures providing multiple timecounters ok deraadt@, pirofti@
* Remove some unnecessary function pointers from SSL_METHOD_INTERNAL.jsing2020-07-075-64/+17
| | | | | | ssl_version is completely unused and get_timeout is the same everywhere. ok beck@ inoguchi@ tb@
* Enable TLSv1.3 for the generic TLS_method().jsing2020-07-072-5/+52
| | | | | | This can be done now that we have both TLSv1.3 client and server. ok beck@ inoguchi@ tb@
* Minor tweaks in the description of %g:schwarze2020-07-061-4/+8
| | | | | | | | 1. Clarify that %G uses %F, not %f; noticed by millert@. 2. Mention that %g originally meant "general notation", see: https://minnie.tuhs.org/cgi-bin/utree.pl?file=V7/usr/src/libc/stdio/doprnt.s Triggered by a somewhat different patch from Ian <ropers at gmail dot com>. Feedback and OK millert@ and jmc@.
* Add support for timeconting in userland.pirofti2020-07-0642-65/+596
| | | | | | | | | | | | | | | | | | | | | | | | | | This diff exposes parts of clock_gettime(2) and gettimeofday(2) to userland via libc eliberating processes from the need for a context switch everytime they want to count the passage of time. If a timecounter clock can be exposed to userland than it needs to set its tc_user member to a non-zero value. Tested with one or multiple counters per architecture. The timing data is shared through a pointer found in the new ELF auxiliary vector AUX_openbsd_timekeep containing timehands information that is frequently updated by the kernel. Timing differences between the last kernel update and the current time are adjusted in userland by the tc_get_timecount() function inside the MD usertc.c file. This permits a much more responsive environment, quite visible in browsers, office programs and gaming (apparently one is are able to fly in Minecraft now). Tested by robert@, sthen@, naddy@, kmos@, phessler@, and many others! OK from at least kettenis@, cheloha@, naddy@, sthen@
* zap trailing whitespace on one linetb2020-07-031-2/+2
|
* Make the message type available to the extension functionstb2020-07-032-167/+181
| | | | | | | | | | | | | | Some TLS extensions need to be treated differently depending on the handshake message they appear in. Over time, various workarounds and hacks were used to deal with the unavailability of the message type in these functions, but this is getting fragile and unwieldy. Having the message type available will enable us to clean this code up and will allow simple fixes for a number of bugs in our handling of the status_request extension reported by Michael Forney. This approach was suggested a while ago by jsing. ok beck jsing
* Improve argument order for the internal tlsext APItb2020-07-038-39/+39
| | | | | | | | Move is_server and msg_type right after the SSL object so that CBS and CBB and alert come last. This brings these functions more in line with other internal functions and separates state from data. requested by jsing
* Use a relative branch to jump from setjmp(3) into _setjmp(4).kettenis2020-07-021-5/+4
| | | | Use correct register to reference the location where we store CR.
* Add missing comparison instruction. Load %r12 with the indirect branchkettenis2020-06-301-1/+3
| | | | address to load the correct TOC address.
* Disable assembly code for powerpc64; more work is needed to make it work.kettenis2020-06-291-8/+9
|
* Use C versions of bcopy(3) and memmove(3) for now as the assembly versionkettenis2020-06-291-2/+2
| | | | | | of bcopy(9) doesn't work in its current state. ok deraadt@
* Use std instead of stw to store CR since we use std in sigsetjmp(3) andkettenis2020-06-281-2/+2
| | | | we use ld to load it again in longjmp(3).
* Add stub implementation; derived from kvm_sh.c which has our preferredkettenis2020-06-281-0/+75
| | | | copyright license.
* Fix grammar in comment.kettenis2020-06-281-2/+2
|
* Add powerpc64 support.kettenis2020-06-281-1/+3
|
* Add powerpc64 fenv bits; copied from powerpc. From drahn@kettenis2020-06-281-0/+339
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.