CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/04/27 13:31:02 Modified files: lib/libcrypto/evp: e_aes.c evp.h evp_err.c Log message: Disallow the use of zero length IVs in AES-GCM via EVP_AEAD_CTX_{open,seal}, as this leaks the authentication key. Issue reported and fix tested by Guido Vranken. ok beck, jsing This commit adds a constant to a public header despite library lock, as discussed with deraadt and sthen.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/04/27 13:34:59 Modified files: regress/lib/libcrypto/wycheproof: wycheproof.go Log message: Fix a logic error that hid the failing ZeroLengthIv tests. This issue was fixed in lib/libcrypto/evp/e_aes.c r1.40.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/04/27 13:42:34 Modified files: regress/lib/libcrypto/wycheproof: wycheproof.go Log message: Fix two bugs in the AES-CBC-PKCS5 tests that didn't hide failing tests: 1. Use the correct slice for comparing the cipher output 2. Fix logic error similar to the one in AES-GCM in the previous commit
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/04/30 12:43:11 Modified files: lib/libcrypto/evp: e_aes.c Log message: Disallow setting the AES-GCM IV length to 0 It is possible to do this by abusing the EVP_CTRL_INIT API. Pointed out by jsing. ok inoguchi jsing (as part of a larger diff)
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: t...@cvs.openbsd.org2020/05/04 06:06:02 Modified files: . : sparc.html Log message: typo: 5.7 -> 5.9. from bsd stephane-huc net
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/05/04 08:20:36 Modified files: regress/lib/libssl/handshake: handshake_table.c Log message: Fix out-of-bounds access in tables[][] that was exposed in bluhm's regress on i386 after inoguchi moved some symbols to const. ok inoguchi jsing deraadt
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/05/06 09:45:22 Modified files: lib/libcrypto : opensslv.h Log message: Bump LibreSSL version to 3.1.1 ok bcook inoguchi deraadt
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/05/07 12:56:09 Modified files: lib/libssl : tls13_record_layer.c Log message: On receiving a handshake or alert record with empty inner plaintext, terminate the connection with an unexpected_message alert. See RFC 8446 section 5.4. Found with tlsfuzzer hint/ok jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/05/09 04:17:58 Modified files: lib/libssl : tls13_server.c Log message: crazy whitespace on one line
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/05/09 07:51:44 Modified files: lib/libssl : ssl_srvr.c Log message: On receiving an overlong session ID terminate with an illegal_parameter alert. Found with tlsfuzzer. ok jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/05/09 07:54:19 Modified files: lib/libssl : ssl_clnt.c Log message: Drop a redundant test. It's effectively doing the same test twice and if the two lengths differed, the later CBS_write_bytes() would correctly fail anyway. Discussed with jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/05/09 08:02:24 Modified files: lib/libssl : tls13_server.c Log message: Make the test for the legacy_compression_method vector in the ClientHello stricter. Previously, we would accept any vector if it advertised the "null" compression method. RFC 8446 4.1.2 specifies that the only legal vector has length one and contains a zero byte for the null method. ok jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/05/09 09:58:11 Modified files: usr.sbin/ospfd : Tag: OPENBSD_6_5 lsupdate.c Log message: OpenBSD 6.5 errata 036 (036_ospfd_lsa.patch.sig) CVSROOT:/cvs Module name:src Changes by: clau...@cvs.openbsd.org 2020/05/06 08:40:54 Modified files: usr.sbin/ospfd : lsupdate.c Log message: Do not use the pointer returned by ibuf_reserve() after calling another ibuf function. After the call the internal buffer may have moved by realloc() and so the pointer is invalid. Instead use ibuf_size() to get the current offset in the buffer and use ibuf_seek() later on to write back the updated lsa age into the buffer at the right spot. This fixes an issue seen by Richard Chivers on routers with many passive interfaces. OK stsp@ deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/05/09 09:59:55 Modified files: usr.sbin/ospfd : Tag: OPENBSD_6_6 lsupdate.c Log message: OpenBSD 6.6 errata 026 (026_ospfd_lsa.patch.sig) CVSROOT:/cvs Module name:src Changes by: clau...@cvs.openbsd.org 2020/05/06 08:40:54 Modified files: usr.sbin/ospfd : lsupdate.c Log message: Do not use the pointer returned by ibuf_reserve() after calling another ibuf function. After the call the internal buffer may have moved by realloc() and so the pointer is invalid. Instead use ibuf_size() to get the current offset in the buffer and use ibuf_seek() later on to write back the updated lsa age into the buffer at the right spot. This fixes an issue seen by Richard Chivers on routers with many passive interfaces. OK stsp@ deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/05/09 10:43:05 Modified files: lib/libssl : tls13_handshake.c tls13_internal.h tls13_server.c Log message: Send dummy ChangeCipherSpec messages from the TLSv1.3 server If the client has requested middle box compatibility mode by sending a non-empty legacy_session_id, the server must send a dummy CCS right after its first handshake message. This means right after ServerHello or HelloRetryRequest. ok jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/05/09 14:38:19 Modified files: lib/libssl : tls13_handshake.c tls13_internal.h tls13_server.c Log message: Back out server side CCS sending. It breaks TLSv1.3 client communication with TLSv1.2 servers, since it makes clients send their dummy CCS too early... There's an obvious but dirty bandaid which I can't bring myself to applying - this business is already disgusting enough. Issue found the hard way by sthen
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/05/10 11:13:30 Modified files: lib/libssl : tls13_handshake.c tls13_internal.h tls13_server.c Log message: Send dummy ChangeCipherSpec messages from the TLSv1.3 server If the client has requested middle box compatibility mode by sending a non-empty legacy_session_id, the server must send a dummy CCS right after its first handshake message. This means right after ServerHello or HelloRetryRequest. Two important improvements over the backed-out diffr: make sure that First: client and server can send their dummy CCS at the correct moment (right before the next flight or right after the current flight). Second: as jsing noted, we also need to deal with the corner case that tls13_send_dummy_ccs() can return TLS13_IO_WANT_POLLOUT. with/ok jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/05/12 14:12:44 Modified files: lib/libssl/man : SSL_CTX_set_min_proto_version.3 Log message: there should only be one i in gratuitous
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/05/13 11:58:04 Modified files: sys/dev/wscons : Tag: OPENBSD_6_7 wsdisplay.c wsemulconf.c Log message: OpenBSD 6.7 errata 001 (001_wscons.patch.sig) CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2020/05/10 14:50:55 Modified files: sys/dev/wscons : wsdisplay.c wsemulconf.c Log message: Fix two out-of-bounds array accesses in ioctl code pats. One found by jo...@armadilloaerospace.com and another one spotted by matthieu@. ok benno@, matthieu@, deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/05/14 12:04:19 Modified files: regress/lib/libssl/handshake: handshake_table.c Log message: move a #define after the last #include line
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/05/14 12:09:25 Modified files: regress/lib/libcrypto/wycheproof: wycheproof.go Log message: reinstate an error check that was commented out while waiting for arm packages to appear
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/05/14 12:11:46 Modified files: regress/lib/libcrypto/wycheproof: wycheproof.go Log message: go fmt whitespace nit
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/05/19 14:22:33 Modified files: lib/libssl : Tag: OPENBSD_6_7 tls13_client.c tls13_internal.h tls13_legacy.c Log message: OpenBSD 6.7 errata 004 6.7/004_libssl.patch.sig original commits: CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2020/05/16 08:44:55 Modified files: lib/libssl : tls13_client.c Log message: Ensure that a TLSv1.3 server has provided a certificate. The RFC requires that a server always provide a certificate for authentication. Ensure that this is the case, rather than proceeding and attempting validation. In the case where validation was disabled and the server returned an empty certificate list, this would have previously resulted in a NULL pointer deference. Issue reported by otto@ ok inoguchi@ tb@ CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2020/05/17 08:26:15 Modified files: lib/libssl : tls13_client.c Log message: Send a decode error alert if a server provides an empty certificate list. According to RFC 8446 section 4.4.2.4, a client receiving an empty certificate list must abort the handshake with a decode error alert. ok beck@ inoguchi@ tb@ ('it rarely is the alert you'd expect it to be...')
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/05/21 04:25:34 src/regress/lib/libssl/tlsfuzzer Update of /cvs/src/regress/lib/libssl/tlsfuzzer In directory cvs.openbsd.org:/tmp/cvs-serv8782/tlsfuzzer Log Message: Directory /cvs/src/regress/lib/libssl/tlsfuzzer added to the repository
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/05/21 04:38:44 Added files: regress/lib/libssl/tlsfuzzer: Makefile tlsfuzzer.py Log message: Add a harness that runs tests from tlsfuzzer This currently runs 54 tests from the tlsfuzzer suite against the TLSv1.3 server which exercise a large portion of the code. They already found a number of bugs and misbehaviors and also inspired a few diffs currently in the pipeline. This regress requires the py3-tlsfuzzer package to be installed, otherwise the tests are skipped. Many thanks to kmos for helping with the ports side and to beck for his positive feedback. ok beck
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/05/21 04:46:29 Modified files: regress/lib/libssl: Makefile Log message: hook tlsfuzzer to regress
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/05/21 13:08:32 Modified files: regress/lib/libssl/tlsfuzzer: tlsfuzzer.py Log message: beck fixed most of the keyupdate tests. update annotation
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/05/21 13:15:54 Modified files: lib/libssl : tls13_lib.c Log message: A failure of tls13_handshake_msg_new() could lead to a NULL deref in the following tls13_handshake_msg_start() call. Add a check. Stop clobbering the ctx's hs_msg variable, use a local variable instead. ok beck jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/05/21 13:27:22 Modified files: lib/libssl : tls13_lib.c Log message: Avoid a shadowing issue by renaming cbs and cbb to cbb_hs and cbb_hs, respectively. Discussed with jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/05/21 13:43:40 Modified files: lib/libssl : tls13_lib.c Log message: Simplify: transform a dangling else into an early return and unindent a bunch of code. Suggested by jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/05/23 02:47:19 Modified files: lib/libssl : ssl_tlsext.c tls13_server.c Log message: Do not assume that server_group != 0 or tlsext_supportedgroups != NULL implies that we're dealing with a HRR in the extension handling code. Explicitly check that we're in this situation by inspecting the flag in the handshake context. Add missing error checks and send the appropriate alerts. The hrr flag needs to be unset after parsing the client hello retry to avoid breaking the server hello handling. All this is far from ideal, but better than nothing. The correct fix would likely be to make the message type available but that would need to be part of a more extensive rearchitecture of the extension handling. Discussed at length with jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/05/23 03:02:02 Modified files: usr.bin/openssl: s_server.c Log message: Avoid an out-of-bounds array access in the s_server. It can be triggered by sending a line to stdin while no connection is open and then connecting a client. The first SSL_write() fails, sends SSL_ERROR_WANT_* and then causes a segfault deep down in the tls stack when accessing &(buf[-1]). ok beck inoguchi
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/05/23 05:30:13 Modified files: lib/libssl : ssl_lib.c Log message: fix a confusingly wrapped line
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/05/23 06:52:54 Modified files: usr.bin/openssl: s_client.c s_server.c Log message: In ssl_lib.c revision 1.217, jsing enabled SSL_MODE_AUTO_RETRY by default. To avoid hanging on a blocking read, we need to clear the SSL_MODE_AUTO_RETRY flag in the s_client and the s_server. ok beck inoguchi jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/05/23 07:00:30 Modified files: usr.bin/openssl: s_server.c Log message: While the second SSL_CTX in this code is only used on servername callback, so its mode is not used to update the ssl's mode, it seems more appropriate to clear the SSL_MODE_AUTO_RETRY flag on it as well. ok jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/05/23 11:33:51 Modified files: regress/lib/libssl/tlsfuzzer: Makefile Log message: Define REGRESS_TARGETS explicitly.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/05/24 04:35:57 Modified files: regress/lib/libssl/tlsfuzzer: tlsfuzzer.py Log message: The version detection doesn't work on bluhm's test machine, causing the test to fail. Neuter it for now and just assume we do TLSv1.3. I have been intending to purge this version detection hack once I'm sure we can leave the 1.3 server enabled but I'll leave it here for now.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/05/24 08:35:26 Modified files: regress/lib/libssl/tlsext: tlsexttest.c Log message: address some nits from jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/05/24 09:10:06 Modified files: regress/lib/libssl/tlsext: tlsexttest.c Log message: include newlines in FAIL messages
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/05/24 09:13:22 Modified files: lib/libssl : ssl_tlsext.c Log message: Fix some stylistic nits from jsing. ok jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/05/24 10:47:43 Modified files: usr.sbin/syspatch: syspatch.sh Log message: Relax the filename checks to allow dashes as well. Starting with OpenBSD 6.9, we can use less awkward filenames. Initial diff by deraadt, ok aja
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/05/24 10:48:35 Modified files: distrib/syspatch: bsd.syspatch.mk Log message: Adjust the sanity check for patch file names to allow a hyphen. ok aja
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/05/24 11:00:36 Modified files: usr.sbin/smtpd : Tag: OPENBSD_6_7 mta_session.c Log message: OpenBSD 6.7 errata 006, May 25, 2020: (6.7/006_smtpd_sockaddr.patch.sig) Incorrect use of getpeername(2) storage for outgoing IPv6 connections corrupts stack memory. The nature of the corruption and existing mitigations appear to make this difficult to effectively target. original commit: CVSROOT:/cvs Module name:src Changes by: mill...@cvs.openbsd.org 2020/05/21 09:38:05 Modified files: usr.sbin/smtpd : mta_session.c Log message: Correct getsockname(2)/getpeername(2) usage. Fixes an uninitialized variable and a potential stack overflow with IPv6 connections. From Leah Neukirchen; OK eric@ deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/05/24 14:01:59 Modified files: regress/lib/libssl/tlsext: tlsexttest.c Log message: Previous commit caught a few errx() cases by accident. undo them.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/05/26 11:44:23 Modified files: share/mk : bsd.lib.mk Log message: The EXCLUDE_REGEX needs some tweaking for 6.6 and 6.7 syspatch builds. ok robert
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/06/01 01:59:49 Modified files: lib/libssl : tls13_record_layer.c Log message: Add a mechanism to set an alert in those parts of the read half of the record layer that don't do I/O themselves. Use this mechanism to send a record overflow alert for messages that have overlong plaintext or inner plaintext. Fixes most of the remaining record-layer-limits failures of tlsfuzzer. ok jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/06/01 02:04:02 Modified files: lib/libssl : ssl_srvr.c Log message: Send an illegal_parameter alert if a client sends us invalid DH key shares. Previously we would fail and just close the pipe. Fixes the remaining failing test-dhe-rsa-key-exchange-with-bad-messages.py tests of tlsfuzzer. ok beck (earlier version) jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/06/01 02:05:33 Modified files: regress/lib/libssl/tlsfuzzer: tlsfuzzer.py Log message: Enable test-dhe-rsa-key-exchange-with-bad-messages.py
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/06/01 04:46:45 Modified files: regress/lib/libssl/tlsfuzzer: tlsfuzzer.py Log message: Enable the test-tls13-zero-length-data.py test, skipping the three tests that fail due to a BIO_gets() bug.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/06/01 13:51:31 Modified files: lib/libssl : tls13_record_layer.c Log message: Split the handling of post handshake handshake messages into its own recv function. This simplifies tls13_recod_layer_read_internal() greatly and makes the phh handling easier to reason about since the code is no longer glued to the right hand edge of the terminal. ok jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/06/01 22:50:17 Modified files: lib/libssl : tls13_server.c Log message: distracting whitespace
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/06/02 07:57:09 Modified files: lib/libssl : tls13_handshake.c Log message: Remove const modifier in return type of tls13_handshake_active_state() which make no sense as pointed out by gcc on sparc64. ok jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/06/02 22:47:03 Modified files: regress/lib/libssl/tlsfuzzer: tlsfuzzer.py Log message: Enable the record layer limits test and mark two finished test cases as xfail for now. Arguably, the expected decode_error is more appropriate than the decrypt_error that we send at the moment.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/06/04 12:41:42 Modified files: lib/libssl : tls13_client.c Log message: Improve client certificate selection for TLSv1.3 This allows clients to use EC certificates. ok inoguchi, jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/06/04 12:46:21 Modified files: lib/libssl : tls13_server.c Log message: Align tls13_server_select_certificate() with tls13_client_select_certificate(). ok inoguchi
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/06/05 12:44:42 Modified files: lib/libcrypto/evp: e_aes.c Log message: Add a custom copy handler for AES key wrap This is necessary because ctx->cipher_data is an EVP_AES_WRAP_CTX containing a pointer to ctx->iv. EVP_CIPHER_CTX_copy() uses memcpy to copy cipher_data to the target struct. The result is that the copy contains a pointer to the wrong struct, which then leads to a use-after-free. The custom copy handler fixes things up to avoid that. Issue reported by Guido Vranken ok beck inoguchi jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/06/09 21:56:22 Modified files: lib/libcrypto/x509: Tag: OPENBSD_6_7 x509_vfy.c Log message: OpenBSD 6.7 errata 010, June 11, 2020 (6.7/010_x509.patch.sig) original commit: CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2020/05/31 11:23:39 Modified files: lib/libcrypto/x509: x509_vfy.c Log message: When building a chain look for non-expired certificates first. Currently, when building a certificate chain we look up an issuer and if it is the only issuer certificate available we still use it even if it has expired. When X509_V_FLAG_TRUSTED_FIRST is not in use, untrusted certificates are processed first and if one of these happens to be expired it will be used to build the chain, even if there is another non-expired option in the trusted store. Rework this code so that we first look for a non-expired untrusted certificate. If one does not exist then we take a look in the trusted store to see if we would be able to build the chain and only if there is not, do we then look for an expired untrusted certificate. This makes certificate validation possible for various sites that are serving expired AddTrust certificates. Issue reported by Christian Heimes via GitHub. ok beck@ tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/06/09 21:56:28 Modified files: lib/libcrypto/x509: Tag: OPENBSD_6_6 x509_vfy.c Log message: OpenBSD 6.6 errata 032, June 11, 2020 (6.6/032_x509.patch.sig) original commit: CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2020/05/31 11:23:39 Modified files: lib/libcrypto/x509: x509_vfy.c Log message: When building a chain look for non-expired certificates first. Currently, when building a certificate chain we look up an issuer and if it is the only issuer certificate available we still use it even if it has expired. When X509_V_FLAG_TRUSTED_FIRST is not in use, untrusted certificates are processed first and if one of these happens to be expired it will be used to build the chain, even if there is another non-expired option in the trusted store. Rework this code so that we first look for a non-expired untrusted certificate. If one does not exist then we take a look in the trusted store to see if we would be able to build the chain and only if there is not, do we then look for an expired untrusted certificate. This makes certificate validation possible for various sites that are serving expired AddTrust certificates. Issue reported by Christian Heimes via GitHub. ok beck@ tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/06/10 16:14:37 Modified files: regress/lib/libssl/tlsfuzzer: tlsfuzzer.py Log message: Add lucky13 and bleichenbacher-timing tests
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/06/15 09:25:46 Modified files: lib/libcrypto/man: des_read_pw.3 Log message: Document EVP_read_pw_string_min(3) Add detailed information on the return values of all the functions in this page and remove the previous incorrect information. tweaks & ok schwarze
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/06/17 00:36:56 Modified files: sys/net: toeplitz.c Log message: Remove some of the unnecessary complications in the calculation of the stoeplitz_cache and bring them into a form more suitable for mathematical reasoning. Add a comment explaining the full construction which will also help justifying upcoming diffs. The observations for the code changes are the following: First, scache->bytes[val] is a uint16_t, and we only need the lower 16 bits of res in the second nested pair of for loops. The values of key[b] are only xored together to compute res, so we only need the lower 16 bits of those, too. Second, looking at the first nested for loop, we see that the values 0..15 of j only touch the top 16 bits of key[b], so we can skip them. For b = 0, the inner loop for j in 16..31 scans backwards through skey and sets the corresponding bits of key[b], so key[0] = skey. A bit of pondering then leads to key[b] = skey << b | skey >> (NBSK - b). The key array is renamed into column since it stores columns of the Toeplitz matrix. It's not very expensive to brute-force verify that scache->bytes[val] remains the same for all values of val and all values of skey. I did this on amd64, sparc64 and powerpc. ok dlg
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/06/17 21:53:38 Modified files: sys/net: toeplitz.c Log message: The next step is to use that we have cached the result of the matrix multiplication H * val in stoeplitz_cache_entry(scache, val), so the identity (H * x) ^ (H * y) == H * (x ^ y) allows us to push the calls to the cache function down to the end of stoeplitz_hash_ip{4,6}{,port}(). The identity in question was also confirmed on amd64, sparc64 and powerpc for all possible values of skey, x and y. ok dlg
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/06/17 23:33:17 Modified files: sys/net: toeplitz.c Log message: Now that the calls to stoeplitz_cache_entry() are out of the way, we can ditch half of the calculations by merging the computation of hi and lo, only splitting at the end. This allows us to leverage stoeplitz_hash_n16(). The name lo is now wrong. I kept it in order to avoid noise. I'm going to clean this up in the next step. ok dlg
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/06/18 05:06:32 Modified files: sys/net: toeplitz.c Log message: The same simplification can be done a second time: widen the type, xor laddr and faddr and the ports together and only then fold the 32 bits into 16 bits. ok dlg
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/06/18 06:22:39 Modified files: sys/net: toeplitz.c toeplitz.h Log message: Introduce stoeplitz_hash_n32() and use it to simplify the hash_ip* functions further. ok dlg
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/06/19 15:26:40 Modified files: lib/libssl : s3_cbc.c Log message: We inherited the constant time CBC padding removal from BoringSSL, but missed a subsequent fix for an off-by-one in that code. If the first byte of a CBC padding of length 255 is mangled, we don't detect that. Adam Langley's BoringSSL commit 80842bdb44855dd7f1dde64a3fa9f4e782310fc7 Fixes the failing tlsfuzzer lucky 13 test case. ok beck inoguchi
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/06/19 15:29:41 Modified files: regress/lib/libssl/tlsfuzzer: tlsfuzzer.py Log message: Enable lucky 13 test.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/06/21 01:14:17 Modified files: usr.sbin/tcpdump: print-wg.c Log message: Add RCS marker
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/06/24 00:03:22 Modified files: regress/lib/libssl/tlsfuzzer: tlsfuzzer.py Log message: Add test-ffdhe-expected-params.py
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/06/24 01:20:47 Modified files: usr.sbin/ldapd : ldapd.conf.5 ldapd.h parse.y Log message: Using the "ldaps" or "tls" keywords in ldapd.conf currently enables all protocols and ciphers. So you get a TLS server speaking TLSv1.0 and supporting cipher suites with RC4 and 3DES encryption, all of which should be considered broken. There is no way of disabling TLSv1.0 and TLSv1.1 in ldapd. All this is also not very clearly called out in the documentation. This commit switches the defaults to using the libtls defaults for both protocols and ciphers. If compatibility with the insecure legacy protocols and ciphers is needed, use the "legacy" keyword before "tls" or "ldaps" in ldapd.conf. tested by abieber. inoguchi agrees with the direction. ok beck
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/06/24 01:28:38 Modified files: lib/libssl : tls13_server.c Log message: Enforce restrictions for ClientHello extensions RFC 8446 section 9.2 imposes some requirements on the extensions sent in the ClientHello: key_share and supported_groups must either both be present or both be absent. If no pre_shared_key was sent, the CH must contain both signature_algorithms and supported_groups. If either of these conditions is violated, servers must abort the handshake with a missing_extensions alert. Add a function that enforces this. If we are going to enforce that clients send an SNI, we can also do this in this function. Fixes failing test case in tlsfuzzer's test-tls13-keyshare-omitted.py ok beck inoguchi jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/06/24 01:29:21 Modified files: regress/lib/libssl/tlsfuzzer: tlsfuzzer.py Log message: enable test-tls13-keyshare-omitted.py
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: t...@cvs.openbsd.org2020/06/24 01:52:53 Modified files: faq: current.html Log message: if you need TLSv1.0 or TLSv1.1 in your ldap setup, add "legacy" to your ldapd.conf
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/06/25 01:35:05 Modified files: lib/libssl : tls13_server.c Log message: Switch the order of the two tests in tls13_client_hello_required_extensions to match the order they are listed in the RFC. No functional change.
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: t...@cvs.openbsd.org2020/06/30 12:29:46 Modified files: faq: faq4.html Log message: The entire multibooting section needs work and testing. Reportedly, the GRUB 2 instructions don't work with GPT. Daniel Blevins invested a lot of time but only got rEFInd to work. The Windows section is probably outdated as well. Unless somebody steps up to confirm that things are ok as they are or to update and fix them, the section will be removed. discussed with tj
Re: CVS: cvs.openbsd.org: www
On Tue, Jun 30, 2020 at 12:29:46PM -0600, Theo Buehler wrote: > CVSROOT: /cvs > Module name: www > Changes by: t...@cvs.openbsd.org2020/06/30 12:29:46 > > Modified files: > faq: faq4.html > > Log message: > The entire multibooting section needs work and testing. > > Reportedly, the GRUB 2 instructions don't work with GPT. > Daniel Blevins invested a lot of time but only got rEFInd to work. Apologies: David Blevins > The Windows section is probably outdated as well. > > Unless somebody steps up to confirm that things are ok as they > are or to update and fix them, the section will be removed. > > discussed with tj >
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: t...@cvs.openbsd.org2020/07/02 06:41:15 Modified files: faq: faq4.html Log message: nick tells me that the windows section on multibooting is still ok and recently tested, so update the comment. alsoi: add a release marker for the .fs -> .img renaming
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/07/02 22:12:51 Modified files: lib/libssl : ssl_clnt.c ssl_srvr.c ssl_tlsext.c ssl_tlsext.h tls13_client.c tls13_internal.h tls13_lib.c tls13_server.c Log message: Improve argument order for the internal tlsext API Move is_server and msg_type right after the SSL object so that CBS and CBB and alert come last. This brings these functions more in line with other internal functions and separates state from data. requested by jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/07/02 22:13:41 Modified files: regress/lib/libssl/tlsext: tlsexttest.c Log message: adjust tlsexttest to new argument order
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/07/02 22:14:10 Modified files: regress/lib/libssl/unit: tls_ext_alpn.c Log message: adjust alpn extension test to new argument order
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/07/02 22:51:59 Modified files: lib/libssl : ssl_tlsext.c ssl_tlsext.h Log message: Make the message type available to the extension functions Some TLS extensions need to be treated differently depending on the handshake message they appear in. Over time, various workarounds and hacks were used to deal with the unavailability of the message type in these functions, but this is getting fragile and unwieldy. Having the message type available will enable us to clean this code up and will allow simple fixes for a number of bugs in our handling of the status_request extension reported by Michael Forney. This approach was suggested a while ago by jsing. ok beck jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/07/02 22:58:41 Modified files: regress/lib/libssl/tlsext: tlsexttest.c Log message: tlsexttest: pass message type to the extension functions ok beck jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/07/03 01:17:26 Modified files: lib/libssl : ssl_tlsext.c Log message: zap trailing whitespace on one line
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: t...@cvs.openbsd.org2020/07/03 23:11:01 Modified files: faq: faq4.html Log message: the grub instructions do more harm than good. just point out that refind and grub exist and make clear that you're on your own. wording from krw discussed with david blevins, krw, nick, tj.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/07/05 12:31:28 Modified files: regress/usr.sbin/rpki-client: test-mft.c Log message: Fix rpki-client regress test after -f removal. ok job
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/07/06 09:24:11 Modified files: regress/usr.bin/rcs: Makefile Log message: Add a few ${.CURDIR} to make the new RCS tests work with obj/ and obj@. ok stsp
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/07/09 04:42:24 Modified files: usr.bin/mg : re_search.c Log message: Avoid NULL deref in regexec when searching for empty lines. Report & tweak from Hiltjo Posthuma
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/07/13 02:29:34 Modified files: sys/net: if_wg.c Log message: Unbreak wg(4). Previous may have fixed the build without pf(4), but broke wireguard in normal kernels: the condition NPF > 0 is false if pf.h is not in scope.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/07/17 01:40:35 Modified files: sys/dev/pci: if_ix.c Log message: This needs for stoeplitz_to_key(9).
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/07/17 01:53:58 Modified files: sys/dev/pci: if_ix.c Log message: Revert r1.170. dlg and jmatthew simultaneously fixed this the correct way.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/07/17 07:13:36 Modified files: sys/net: toeplitz.c Log message: Randomize the system stoeplitz key One can prove that the Toeplitz matrix generated from a 16-bit seed is invertible if and only if the seed has odd Boolean parity. Invertibility is necessary and sufficient for the stoeplitz hash to take all 65536 possible values. Generate a system stoeplitz seed of odd parity uniformly at random. This is done by generating a random 16-bit number and then flipping its last bit if it's of even parity. This works since flipping the last bit swaps the numbers of even and odd parity, so we obtain a 2:1 mapping from all 16-bit numbers onto those with odd parity. Implementation of parity via popcount provided by naddy; input from miod, David Higgs, Matthew Martin, Martin Vahlensieck and others. ok dlg
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: t...@cvs.openbsd.org2020/07/20 10:41:54 Modified files: faq: faq4.html Log message: remove XXXrelease for .fs -> .img renaming
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/07/22 07:22:53 Modified files: usr.bin/mg : line.c Log message: Prevent mg segfault with query-replace-regex replacing ^ Patch from Mark Willson with a minor tweak
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/07/22 07:29:05 Modified files: usr.bin/mg : re_search.c Log message: Avoid running out of memory with query-replace-regex ^ Choosing ! (replace rest) never advances beyond the current line and keeps inserting the replacement test, and mg eventually runs out of memory. Patch from Mark Willson with minor stylistic tweaks. Looks good to Hiltjo Posthuma who would have preferred making forward replacing on empty lines work. Mark argued that this makes it behave consistently with the current behaviour when searching for ^ and the point at the beginning of a non-empty line in which case the cursor does not move either. Also tested by krw
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/07/22 23:59:21 Modified files: share/man/man4 : fido.4 Log message: Grammar fix: accept -> accepts. ok jmc
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/07/30 10:23:17 Modified files: lib/libssl : tls13_handshake.c tls13_internal.h tls13_lib.c Log message: Add minimal info callback support for TLSv1.3 As abieber@ found the hard way, some python frameworks (twisted, synapse) thought it a great idea to use the info callback mechanism (designed to get state information about SSL objects) to modify state information such as setting and verifying the SNI. The switch of TLS_method() to default to TLSv1.3 broke these contraptions. Further bits of the info callback mechanism will likely metastasize throughout the TLSv1.3 stack if we need them, so we only do what's really necessary now. Lots of debugging, crucial hint and testing by abieber input & ok jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/08/02 12:35:48 Modified files: lib/libutil: bcrypt_pbkdf.c Log message: Squelch warning by using idiom from libc bcrypt(3) Clang 10 warns about the expression sizeof(cdata) / sizeof(uint64_t) as cdata is an array of uint32_t and it expects that the intent of this is to compute the number of array elements. Use BCRYPT_WORDS / 2 instead. Same diff as millert's commit sys/lib/libsa/bcrypt_pbkdf.c -r1.2, which was ok kettenis. deraadt confirms that this satisfies clang 10.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/08/03 13:27:58 Modified files: lib/libssl : ssl_tlsext.c Log message: Correctly handle server requests for an OCSP response According to RFC 8446, 4.4.2.1, a server may request that a client present an OCSP response with its certificate by sending an empty status_request extension as part of the certificate request. The current code expects a full CertificateStatus structure, which is only sent if the server sends an OCSP response with its certificate. This causes interoperability issues with Go's TLS server and with newer GnuTLS where we would abort the handshake with a decode_error alert and length mismatch error. Issue reported and diagnosed by Michael Forney Problem also found by Mikolaj Kucharski and inoguchi. ok inoguchi jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/08/03 13:43:16 Modified files: lib/libssl : ssl_tlsext.c Log message: Ensure clients only send a status_request in the CH The current code might cause a client to send a status_request containing a CertificateStatusRequest with its certificate. This makes no sense. Pointed out by Michael Forney ok inoguchi jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/08/03 13:46:55 Modified files: lib/libssl : ssl_tlsext.c Log message: Only parse a client's status_request in the CH A client should only send a status_request as part of the CH. Pointed out by Michael Forney ok inoguchi jsing