Re: [PATCH] ec: add support for several more GOST curves
Hi, I have a 3 questions, - parameter set values for Twisted Edwards - description in _ec_list_element_st - naming about object identifier details are described below. On Thu, Mar 26, 2020 at 09:25:57PM +0300, dbarysh...@gmail.com wrote: > From: Dmitry Baryshkov > > Add support for GOST curves defined by RFC 7836 and > draft-deremin-rfc4491-bis. Add aliases for 256-bit GOST curves (see > draft-smyshlyaev-tls12-gost-suites). > > Sponsored by ROSA Linux. > > Signed-off-by: Dmitry Baryshkov > --- > src/lib/libcrypto/ec/ec_curve.c | 158 +- > src/lib/libcrypto/objects/obj_mac.num | 6 + > src/lib/libcrypto/objects/objects.txt | 10 +- > 3 files changed, 168 insertions(+), 6 deletions(-) > > diff --git a/src/lib/libcrypto/ec/ec_curve.c b/src/lib/libcrypto/ec/ec_curve.c > index e075b1ed3ea5..a1bc88ee2cc6 100644 > --- a/src/lib/libcrypto/ec/ec_curve.c > +++ b/src/lib/libcrypto/ec/ec_curve.c > @@ -2900,11 +2900,101 @@ static const struct { > } > }; > > +static const struct { > + EC_CURVE_DATA h; > + unsigned char data[0 + 32 * 6]; > +} > + _EC_GOST_2012_256_TC26_A = { > + { > + NID_X9_62_prime_field, 0, 32, 1 > + }, > + { /* no seed */ > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, > /* p */ > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, > + 0xFD, 0x97, > + 0xc2, 0x17, 0x3f, 0x15, 0x13, 0x98, 0x16, 0x73, 0xaf, 0x48, > /* a */ > + 0x92, 0xc2, 0x30, 0x35, 0xa2, 0x7c, 0xe2, 0x5e, 0x20, 0x13, > + 0xbf, 0x95, 0xaa, 0x33, 0xb2, 0x2c, 0x65, 0x6f, 0x27, 0x7e, > + 0x73, 0x35, > + 0x29, 0x5f, 0x9b, 0xae, 0x74, 0x28, 0xed, 0x9c, 0xcc, 0x20, > /* b */ > + 0xe7, 0xc3, 0x59, 0xa9, 0xd4, 0x1a, 0x22, 0xfc, 0xcd, 0x91, > + 0x08, 0xe1, 0x7b, 0xf7, 0xba, 0x93, 0x37, 0xa6, 0xf8, 0xae, > + 0x95, 0x13, > + 0x91, 0xe3, 0x84, 0x43, 0xa5, 0xe8, 0x2c, 0x0d, 0x88, 0x09, > /* x */ > + 0x23, 0x42, 0x57, 0x12, 0xb2, 0xbb, 0x65, 0x8b, 0x91, 0x96, > + 0x93, 0x2e, 0x02, 0xc7, 0x8b, 0x25, 0x82, 0xfe, 0x74, 0x2d, > + 0xaa, 0x28, > + 0x32, 0x87, 0x94, 0x23, 0xab, 0x1a, 0x03, 0x75, 0x89, 0x57, > /* y */ > + 0x86, 0xc4, 0xbb, 0x46, 0xe9, 0x56, 0x5f, 0xde, 0x0b, 0x53, > + 0x44, 0x76, 0x67, 0x40, 0xaf, 0x26, 0x8a, 0xdb, 0x32, 0x32, > + 0x2e, 0x5c, > + 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > /* order */ > + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0f, 0xd8, 0xcd, 0xdf, > + 0xc8, 0x7b, 0x66, 0x35, 0xc1, 0x15, 0xaf, 0x55, 0x6c, 0x36, > + 0x0c, 0x67, > + } > +}; > + This diff adds * below, and 2 Twisted Edwards one misses m,e,d,u,v. Is this as you expected for now ? Canonical: *id-tc26-gost-3410-2012-512-paramSetTest order = m = q id-tc26-gost-3410-2012-512-paramSetAorder = m = q id-tc26-gost-3410-2012-512-paramSetBorder = m = q Twisted Edwards: *id-tc26-gost-3410-2012-512-paramSetCorder = q, misses m,e,d,u,v *id-tc26-gost-3410-2012-256-paramSetAorder = q, misses m,e,d,u,v > static const struct { > EC_CURVE_DATA h; > unsigned char data[0 + 64 * 6]; > } > - _EC_GOST_2012_TC26_A = { > + _EC_GOST_2012_512_Test = { > + { > + NID_X9_62_prime_field, 0, 64, 1 > + }, > + { /* no seed */ > + 0x45, 0x31, 0xac, 0xd1, 0xfe, 0x00, 0x23, 0xc7, 0x55, 0x0d, > /* p */ > + 0x26, 0x7b, 0x6b, 0x2f, 0xee, 0x80, 0x92, 0x2b, 0x14, 0xb2, > + 0xff, 0xb9, 0x0f, 0x04, 0xd4, 0xeb, 0x7c, 0x09, 0xb5, 0xd2, > + 0xd1, 0x5d, 0xf1, 0xd8, 0x52, 0x74, 0x1a, 0xf4, 0x70, 0x4a, > + 0x04, 0x58, 0x04, 0x7e, 0x80, 0xe4, 0x54, 0x6d, 0x35, 0xb8, > + 0x33, 0x6f, 0xac, 0x22, 0x4d, 0xd8, 0x16, 0x64, 0xbb, 0xf5, > + 0x28, 0xbe, 0x63, 0x73, > + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > /* a */ > + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > + 0x00, 0x00, 0x00, 0x07, > + 0x1c, 0xff, 0x08, 0x06, 0xa3, 0x11, 0x16, 0xda, 0x29, 0xd8, > /* b */ > + 0xcf, 0xa5, 0x4e, 0x57, 0xeb, 0x74, 0x8b, 0xc5, 0xf3, 0x77, > + 0xe4, 0x94, 0x00, 0xfd, 0xd7, 0x88, 0xb6, 0x49, 0xec, 0xa1, > + 0xac, 0x43, 0x61, 0x83, 0x40, 0x13, 0xb2, 0xad, 0x73, 0x22, > + 0x48, 0x0a,
Re: sort: don't do top level comparison when invoked with -c
On Mon, Mar 23, 2020 at 09:41:16AM -0600, Todd C. Miller wrote: > GNU sort on Linux behaves the same as the OpenBSD sort when run in > the C locale. > > $ LANG=C sort -c -d -f input.txt > sort: input.txt:2: disorder: - > > $ LANG=C sort -c -d -i input.txt > sort: input.txt:2: disorder: - > > Since our C library doesn't really support other locales I think > this is the expected behavior. > > - todd It didn't occur to me to try this with the C locale. For what it's worth I asked on the coreutils list, where it's been suggested that the top-level sort could be dropped for locales that define a total ordering of all characters, which (I think) would include the C locale.[1] Thanks, Richard [1]: https://www.mail-archive.com/bug-coreutils@gnu.org/msg31342.html
Re: [PATCH 2/2] gost: use ECerror to report EC errors
I had checked this by portable build and all regresses passed. I'm ok with this diff. On Thu, Mar 26, 2020 at 09:28:02PM +0300, dbarysh...@gmail.com wrote: > From: Dmitry Baryshkov > > GOST code uses GOSTerror(EC_R_foo) to report several errors. Use > ECerror(EC_R_foo) instead to make error messages match error code. > > Sponsored by ROSA Linux. > > Signed-off-by: Dmitry Baryshkov > --- > src/lib/libcrypto/gost/gostr341001_ameth.c | 2 +- > src/lib/libcrypto/gost/gostr341001_key.c | 14 +++--- > src/lib/libcrypto/gost/gostr341001_pmeth.c | 2 +- > 3 files changed, 9 insertions(+), 9 deletions(-) > > diff --git a/src/lib/libcrypto/gost/gostr341001_ameth.c > b/src/lib/libcrypto/gost/gostr341001_ameth.c > index be621d0185dd..28ed55e6992f 100644 > --- a/src/lib/libcrypto/gost/gostr341001_ameth.c > +++ b/src/lib/libcrypto/gost/gostr341001_ameth.c > @@ -547,7 +547,7 @@ param_decode_gost01(EVP_PKEY *pkey, const unsigned char > **pder, int derlen) > } > group = EC_GROUP_new_by_curve_name(nid); > if (group == NULL) { > - GOSTerror(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE); > + ECerror(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE); > GOST_KEY_free(ec); > return 0; > } > diff --git a/src/lib/libcrypto/gost/gostr341001_key.c > b/src/lib/libcrypto/gost/gostr341001_key.c > index 0af39f21bf33..74f8cab9d86c 100644 > --- a/src/lib/libcrypto/gost/gostr341001_key.c > +++ b/src/lib/libcrypto/gost/gostr341001_key.c > @@ -121,7 +121,7 @@ GOST_KEY_check_key(const GOST_KEY *key) > return 0; > } > if (EC_POINT_is_at_infinity(key->group, key->pub_key) != 0) { > - GOSTerror(EC_R_POINT_AT_INFINITY); > + ECerror(EC_R_POINT_AT_INFINITY); > goto err; > } > if ((ctx = BN_CTX_new()) == NULL) > @@ -131,14 +131,14 @@ GOST_KEY_check_key(const GOST_KEY *key) > > /* testing whether the pub_key is on the elliptic curve */ > if (EC_POINT_is_on_curve(key->group, key->pub_key, ctx) == 0) { > - GOSTerror(EC_R_POINT_IS_NOT_ON_CURVE); > + ECerror(EC_R_POINT_IS_NOT_ON_CURVE); > goto err; > } > /* testing whether pub_key * order is the point at infinity */ > if ((order = BN_new()) == NULL) > goto err; > if (EC_GROUP_get_order(key->group, order, ctx) == 0) { > - GOSTerror(EC_R_INVALID_GROUP_ORDER); > + ECerror(EC_R_INVALID_GROUP_ORDER); > goto err; > } > if (EC_POINT_mul(key->group, point, NULL, key->pub_key, order, > @@ -147,7 +147,7 @@ GOST_KEY_check_key(const GOST_KEY *key) > goto err; > } > if (EC_POINT_is_at_infinity(key->group, point) == 0) { > - GOSTerror(EC_R_WRONG_ORDER); > + ECerror(EC_R_WRONG_ORDER); > goto err; > } > /* > @@ -156,7 +156,7 @@ GOST_KEY_check_key(const GOST_KEY *key) >*/ > if (key->priv_key != NULL) { > if (BN_cmp(key->priv_key, order) >= 0) { > - GOSTerror(EC_R_WRONG_ORDER); > + ECerror(EC_R_WRONG_ORDER); > goto err; > } > if (EC_POINT_mul(key->group, point, key->priv_key, NULL, NULL, > @@ -165,7 +165,7 @@ GOST_KEY_check_key(const GOST_KEY *key) > goto err; > } > if (EC_POINT_cmp(key->group, point, key->pub_key, ctx) != 0) { > - GOSTerror(EC_R_INVALID_PRIVATE_KEY); > + ECerror(EC_R_INVALID_PRIVATE_KEY); > goto err; > } > } > @@ -212,7 +212,7 @@ GOST_KEY_set_public_key_affine_coordinates(GOST_KEY *key, > BIGNUM *x, BIGNUM *y) >* out of range. >*/ > if (BN_cmp(x, tx) != 0 || BN_cmp(y, ty) != 0) { > - GOSTerror(EC_R_COORDINATES_OUT_OF_RANGE); > + ECerror(EC_R_COORDINATES_OUT_OF_RANGE); > goto err; > } > if (GOST_KEY_set_public_key(key, point) == 0) > diff --git a/src/lib/libcrypto/gost/gostr341001_pmeth.c > b/src/lib/libcrypto/gost/gostr341001_pmeth.c > index 0eb1d873deaf..0e0cae99e3fc 100644 > --- a/src/lib/libcrypto/gost/gostr341001_pmeth.c > +++ b/src/lib/libcrypto/gost/gostr341001_pmeth.c > @@ -246,7 +246,7 @@ pkey_gost01_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, > size_t *siglen, > *siglen = 2 * size; > return 1; > } else if (*siglen < 2 * size) { > - GOSTerror(EC_R_BUFFER_TOO_SMALL); > + ECerror(EC_R_BUFFER_TOO_SMALL); > return 0; > } > if (tbs_len != 32 && tbs_len != 64) { > -- > 2.25.1 >
Re: [PATCH 1/2] gost: add missing error reporting
I had checked this by portable build and all regresses passed. I'm ok with this diff. On Thu, Mar 26, 2020 at 09:28:01PM +0300, dbarysh...@gmail.com wrote: > From: Dmitry Baryshkov > > Add few more error reports to help debugging. > > Sponsored by ROSA Linux. > > Signed-off-by: Dmitry Baryshkov > --- > src/lib/libcrypto/gost/gostr341001_ameth.c | 20 +++- > 1 file changed, 15 insertions(+), 5 deletions(-) > > diff --git a/src/lib/libcrypto/gost/gostr341001_ameth.c > b/src/lib/libcrypto/gost/gostr341001_ameth.c > index 16295996dce7..be621d0185dd 100644 > --- a/src/lib/libcrypto/gost/gostr341001_ameth.c > +++ b/src/lib/libcrypto/gost/gostr341001_ameth.c > @@ -96,15 +96,19 @@ decode_gost01_algor_params(EVP_PKEY *pkey, const unsigned > char **p, int len) > ec = pkey->pkey.gost; > if (ec == NULL) { > ec = GOST_KEY_new(); > - if (ec == NULL) > + if (ec == NULL) { > + GOSTerror(ERR_R_MALLOC_FAILURE); > return 0; > + } > if (EVP_PKEY_assign_GOST(pkey, ec) == 0) > return 0; > } > > group = EC_GROUP_new_by_curve_name(param_nid); > - if (group == NULL) > + if (group == NULL) { > + ECerror(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE); > return 0; > + } > EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); > if (GOST_KEY_set_group(ec, group) == 0) { > EC_GROUP_free(group); > @@ -207,8 +211,10 @@ pub_decode_gost01(EVP_PKEY *pk, X509_PUBKEY *pub) > return 0; > } > p = pval->data; > - if (decode_gost01_algor_params(pk, , pval->length) == 0) > + if (decode_gost01_algor_params(pk, , pval->length) == 0) { > + GOSTerror(GOST_R_BAD_KEY_PARAMETERS_FORMAT); > return 0; > + } > > octet = d2i_ASN1_OCTET_STRING(NULL, _buf, pub_len); > if (octet == NULL) { > @@ -407,8 +413,10 @@ priv_decode_gost01(EVP_PKEY *pk, const > PKCS8_PRIV_KEY_INFO *p8inf) > int ptype = V_ASN1_UNDEF; > ASN1_STRING *pval = NULL; > > - if (PKCS8_pkey_get0(_obj, _buf, _len, , p8inf) == 0) > + if (PKCS8_pkey_get0(_obj, _buf, _len, , p8inf) == > 0) { > + GOSTerror(GOST_R_BAD_KEY_PARAMETERS_FORMAT); > return 0; > + } > (void)EVP_PKEY_assign_GOST(pk, NULL); > X509_ALGOR_get0(NULL, , (const void **), palg); > if (ptype != V_ASN1_SEQUENCE) { > @@ -416,8 +424,10 @@ priv_decode_gost01(EVP_PKEY *pk, const > PKCS8_PRIV_KEY_INFO *p8inf) > return 0; > } > p = pval->data; > - if (decode_gost01_algor_params(pk, , pval->length) == 0) > + if (decode_gost01_algor_params(pk, , pval->length) == 0) { > + GOSTerror(GOST_R_BAD_KEY_PARAMETERS_FORMAT); > return 0; > + } > p = pkey_buf; > if (V_ASN1_OCTET_STRING == *p) { > /* New format - Little endian octet string */ > -- > 2.25.1 >
[PATCH 1/8] ssl_sigalgs: select proper default algorithm for GOST pkeys
Return default sigalg algorithm depending in the default digest algorithm (GOST94 or Streebog) selected by pkey. Sponsored by ROSA Linux Signed-off-by: Dmitry Baryshkov --- src/lib/libssl/ssl_sigalgs.c | 43 -- src/regress/lib/libssl/tlsext/tlsexttest.c | 10 +++-- 2 files changed, 45 insertions(+), 8 deletions(-) diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c index 37fdcfa73fcb..0bf72aea21f0 100644 --- a/src/lib/libssl/ssl_sigalgs.c +++ b/src/lib/libssl/ssl_sigalgs.c @@ -40,7 +40,7 @@ const struct ssl_sigalg sigalgs[] = { { .value = SIGALG_GOSTR12_512_STREEBOG_512, .md = EVP_streebog512, - .key_type = EVP_PKEY_GOSTR12_512, + .key_type = EVP_PKEY_GOSTR01, }, #endif { @@ -69,7 +69,7 @@ const struct ssl_sigalg sigalgs[] = { { .value = SIGALG_GOSTR12_256_STREEBOG_256, .md = EVP_streebog256, - .key_type = EVP_PKEY_GOSTR12_256, + .key_type = EVP_PKEY_GOSTR01, }, { .value = SIGALG_GOSTR01_GOST94, @@ -170,6 +170,11 @@ uint16_t tls12_sigalgs[] = { SIGALG_ECDSA_SECP256R1_SHA256, SIGALG_RSA_PKCS1_SHA1, /* XXX */ SIGALG_ECDSA_SHA1, /* XXX */ +#ifndef OPENSSL_NO_GOST + SIGALG_GOSTR12_512_STREEBOG_512, + SIGALG_GOSTR12_256_STREEBOG_256, + SIGALG_GOSTR01_GOST94, +#endif }; size_t tls12_sigalgs_len = (sizeof(tls12_sigalgs) / sizeof(tls12_sigalgs[0])); @@ -254,9 +259,39 @@ ssl_sigalg_pkey_ok(const struct ssl_sigalg *sigalg, EVP_PKEY *pkey, } } +#ifndef OPENSSL_NO_GOST + if (pkey->type == EVP_PKEY_GOSTR01) { + int nid; + + if (!EVP_PKEY_get_default_digest_nid(pkey, )) + return 0; + + return EVP_MD_type(sigalg->md()) == nid; + } +#endif + return 1; } +#ifndef OPENSSL_NO_GOST +static const struct ssl_sigalg * +ssl_sigalg_gost_select(SSL *s, EVP_PKEY *pkey) +{ + int nid = NID_id_GostR3411_94; + + if (!EVP_PKEY_get_default_digest_nid(pkey, )) { + SSLerror(s, ERR_R_EVP_LIB); + /* fallthrough, return GOST94 */ + } + if (nid == NID_id_tc26_gost3411_2012_256) + return ssl_sigalg_lookup(SIGALG_GOSTR12_256_STREEBOG_256); + else if (nid == NID_id_tc26_gost3411_2012_512) + return ssl_sigalg_lookup(SIGALG_GOSTR12_512_STREEBOG_512); + else + return ssl_sigalg_lookup(SIGALG_GOSTR01_GOST94); +} +#endif + const struct ssl_sigalg * ssl_sigalg_select(SSL *s, EVP_PKEY *pkey) { @@ -280,7 +315,7 @@ ssl_sigalg_select(SSL *s, EVP_PKEY *pkey) return ssl_sigalg_lookup(SIGALG_ECDSA_SHA1); #ifndef OPENSSL_NO_GOST case EVP_PKEY_GOSTR01: - return ssl_sigalg_lookup(SIGALG_GOSTR01_GOST94); + return ssl_sigalg_gost_select(s, pkey); #endif } SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE); @@ -300,7 +335,7 @@ ssl_sigalg_select(SSL *s, EVP_PKEY *pkey) return ssl_sigalg_lookup(SIGALG_ECDSA_SHA1); #ifndef OPENSSL_NO_GOST case EVP_PKEY_GOSTR01: - return ssl_sigalg_lookup(SIGALG_GOSTR01_GOST94); + return ssl_sigalg_gost_select(s, pkey); #endif } SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE); diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c index c15724da29a4..0fed69b29cc4 100644 --- a/src/regress/lib/libssl/tlsext/tlsexttest.c +++ b/src/regress/lib/libssl/tlsext/tlsexttest.c @@ -1505,9 +1505,10 @@ test_tlsext_ri_server(void) */ static unsigned char tlsext_sigalgs_client[] = { - 0x00, 0x16, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, + 0x00, 0x1c, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, 0x08, 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 0x04, 0x03, 0x02, 0x01, 0x02, 0x03, + 0xef, 0xef, 0xee, 0xee, 0xed, 0xed, }; static int @@ -2712,13 +2713,14 @@ test_tlsext_srtp_server(void) #endif /* OPENSSL_NO_SRTP */ unsigned char tlsext_clienthello_default[] = { - 0x00, 0x32, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, + 0x00, 0x38, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x23, 0x00, 0x00, - 0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 0x08, 0x06, + 0x00, 0x0d, 0x00, 0x1e, 0x00, 0x1c, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, 0x08, 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 0x04, 0x03, - 0x02, 0x01, 0x02, 0x03, + 0x02, 0x01, 0x02, 0x03, 0xef, 0xef, 0xee, 0xee, + 0xed, 0xed, }; unsigned char tlsext_clienthello_disabled[] = {}; -- 2.25.1
[PATCH 5/8] ssl: support GOST certificates in ssl_cert_dup()
Add case entry for SSL_PKEY_GOST01 Sponsored by ROSA Linux Signed-off-by: Dmitry Baryshkov --- src/lib/libssl/ssl_cert.c | 4 1 file changed, 4 insertions(+) diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c index af8ef329b4b2..4da453c11eca 100644 --- a/src/lib/libssl/ssl_cert.c +++ b/src/lib/libssl/ssl_cert.c @@ -253,6 +253,10 @@ ssl_cert_dup(CERT *cert) /* We have an ECC key */ break; + case SSL_PKEY_GOST01: + /* We have a GOST key */ + break; + default: /* Can't happen. */ SSLerrorx(SSL_R_LIBRARY_BUG); -- 2.25.1
Re: vmm(4): unterminated vm_name after strncpy
On Sat, Mar 28, 2020 at 06:47:47PM -0600, Theo de Raadt wrote: > Or strncpy with length - 1 would be also good, since it won't copy >foo\0bar\0 > fully, but only >foo\0 > into the buffer and store it as >foo\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0 > and gaurantee the \0 on the in-kernel buffer. Agree, this sound even better. Index: vmm.c === RCS file: /cvs/src/sys/arch/amd64/amd64/vmm.c,v retrieving revision 1.268 diff -u -p -r1.268 vmm.c --- vmm.c 16 Mar 2020 08:21:16 - 1.268 +++ vmm.c 29 Mar 2020 00:52:05 - @@ -1167,7 +1167,7 @@ vm_create(struct vm_create_params *vcp, memcpy(vm->vm_memranges, vcp->vcp_memranges, vm->vm_nmemranges * sizeof(vm->vm_memranges[0])); vm->vm_memory_size = memsize; - strlcpy(vm->vm_name, vcp->vcp_name, VMM_MAX_NAME_LEN); + strncpy(vm->vm_name, vcp->vcp_name, VMM_MAX_NAME_LEN - 1); rw_enter_write(_softc->vm_lock);
Re: [PATCH] ec: add support for several more GOST curves
сб, 28 мар. 2020 г. в 11:30, Kinichiro Inoguchi : > > Hi, > > I have a 3 questions, > - parameter set values for Twisted Edwards > - description in _ec_list_element_st > - naming about object identifier > > details are described below. > > > On Thu, Mar 26, 2020 at 09:25:57PM +0300, dbarysh...@gmail.com wrote: > > From: Dmitry Baryshkov > > > > Add support for GOST curves defined by RFC 7836 and > > draft-deremin-rfc4491-bis. Add aliases for 256-bit GOST curves (see > > draft-smyshlyaev-tls12-gost-suites). > > > > Sponsored by ROSA Linux. > > > > Signed-off-by: Dmitry Baryshkov > > --- > > src/lib/libcrypto/ec/ec_curve.c | 158 +- > > src/lib/libcrypto/objects/obj_mac.num | 6 + > > src/lib/libcrypto/objects/objects.txt | 10 +- > > 3 files changed, 168 insertions(+), 6 deletions(-) > > > > diff --git a/src/lib/libcrypto/ec/ec_curve.c > > b/src/lib/libcrypto/ec/ec_curve.c > > index e075b1ed3ea5..a1bc88ee2cc6 100644 > > --- a/src/lib/libcrypto/ec/ec_curve.c > > +++ b/src/lib/libcrypto/ec/ec_curve.c > > @@ -2900,11 +2900,101 @@ static const struct { > > } > > }; > > > > +static const struct { > > + EC_CURVE_DATA h; > > + unsigned char data[0 + 32 * 6]; > > +} > > + _EC_GOST_2012_256_TC26_A = { > > + { > > + NID_X9_62_prime_field, 0, 32, 1 > > + }, > > + { /* no seed */ > > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, > > /* p */ > > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, > > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, > > + 0xFD, 0x97, > > + 0xc2, 0x17, 0x3f, 0x15, 0x13, 0x98, 0x16, 0x73, 0xaf, 0x48, > > /* a */ > > + 0x92, 0xc2, 0x30, 0x35, 0xa2, 0x7c, 0xe2, 0x5e, 0x20, 0x13, > > + 0xbf, 0x95, 0xaa, 0x33, 0xb2, 0x2c, 0x65, 0x6f, 0x27, 0x7e, > > + 0x73, 0x35, > > + 0x29, 0x5f, 0x9b, 0xae, 0x74, 0x28, 0xed, 0x9c, 0xcc, 0x20, > > /* b */ > > + 0xe7, 0xc3, 0x59, 0xa9, 0xd4, 0x1a, 0x22, 0xfc, 0xcd, 0x91, > > + 0x08, 0xe1, 0x7b, 0xf7, 0xba, 0x93, 0x37, 0xa6, 0xf8, 0xae, > > + 0x95, 0x13, > > + 0x91, 0xe3, 0x84, 0x43, 0xa5, 0xe8, 0x2c, 0x0d, 0x88, 0x09, > > /* x */ > > + 0x23, 0x42, 0x57, 0x12, 0xb2, 0xbb, 0x65, 0x8b, 0x91, 0x96, > > + 0x93, 0x2e, 0x02, 0xc7, 0x8b, 0x25, 0x82, 0xfe, 0x74, 0x2d, > > + 0xaa, 0x28, > > + 0x32, 0x87, 0x94, 0x23, 0xab, 0x1a, 0x03, 0x75, 0x89, 0x57, > > /* y */ > > + 0x86, 0xc4, 0xbb, 0x46, 0xe9, 0x56, 0x5f, 0xde, 0x0b, 0x53, > > + 0x44, 0x76, 0x67, 0x40, 0xaf, 0x26, 0x8a, 0xdb, 0x32, 0x32, > > + 0x2e, 0x5c, > > + 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > > /* order */ > > + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0f, 0xd8, 0xcd, 0xdf, > > + 0xc8, 0x7b, 0x66, 0x35, 0xc1, 0x15, 0xaf, 0x55, 0x6c, 0x36, > > + 0x0c, 0x67, > > + } > > +}; > > + > > > This diff adds * below, and 2 Twisted Edwards one misses m,e,d,u,v. > Is this as you expected for now ? > > Canonical: > *id-tc26-gost-3410-2012-512-paramSetTest order = m = q >id-tc26-gost-3410-2012-512-paramSetAorder = m = q >id-tc26-gost-3410-2012-512-paramSetBorder = m = q > > Twisted Edwards: > *id-tc26-gost-3410-2012-512-paramSetCorder = q, misses m,e,d,u,v > *id-tc26-gost-3410-2012-256-paramSetAorder = q, misses m,e,d,u,v This is expected. These curves are defined in Weierstrass form (a, b, x, y) and in birationally equivalent Twisted Edwards form (e, d, u, v). One can perform calculations in any of these forms. In this RFC m = order of a whole curve, q is an order of the subgroup. Version 2 of the patch will fix cofactors. > > #endif > > > > typedef struct _ec_list_element_st { > > @@ -3147,8 +3291,14 @@ static const ec_list_element curve_list[] = { > > {NID_id_GostR3410_2001_CryptoPro_C_ParamSet, > > &_EC_GOST_2001_CryptoPro_C.h, 0, "GOST R 34.10-2001 CryptoPro-C"}, > > {NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet, > > &_EC_GOST_2001_CryptoPro_A.h, 0, "GOST R 34.10-2001 CryptoPro-XchA"}, > > {NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet, > > &_EC_GOST_2001_CryptoPro_C.h, 0, "GOST R 34.10-2001 CryptoPro-XchB"}, > > - {NID_id_tc26_gost_3410_2012_512_paramSetA, &_EC_GOST_2012_TC26_A.h, > > 0, "GOST R 34.10-2012 TC26-A"}, > > - {NID_id_tc26_gost_3410_2012_512_paramSetB, &_EC_GOST_2012_TC26_B.h, > > 0, "GOST R 34.10-2012 TC26-B"}, > > + {NID_id_tc26_gost_3410_2012_256_paramSetA, > > &_EC_GOST_2012_256_TC26_A.h, 0, "GOST R 34.10-2012 256 TC26-A"}, > > + {NID_id_tc26_gost_3410_2012_256_paramSetB, > > &_EC_GOST_2001_CryptoPro_A.h, 0, "GOST R 34.10-2001 512 TC26-B"}, > > + {NID_id_tc26_gost_3410_2012_256_paramSetC, > > &_EC_GOST_2001_CryptoPro_B.h, 0, "GOST R 34.10-2001
Dedulpicate pipex(4) and pppx(4) code
pppx(4) has code copypasted from pipex(4). Patch below deduplicates it. Introduded pipex_session_setup() and pipex_session_destroy() functions. Original pipex_destroy_session() renamed to pipex_del_session() to be consistent with PIPEXDSESSION (Delete the specified session from the kernel). Index: sys/net/if_pppx.c === RCS file: /cvs/src/sys/net/if_pppx.c,v retrieving revision 1.77 diff -u -p -r1.77 if_pppx.c --- sys/net/if_pppx.c 26 Mar 2020 16:50:46 - 1.77 +++ sys/net/if_pppx.c 28 Mar 2020 14:45:08 - @@ -655,167 +655,26 @@ int pppx_add_session(struct pppx_dev *pxd, struct pipex_session_req *req) { struct pppx_if *pxi; - struct pipex_session *session; - struct pipex_hash_head *chain; + struct pipex_iface_context *iface; struct ifnet *ifp; - int unit, error = 0; + int unit, error; struct in_ifaddr *ia; struct sockaddr_in ifaddr; -#ifdef PIPEX_PPPOE - struct ifnet *over_ifp = NULL; -#endif - switch (req->pr_protocol) { -#ifdef PIPEX_PPPOE - case PIPEX_PROTO_PPPOE: - over_ifp = ifunit(req->pr_proto.pppoe.over_ifname); - if (over_ifp == NULL) - return (EINVAL); - if (req->pr_peer_address.ss_family != AF_UNSPEC) - return (EINVAL); - break; -#endif -#if defined(PIPEX_PPTP) || defined(PIPEX_L2TP) - case PIPEX_PROTO_PPTP: - case PIPEX_PROTO_L2TP: - switch (req->pr_peer_address.ss_family) { - case AF_INET: - if (req->pr_peer_address.ss_len != sizeof(struct sockaddr_in)) - return (EINVAL); - break; -#ifdef INET6 - case AF_INET6: - if (req->pr_peer_address.ss_len != sizeof(struct sockaddr_in6)) - return (EINVAL); - break; -#endif - default: - return (EPROTONOSUPPORT); - } - if (req->pr_peer_address.ss_family != - req->pr_local_address.ss_family || - req->pr_peer_address.ss_len != - req->pr_local_address.ss_len) - return (EINVAL); - break; -#endif /* defined(PIPEX_PPTP) || defined(PIPEX_L2TP) */ - default: - return (EPROTONOSUPPORT); - } + NET_ASSERT_LOCKED(); pxi = pool_get(pppx_if_pl, PR_WAITOK | PR_ZERO); - if (pxi == NULL) - return (ENOMEM); - session = >pxi_session; ifp = >pxi_if; + iface = >pxi_ifcontext; - /* fake a pipex interface context */ - session->pipex_iface = >pxi_ifcontext; - session->pipex_iface->ifnet_this = ifp; - session->pipex_iface->pipexmode = PIPEX_ENABLED; - - /* setup session */ - session->state = PIPEX_STATE_OPENED; - session->protocol = req->pr_protocol; - session->session_id = req->pr_session_id; - session->peer_session_id = req->pr_peer_session_id; - session->peer_mru = req->pr_peer_mru; - session->timeout_sec = req->pr_timeout_sec; - session->ppp_flags = req->pr_ppp_flags; - session->ppp_id = req->pr_ppp_id; - - session->ip_forward = 1; - - session->ip_address.sin_family = AF_INET; - session->ip_address.sin_len = sizeof(struct sockaddr_in); - session->ip_address.sin_addr = req->pr_ip_address; - - session->ip_netmask.sin_family = AF_INET; - session->ip_netmask.sin_len = sizeof(struct sockaddr_in); - session->ip_netmask.sin_addr = req->pr_ip_netmask; - - if (session->ip_netmask.sin_addr.s_addr == 0L) - session->ip_netmask.sin_addr.s_addr = 0xL; - session->ip_address.sin_addr.s_addr &= - session->ip_netmask.sin_addr.s_addr; - - if (req->pr_peer_address.ss_len > 0) - memcpy(>peer, >pr_peer_address, - MIN(req->pr_peer_address.ss_len, sizeof(session->peer))); - if (req->pr_local_address.ss_len > 0) - memcpy(>local, >pr_local_address, - MIN(req->pr_local_address.ss_len, sizeof(session->local))); -#ifdef PIPEX_PPPOE - if (req->pr_protocol == PIPEX_PROTO_PPPOE) - session->proto.pppoe.over_ifidx = over_ifp->if_index; -#endif -#ifdef PIPEX_PPTP - if (req->pr_protocol == PIPEX_PROTO_PPTP) { - struct pipex_pptp_session *sess_pptp = >proto.pptp; - - sess_pptp->snd_gap = 0; - sess_pptp->rcv_gap = 0; - sess_pptp->snd_una = req->pr_proto.pptp.snd_una; - sess_pptp->snd_nxt = req->pr_proto.pptp.snd_nxt; - sess_pptp->rcv_nxt = req->pr_proto.pptp.rcv_nxt; - sess_pptp->rcv_acked = req->pr_proto.pptp.rcv_acked; - - sess_pptp->winsz =
[patch] ERR_print_errors.3
Hi there Unless I miss something ERR_print_errors_cb returns no value as well. Best, Martin Index: ERR_print_errors.3 === RCS file: /cvs/src/lib/libcrypto/man/ERR_print_errors.3,v retrieving revision 1.7 diff -u -p -r1.7 ERR_print_errors.3 --- ERR_print_errors.3 27 Mar 2018 17:35:50 - 1.7 +++ ERR_print_errors.3 28 Mar 2020 20:03:35 - @@ -104,9 +104,10 @@ respective error code. If there is no text string registered for the given error code, the error string will contain the numeric code. .Sh RETURN VALUES -.Fn ERR_print_errors -and +.Fn ERR_print_errors , .Fn ERR_print_errors_fp +and +.Fn ERR_print_errors_cb return no values. .Sh SEE ALSO .Xr ERR 3 ,
[PATCH 6/8] ssl: do not send GOST 94 certificate type
GOST R 34.10-94 is an obsolete certificate type, unsupported by LibreSSL and by the rest of current software, so there is no point in sending in the CertificateTypes. Drop it. Sponsored by ROSA Linux Signed-off-by: Dmitry Baryshkov --- src/lib/libssl/s3_lib.c | 2 -- src/lib/libssl/tls1.h | 1 - 2 files changed, 3 deletions(-) diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index dfd5893a2fa7..f71995632040 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c @@ -2549,8 +2549,6 @@ ssl3_get_req_cert_types(SSL *s, CBB *cbb) #ifndef OPENSSL_NO_GOST if ((alg_k & SSL_kGOST) != 0) { - if (!CBB_add_u8(cbb, TLS_CT_GOST94_SIGN)) - return 0; if (!CBB_add_u8(cbb, TLS_CT_GOST01_SIGN)) return 0; if (!CBB_add_u8(cbb, TLS_CT_GOST12_256_SIGN)) diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h index 2230f0bab8b9..26dca0803434 100644 --- a/src/lib/libssl/tls1.h +++ b/src/lib/libssl/tls1.h @@ -738,7 +738,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) #define TLS_CT_ECDSA_SIGN 64 #define TLS_CT_RSA_FIXED_ECDH 65 #define TLS_CT_ECDSA_FIXED_ECDH66 -#define TLS_CT_GOST94_SIGN 21 #define TLS_CT_GOST01_SIGN 22 #define TLS_CT_GOST12_256_SIGN 238 /* FIXME: IANA */ #define TLS_CT_GOST12_512_SIGN 239 /* FIXME: IANA */ -- 2.25.1
[PATCH 7/8] ssl: add support for IANA-allocated GOST certificate types
IANA has allocated numbers for GOST ClientCertificateType. Use them in addition to private values (left in place for compat). Sponsored by ROSA Linux Signed-off-by: Dmitry Baryshkov --- src/lib/libssl/s3_lib.c | 4 src/lib/libssl/tls1.h | 6 -- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index f71995632040..671d86e8cc14 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c @@ -2555,6 +2555,10 @@ ssl3_get_req_cert_types(SSL *s, CBB *cbb) return 0; if (!CBB_add_u8(cbb, TLS_CT_GOST12_512_SIGN)) return 0; + if (!CBB_add_u8(cbb, TLS_CT_GOST12_256_SIGN_COMPAT)) + return 0; + if (!CBB_add_u8(cbb, TLS_CT_GOST12_512_SIGN_COMPAT)) + return 0; } #endif diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h index 26dca0803434..b7d7fe48a27d 100644 --- a/src/lib/libssl/tls1.h +++ b/src/lib/libssl/tls1.h @@ -739,8 +739,10 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) #define TLS_CT_RSA_FIXED_ECDH 65 #define TLS_CT_ECDSA_FIXED_ECDH66 #define TLS_CT_GOST01_SIGN 22 -#define TLS_CT_GOST12_256_SIGN 238 /* FIXME: IANA */ -#define TLS_CT_GOST12_512_SIGN 239 /* FIXME: IANA */ +#define TLS_CT_GOST12_256_SIGN 67 +#define TLS_CT_GOST12_512_SIGN 68 +#define TLS_CT_GOST12_256_SIGN_COMPAT 238 /* pre-IANA, for compat */ +#define TLS_CT_GOST12_512_SIGN_COMPAT 239 /* pre-IANA, for compat */ /* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see * comment there) */ #define TLS_CT_NUMBER 11 -- 2.25.1
Re: vmm(4): unterminated vm_name after strncpy
Or strncpy with length - 1 would be also good, since it won't copy foo\0bar\0 fully, but only foo\0 into the buffer and store it as foo\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0 and gaurantee the \0 on the in-kernel buffer.
[PATCH 3/8] ssl: add support for IANA-allocated GOST sigalgs values
Add support for IANA-allocated GOST SignatureAlgorithms values. Values predating IANA allocation are left in place because they are still used by deployed products. Sponsored by ROSA Linux Signed-off-by: Dmitry Baryshkov --- src/lib/libssl/ssl_sigalgs.c | 12 src/lib/libssl/ssl_sigalgs.h | 2 ++ 2 files changed, 14 insertions(+) diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c index 0bf72aea21f0..f4d5f5bc5621 100644 --- a/src/lib/libssl/ssl_sigalgs.c +++ b/src/lib/libssl/ssl_sigalgs.c @@ -37,6 +37,11 @@ const struct ssl_sigalg sigalgs[] = { .curve_nid = NID_secp521r1, }, #ifndef OPENSSL_NO_GOST + { + .value = SIGALG_GOSTR12_512, + .md = EVP_streebog512, + .key_type = EVP_PKEY_GOSTR01, + }, { .value = SIGALG_GOSTR12_512_STREEBOG_512, .md = EVP_streebog512, @@ -66,6 +71,11 @@ const struct ssl_sigalg sigalgs[] = { .curve_nid = NID_X9_62_prime256v1, }, #ifndef OPENSSL_NO_GOST + { + .value = SIGALG_GOSTR12_256, + .md = EVP_streebog256, + .key_type = EVP_PKEY_GOSTR01, + }, { .value = SIGALG_GOSTR12_256_STREEBOG_256, .md = EVP_streebog256, @@ -171,7 +181,9 @@ uint16_t tls12_sigalgs[] = { SIGALG_RSA_PKCS1_SHA1, /* XXX */ SIGALG_ECDSA_SHA1, /* XXX */ #ifndef OPENSSL_NO_GOST + SIGALG_GOSTR12_512, SIGALG_GOSTR12_512_STREEBOG_512, + SIGALG_GOSTR12_256, SIGALG_GOSTR12_256_STREEBOG_256, SIGALG_GOSTR01_GOST94, #endif diff --git a/src/lib/libssl/ssl_sigalgs.h b/src/lib/libssl/ssl_sigalgs.h index 13a3597fb5a3..5fe3fc3bb27c 100644 --- a/src/lib/libssl/ssl_sigalgs.h +++ b/src/lib/libssl/ssl_sigalgs.h @@ -42,6 +42,8 @@ __BEGIN_HIDDEN_DECLS #define SIGALG_RSA_PSS_PSS_SHA256 0x0809 #define SIGALG_RSA_PSS_PSS_SHA384 0x080a #define SIGALG_RSA_PSS_PSS_SHA512 0x080b +#define SIGALG_GOSTR12_256 0x0840 +#define SIGALG_GOSTR12_512 0x0841 #define SIGALG_RSA_PKCS1_SHA1 0x0201 #define SIGALG_ECDSA_SHA1 0x0203 #define SIGALG_PRIVATE_START 0xFE00 -- 2.25.1
[PATCH 2/8] ssl: pass a flag to GOST pkey to generate proper TLS1.2 CertVerify
GOST cipher suites requires to generate CertVerify signatures in a special way (see ssl3_send_client_kex_gost(), ssl3_get_cert_verify()). However a flag GOST_SIG_FORMAT_RS_LE was not passed in case of TLS 1.2 connections (because they use different code path). Pass this flag to the PKEY if it is a GOST pkey. Sponsored by ROSA Linux Signed-off-by: Dmitry Baryshkov --- src/lib/libssl/ssl_clnt.c | 7 +++ src/lib/libssl/ssl_srvr.c | 7 +++ 2 files changed, 14 insertions(+) diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index ce43a89ca737..2a16bd19f247 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c @@ -2345,6 +2345,13 @@ ssl3_send_client_verify_sigalgs(SSL *s, CBB *cert_verify) SSLerror(s, ERR_R_EVP_LIB); goto err; } + if (sigalg->key_type == NID_id_GostR3410_2001 && + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, + EVP_PKEY_CTRL_GOST_SIG_FORMAT, + GOST_SIG_FORMAT_RS_LE, NULL) <= 0) { + SSLerror(s, ERR_R_EVP_LIB); + goto err; + } if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) && (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) || !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) { diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index c9c24f0453bd..2fe634de30d3 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c @@ -2182,6 +2182,13 @@ ssl3_get_cert_verify(SSL *s) al = SSL_AD_INTERNAL_ERROR; goto f_err; } + if (sigalg->key_type == NID_id_GostR3410_2001 && + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_VERIFY, + EVP_PKEY_CTRL_GOST_SIG_FORMAT, + GOST_SIG_FORMAT_RS_LE, NULL) <= 0) { + al = SSL_AD_INTERNAL_ERROR; + goto f_err; + } if (!EVP_DigestVerifyUpdate(, hdata, hdatalen)) { SSLerror(s, ERR_R_EVP_LIB); al = SSL_AD_INTERNAL_ERROR; -- 2.25.1
[PATCH 4/8] ssl: provide interoperability with CryptoPro CSP
Windows CSPs fail to send proper SigAlgs extension (it does not include GOST entries even for GOST CipherSuites). To ensure interoperability, assume that the server will understand GOST sigalgs if it has sent GOST certificate. Sponsored by ROSA Linux Signed-off-by: Dmitry Baryshkov --- src/lib/libssl/ssl_sigalgs.c | 9 + 1 file changed, 9 insertions(+) diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c index f4d5f5bc5621..ccf955b4c501 100644 --- a/src/lib/libssl/ssl_sigalgs.c +++ b/src/lib/libssl/ssl_sigalgs.c @@ -373,6 +373,15 @@ ssl_sigalg_select(SSL *s, EVP_PKEY *pkey) return sigalg; } +#ifndef OPENSSL_NO_GOST + /* Windows CSPs fail to send proper SigAlgs extension (it does not +* include GOST entries even for GOST CipherSuites). To ensure +* interoperability, assume that the server will understand GOST +* sigalgs if it has sent GOST certificate. */ + if (pkey->type == EVP_PKEY_GOSTR01) + return ssl_sigalg_gost_select(s, pkey); +#endif + SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE); return NULL; } -- 2.25.1
[PATCH 8/8] ssl: add support for new GOST CNT-IMIT ciphersuite value
Add support for IANA-assigned value {0xc1, 0x02} for GOST CNT-IMIT CipherSuite (GOST2012256-GOST89-GOST89). Sponsored by ROSA Linux Signed-off-by: Dmitry Baryshkov --- src/lib/libssl/s3_lib.c | 17 + 1 file changed, 17 insertions(+) diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 671d86e8cc14..662df29ae91e 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c @@ -1305,6 +1305,23 @@ SSL_CIPHER ssl3_ciphers[] = { .alg_bits = 256, }, + /* Cipher C102 */ + { + .valid = 1, + .name = "GOST2012256-GOST89-GOST89", + .id = 0x300c102, + .algorithm_mkey = SSL_kGOST, + .algorithm_auth = SSL_aGOST01, + .algorithm_enc = SSL_eGOST2814789CNT, + .algorithm_mac = SSL_GOST89MAC, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256| + TLS1_STREAM_MAC, + .strength_bits = 256, + .alg_bits = 256 + }, + /* Cipher CCA8 */ { .valid = 1, -- 2.25.1
Re: vmm(4): unterminated vm_name after strncpy
> Index: sys/arch/amd64/amd64/vmm.c > === > RCS file: /mount/openbsd/cvs/src/sys/arch/amd64/amd64/vmm.c,v > retrieving revision 1.266 > diff -u -p -r1.266 vmm.c > --- sys/arch/amd64/amd64/vmm.c 11 Mar 2020 16:38:42 - 1.266 > +++ sys/arch/amd64/amd64/vmm.c 12 Mar 2020 21:15:01 - > @@ -1167,7 +1167,7 @@ vm_create(struct vm_create_params *vcp, > memcpy(vm->vm_memranges, vcp->vcp_memranges, > vm->vm_nmemranges * sizeof(vm->vm_memranges[0])); > vm->vm_memory_size = memsize; > - strncpy(vm->vm_name, vcp->vcp_name, VMM_MAX_NAME_LEN); > + strlcpy(vm->vm_name, vcp->vcp_name, VMM_MAX_NAME_LEN); Coincidentally syzkaller managed to trigger a uvm_fault in this line. https://syzkaller.appspot.com/bug?extid=48e38ebd31c030b5841c ddb> trace strlcpy(80001d374448,80a2cc20,40) at strlcpy+0xcf sys/lib/libkern/strlcpy.c:44 vm_create(80a2c800,80001d339758) at vm_create+0x112 sys/arch/amd64/amd64/vmm.c:1172 VOP_IOCTL(fd805d843820,c5005601,80a2c800,1,fd806c3bfc00,80001d339758) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290 vn_ioctl(fd805d877800,c5005601,80a2c800,80001d339758) at vn_ioctl+0xb5 sys/kern/vfs_vnops.c:531 Unfortunately there's no reproducer Thanks Greg -- nest.cx is Gmail hosted, use PGP: https://pgp.key-server.io/0x0B1542BD8DF5A1B0 Fingerprint: 5E2B 2D0E 1E03 2046 BEC3 4D50 0B15 42BD 8DF5 A1B0
Re: vmm(4): unterminated vm_name after strncpy
Pretty obvious why. The kernel doesn't check it's a string, before calling strlcpy which (correctly) runs off the array hunting for the terminal NUL, and into the next object, and I guess it finds a NUL in the next VA page which isn't actually mapped with storage. With strncpy, this was safe. The input storage wasn't a real string, and the interior storage wasn't a real string either. Then on the output side, this was handled. There two choices to go with: - validate the input is a string before calling strlcpy. - copy the whole region with memcpy, and then manuall NUL-terminate the buffer. The same will apply to other vcp ioctl fields. Greg Steuck wrote: > > Index: sys/arch/amd64/amd64/vmm.c > > === > > RCS file: /mount/openbsd/cvs/src/sys/arch/amd64/amd64/vmm.c,v > > retrieving revision 1.266 > > diff -u -p -r1.266 vmm.c > > --- sys/arch/amd64/amd64/vmm.c 11 Mar 2020 16:38:42 - 1.266 > > +++ sys/arch/amd64/amd64/vmm.c 12 Mar 2020 21:15:01 - > > @@ -1167,7 +1167,7 @@ vm_create(struct vm_create_params *vcp, > > memcpy(vm->vm_memranges, vcp->vcp_memranges, > > vm->vm_nmemranges * sizeof(vm->vm_memranges[0])); > > vm->vm_memory_size = memsize; > > - strncpy(vm->vm_name, vcp->vcp_name, VMM_MAX_NAME_LEN); > > + strlcpy(vm->vm_name, vcp->vcp_name, VMM_MAX_NAME_LEN); > > Coincidentally syzkaller managed to trigger a uvm_fault in this line. > https://syzkaller.appspot.com/bug?extid=48e38ebd31c030b5841c > > ddb> trace > strlcpy(80001d374448,80a2cc20,40) at strlcpy+0xcf > sys/lib/libkern/strlcpy.c:44 > vm_create(80a2c800,80001d339758) at vm_create+0x112 > sys/arch/amd64/amd64/vmm.c:1172 > VOP_IOCTL(fd805d843820,c5005601,80a2c800,1,fd806c3bfc00,80001d339758) > at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290 > vn_ioctl(fd805d877800,c5005601,80a2c800,80001d339758) at > vn_ioctl+0xb5 sys/kern/vfs_vnops.c:531 > > Unfortunately there's no reproducer > > Thanks > Greg > -- > nest.cx is Gmail hosted, use PGP: > https://pgp.key-server.io/0x0B1542BD8DF5A1B0 > Fingerprint: 5E2B 2D0E 1E03 2046 BEC3 4D50 0B15 42BD 8DF5 A1B0
pipex(4) man page fix
pipex not used with tun(4) Index: share/man/man4/pipex.4 === RCS file: /cvs/src/share/man/man4/pipex.4,v retrieving revision 1.11 diff -u -p -r1.11 pipex.4 --- share/man/man4/pipex.4 18 Apr 2017 03:21:48 - 1.11 +++ share/man/man4/pipex.4 28 Mar 2020 21:13:57 - @@ -32,9 +32,7 @@ .Sh DESCRIPTION .Nm is used with -.Xr tun 4 -and -.Xr pppx 4 , +.Xr pppx 4 and handles PPP frames and forwards IP packets in-kernel. It accelerates the performance of packet forwarding, because it reduces copying of packets between kernel and userland. @@ -51,10 +49,8 @@ using adds some extensions to the .Xr ioctl 2 requests to -.Xr tun 4 -or .Xr pppx 4 -devices. +device. The added requests are as follows: .Bl -tag -width Ds .It Dv PIPEXGMODEFa "int *" @@ -104,8 +100,7 @@ struct pipex_session_req { uint16_tpr_peer_mru; /* peer's mru */ uint16_tpr_timeout_sec; /* idle timer */ -struct in_addr pr_ip_srcaddr;/* local IP address. -not used by tun(4) */ +struct in_addr pr_ip_srcaddr;/* local IP address */ struct in_addr pr_ip_address;/* framed IP address */ struct in_addr pr_ip_netmask;/* framed IP netmask */ struct sockaddr_in6 pr_ip6_address; /* framed IPv6 address */ @@ -264,9 +259,6 @@ struct pipex_session_list_req { Set the .Xr pppx 4 interface's description of the session. -This command doesn't work on -.Xr tun 4 -devices. Specify the session and its description using a .Vt pipex_session_descr_req structure, which has the following definition: @@ -281,7 +273,6 @@ struct pipex_session_descr_req { .Sh SEE ALSO .Xr ioctl 2 , .Xr pppx 4 , -.Xr tun 4 , .Xr npppd 8 , .Xr sysctl 8 .Sh AUTHORS
[Patch] relayd(8): filter on HTTP return code
Hi, I would like to propose the following patch which adds the ability to filter by http status code to relayd(8). best regards, Fabian Index: parse.y === RCS file: /cvs/src/usr.sbin/relayd/parse.y,v retrieving revision 1.244 diff -u -p -u -p -r1.244 parse.y --- parse.y 12 Feb 2020 21:15:44 - 1.244 +++ parse.y 28 Mar 2020 21:57:47 - @@ -1475,6 +1475,13 @@ ruleopts : METHOD STRING { rule->rule_method = id; free($2); } + | CODE NUMBER { + if ($2 < 100 || $2 > 599) { + yyerror("invalid HTTP code: %lld", $2); + YYERROR; + } + rule->rule_status = $2; + } | COOKIE key_option STRING value{ keytype = KEY_TYPE_COOKIE; rule->rule_kv[keytype].kv_key = strdup($3); Index: relay_http.c === RCS file: /cvs/src/usr.sbin/relayd/relay_http.c,v retrieving revision 1.78 diff -u -p -u -p -r1.78 relay_http.c --- relay_http.c13 Jul 2019 06:53:00 - 1.78 +++ relay_http.c28 Mar 2020 21:57:47 - @@ -1816,6 +1816,8 @@ relay_test(struct protocol *proto, struc (desc->http_method == HTTP_METHOD_RESPONSE || desc->http_method != r->rule_method)) RELAY_GET_SKIP_STEP(RULE_SKIP_METHOD); + else if (r->rule_status && desc->http_status != r->rule_status) + RELAY_GET_SKIP_STEP(RULE_SKIP_STATUS); else if (r->rule_tagged && con->se_tag != r->rule_tagged) RELAY_GET_NEXT_STEP; else if (relay_httpheader_test(cre, r, ) != 0) @@ -1917,6 +1919,8 @@ relay_calc_skip_steps(struct relay_rules RELAY_SET_SKIP_STEPS(RULE_SKIP_DST); else if (cur->rule_method != prev->rule_method) RELAY_SET_SKIP_STEPS(RULE_SKIP_METHOD); + else if (cur->rule_status != prev->rule_status) + RELAY_SET_SKIP_STEPS(RULE_SKIP_STATUS); prev = cur; cur = TAILQ_NEXT(cur, rule_entry); Index: relayd.conf.5 === RCS file: /cvs/src/usr.sbin/relayd/relayd.conf.5,v retrieving revision 1.194 diff -u -p -u -p -r1.194 relayd.conf.5 --- relayd.conf.5 10 Feb 2020 13:18:21 - 1.194 +++ relayd.conf.5 28 Mar 2020 21:57:47 - @@ -1205,6 +1205,10 @@ and can be either or .Ic VERSION-CONTROL . .It Xo +.It Ic code Ar number +Match the HTTP return code +.Ar number . +.It Xo .Ar type Ar option .Oo Oo Ic digest Oc .Pq Ar key Ns | Ns Ic file Ar path Index: relayd.h === RCS file: /cvs/src/usr.sbin/relayd/relayd.h,v retrieving revision 1.260 diff -u -p -u -p -r1.260 relayd.h --- relayd.h15 Sep 2019 19:23:29 - 1.260 +++ relayd.h28 Mar 2020 21:57:47 - @@ -647,7 +647,8 @@ struct relay_rule { #define RULE_SKIP_SRC 3 #define RULE_SKIP_DST 4 #define RULE_SKIP_METHOD5 -#define RULE_SKIP_COUNT 6 +#define RULE_SKIP_STATUS6 +#define RULE_SKIP_COUNT 7 struct relay_rule *rule_skip[RULE_SKIP_COUNT]; #define RULE_FLAG_QUICK0x01 @@ -664,6 +665,7 @@ struct relay_rule { struct relay_table *rule_table; u_intrule_method; + u_intrule_status; char rule_labelname[LABEL_NAME_SIZE]; char rule_tablename[TABLE_NAME_SIZE]; char rule_taggedname[TAG_NAME_SIZE];
Re: [patch] ERR_print_errors.3
Hi Martin, thanks for reporting the issue in the manual page. Martin Vahlensieck wrote on Sat, Mar 28, 2020 at 09:06:54PM +0100: > Unless I miss something ERR_print_errors_cb returns no value as well. Actually, i committed about the opposite, for the reasons explained in the commit message. These were stragglers; i already deleted most such sentences long ago. The committed patch follows... Yours, Ingo CVSROOT:/cvs Module name:src Changes by: schwa...@cvs.openbsd.org2020/03/28 16:40:58 Modified files: lib/libcrypto/man: ERR_print_errors.3 ERR_remove_state.3 lh_new.3 Log message: Be concise: do not say that void functions return no values, that's obvious. Useless text reported by Martin Vahlensieck (academicsolutions.ch) on tech@. Index: ERR_print_errors.3 === RCS file: /cvs/src/lib/libcrypto/man/ERR_print_errors.3,v retrieving revision 1.7 diff -u -r1.7 ERR_print_errors.3 --- ERR_print_errors.3 27 Mar 2018 17:35:50 - 1.7 +++ ERR_print_errors.3 28 Mar 2020 22:36:47 - @@ -103,11 +103,6 @@ .Pp If there is no text string registered for the given error code, the error string will contain the numeric code. -.Sh RETURN VALUES -.Fn ERR_print_errors -and -.Fn ERR_print_errors_fp -return no values. .Sh SEE ALSO .Xr ERR 3 , .Xr ERR_error_string 3 , Index: ERR_remove_state.3 === RCS file: /cvs/src/lib/libcrypto/man/ERR_remove_state.3,v retrieving revision 1.6 diff -u -r1.6 ERR_remove_state.3 --- ERR_remove_state.3 27 Mar 2018 17:35:50 - 1.6 +++ ERR_remove_state.3 28 Mar 2020 22:36:48 - @@ -92,11 +92,6 @@ .Fn ERR_remove_state is equivalent to .Fn ERR_remove_thread_state NULL . -.Sh RETURN VALUES -.Fn ERR_remove_thread_state -and -.Fn ERR_remove_state -return no value. .Sh SEE ALSO .Xr ERR 3 .Sh HISTORY Index: lh_new.3 === RCS file: /cvs/src/lib/libcrypto/man/lh_new.3,v retrieving revision 1.6 diff -u -r1.6 lh_new.3 --- lh_new.310 Jun 2019 09:49:48 - 1.6 +++ lh_new.328 Mar 2020 22:36:48 - @@ -402,12 +402,6 @@ .Pp .Fn lh__error returns 1 if an error occurred in the last operation, or 0 otherwise. -.Pp -.Fn lh__free , -.Fn lh__doall , -and -.Fn lh__doall_arg -return no values. .Sh NOTES The various LHASH macros and callback types exist to make it possible to write type-checked code without resorting to function-prototype casting
Re: vmm(4): unterminated vm_name after strncpy
On Sat, Mar 28, 2020 at 05:33:05PM -0600, Theo de Raadt wrote: > Pretty obvious why. > > The kernel doesn't check it's a string, before calling strlcpy > which (correctly) runs off the array hunting for the terminal NUL, > and into the next object, and I guess it finds a NUL in the next > VA page which isn't actually mapped with storage. Makes sense. > > With strncpy, this was safe. The input storage wasn't a real > string, and the interior storage wasn't a real string either. Then > on the output side, this was handled. > > There two choices to go with: > > - validate the input is a string before calling strlcpy. > - copy the whole region with memcpy, and then manuall NUL-terminate > the buffer. > > The same will apply to other vcp ioctl fields. I couldn't find any other vcp field where this applies. So here is a fix using memcpy instead. We don't even need to manually NUL-terminate in this case because 'vm' is allocated with PR_ZERO. Index: sys/arch/amd64/amd64/vmm.c === RCS file: /mount/openbsd/cvs/src/sys/arch/amd64/amd64/vmm.c,v retrieving revision 1.268 diff -u -p -r1.268 vmm.c --- sys/arch/amd64/amd64/vmm.c 16 Mar 2020 08:21:16 - 1.268 +++ sys/arch/amd64/amd64/vmm.c 29 Mar 2020 00:18:43 - @@ -1167,7 +1167,7 @@ vm_create(struct vm_create_params *vcp, memcpy(vm->vm_memranges, vcp->vcp_memranges, vm->vm_nmemranges * sizeof(vm->vm_memranges[0])); vm->vm_memory_size = memsize; - strlcpy(vm->vm_name, vcp->vcp_name, VMM_MAX_NAME_LEN); + memcpy(vm->vm_name, vcp->vcp_name, VMM_MAX_NAME_LEN - 1); rw_enter_write(_softc->vm_lock);
Re: ospf6d: bring ospf6d closer to ospfd
On Sat, Mar 21, 2020 at 05:25:45PM +0100, Denis Fondras wrote: > Biggest chunk is rework of rde_asext_get()/rde_asext_put(). > Also change get_net_link() and get_rtr_link() to work like ospfd couterpart. Reads good to me and I didn't spot any issues running tests with it. One question: why "if 0" the "Dump SPF tree to log"? > > Index: rde.c > === > RCS file: /cvs/src/usr.sbin/ospf6d/rde.c,v > retrieving revision 1.84 > diff -u -p -r1.84 rde.c > --- rde.c 17 Feb 2020 08:12:22 - 1.84 > +++ rde.c 21 Mar 2020 16:04:47 - > @@ -59,8 +59,9 @@ int rde_req_list_exists(struct rde_nbr > void rde_req_list_del(struct rde_nbr *, struct lsa_hdr *); > void rde_req_list_free(struct rde_nbr *); > > -struct lsa *rde_asext_get(struct kroute *); > -struct lsa *rde_asext_put(struct kroute *); > +struct iface *rde_asext_lookup(struct in6_addr, int); > +void rde_asext_get(struct kroute *); > +void rde_asext_put(struct kroute *); > > int comp_asext(struct lsa *, struct lsa *); > struct lsa *orig_asext_lsa(struct kroute *, u_int16_t); > @@ -217,6 +218,7 @@ __dead void > rde_shutdown(void) > { > struct area *a; > + struct vertex *v, *nv; > > /* close pipes */ > msgbuf_clear(_ospfe->ibuf.w); > @@ -232,6 +234,10 @@ rde_shutdown(void) > LIST_REMOVE(a, entry); > area_del(a); > } > + for (v = RB_MIN(lsa_tree, _tree); v != NULL; v = nv) { > + nv = RB_NEXT(lsa_tree, _tree, v); > + vertex_free(v); > + } > rde_nbr_free(); > > free(iev_ospfe); > @@ -643,8 +649,6 @@ rde_dispatch_parent(int fd, short event, > struct kroutekr; > struct imsgev *iev = bula; > struct imsgbuf *ibuf = >ibuf; > - struct lsa *lsa; > - struct vertex *v; > ssize_t n; > int shut = 0, link_ok, prev_link_ok, orig_lsa; > unsigned int ifindex; > @@ -676,13 +680,7 @@ rde_dispatch_parent(int fd, short event, > break; > } > memcpy(, imsg.data, sizeof(kr)); > - > - if ((lsa = rde_asext_get()) != NULL) { > - v = lsa_find(NULL, lsa->hdr.type, > - lsa->hdr.ls_id, lsa->hdr.adv_rtr); > - > - lsa_merge(nbrself, lsa, v); > - } > + rde_asext_get(); > break; > case IMSG_NETWORK_DEL: > if (imsg.hdr.len != IMSG_HEADER_SIZE + sizeof(kr)) { > @@ -691,20 +689,7 @@ rde_dispatch_parent(int fd, short event, > break; > } > memcpy(, imsg.data, sizeof(kr)); > - > - if ((lsa = rde_asext_put()) != NULL) { > - v = lsa_find(NULL, lsa->hdr.type, > - lsa->hdr.ls_id, lsa->hdr.adv_rtr); > - > - /* > - * if v == NULL no LSA is in the table and > - * nothing has to be done. > - */ > - if (v) > - lsa_merge(nbrself, lsa, v); > - else > - free(lsa); > - } > + rde_asext_put(); > break; > case IMSG_IFINFO: > if (imsg.hdr.len != IMSG_HEADER_SIZE + > @@ -1202,48 +1187,77 @@ rde_req_list_free(struct rde_nbr *nbr) > /* > * as-external LSA handling > */ > -struct lsa * > -rde_asext_get(struct kroute *kr) > +struct iface * > +rde_asext_lookup(struct in6_addr prefix, int plen) > { > + > struct area *area; > struct iface*iface; > struct iface_addr *ia; > - struct in6_addr addr; > - > - LIST_FOREACH(area, >area_list, entry) > - LIST_FOREACH(iface, >iface_list, entry) > + struct in6_addr ina, inb; > + > + LIST_FOREACH(area, >area_list, entry) { > + LIST_FOREACH(iface, >iface_list, entry) { > TAILQ_FOREACH(ia, >ifa_list, entry) { > if (IN6_IS_ADDR_LINKLOCAL(>addr)) > continue; > > - inet6applymask(, >addr, > - kr->prefixlen); > - if (!memcmp(, >prefix, > - sizeof(addr)) && kr->prefixlen == > - ia->prefixlen) { > - /* already announced as Prefix LSA */ > -
[PATCH v2 2/2] gost: populate params tables with new curves
Allow users to specify new curves via strings. Sponsored by ROSA Linux Signed-off-by: Dmitry Baryshkov --- src/lib/libcrypto/gost/gostr341001_params.c | 7 +++ 1 file changed, 7 insertions(+) diff --git a/src/lib/libcrypto/gost/gostr341001_params.c b/src/lib/libcrypto/gost/gostr341001_params.c index 13054cd0fc26..0f068d97eb0a 100644 --- a/src/lib/libcrypto/gost/gostr341001_params.c +++ b/src/lib/libcrypto/gost/gostr341001_params.c @@ -94,12 +94,19 @@ static const GostR3410_params GostR3410_256_params[] = { { "0", NID_id_GostR3410_2001_TestParamSet }, { "XA", NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet }, { "XB", NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet }, + { "TCA", NID_id_tc26_gost_3410_12_256_paramSetA }, + { "TCB", NID_id_tc26_gost_3410_12_256_paramSetB }, + { "TCC", NID_id_tc26_gost_3410_12_256_paramSetC }, + { "TCD", NID_id_tc26_gost_3410_12_256_paramSetD }, { NULL, NID_undef }, }; static const GostR3410_params GostR3410_512_params[] = { { "A", NID_id_tc26_gost_3410_12_512_paramSetA }, { "B", NID_id_tc26_gost_3410_12_512_paramSetB }, + { "TCA", NID_id_tc26_gost_3410_12_512_paramSetA }, + { "TCB", NID_id_tc26_gost_3410_12_512_paramSetB }, + { "TCC", NID_id_tc26_gost_3410_12_512_paramSetC }, { NULL, NID_undef }, }; -- 2.25.1
[PATCH v2 1/2] ec: add support for several more GOST curves
Add support for GOST curves defined by RFC 7836 and draft-deremin-rfc4491-bis. Add aliases for 256-bit GOST curves (see draft-smyshlyaev-tls12-gost-suites). 512-bit curve ids were renamed to follow names defined in tc26 OID registry. (https://tc26.ru/about/protsedury-i-reglamenty/identifikatory-obektov-oid-tekhnicheskogo-komiteta-po-standartizatsii-kriptograficheskaya-zashchita-1.html) Sponsored by ROSA Linux. Signed-off-by: Dmitry Baryshkov --- src/lib/libcrypto/ec/ec_curve.c | 162 +++- src/lib/libcrypto/gost/gostr341001_params.c | 4 +- src/lib/libcrypto/objects/obj_mac.num | 10 +- src/lib/libcrypto/objects/objects.txt | 10 +- 4 files changed, 176 insertions(+), 10 deletions(-) diff --git a/src/lib/libcrypto/ec/ec_curve.c b/src/lib/libcrypto/ec/ec_curve.c index e075b1ed3ea5..830bb47b3d0b 100644 --- a/src/lib/libcrypto/ec/ec_curve.c +++ b/src/lib/libcrypto/ec/ec_curve.c @@ -2900,11 +2900,103 @@ static const struct { } }; +/* This curve is defined in two birationally equal forms: canonical and Twisted + * Edwards. We do calculations in canonical (Weierstrass) form. */ +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 32 * 6]; +} + _EC_GOST_2012_256_TC26_A = { + { + NID_X9_62_prime_field, 0, 32, 4 + }, + { /* no seed */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFD, 0x97, + 0xc2, 0x17, 0x3f, 0x15, 0x13, 0x98, 0x16, 0x73, 0xaf, 0x48, /* a */ + 0x92, 0xc2, 0x30, 0x35, 0xa2, 0x7c, 0xe2, 0x5e, 0x20, 0x13, + 0xbf, 0x95, 0xaa, 0x33, 0xb2, 0x2c, 0x65, 0x6f, 0x27, 0x7e, + 0x73, 0x35, + 0x29, 0x5f, 0x9b, 0xae, 0x74, 0x28, 0xed, 0x9c, 0xcc, 0x20, /* b */ + 0xe7, 0xc3, 0x59, 0xa9, 0xd4, 0x1a, 0x22, 0xfc, 0xcd, 0x91, + 0x08, 0xe1, 0x7b, 0xf7, 0xba, 0x93, 0x37, 0xa6, 0xf8, 0xae, + 0x95, 0x13, + 0x91, 0xe3, 0x84, 0x43, 0xa5, 0xe8, 0x2c, 0x0d, 0x88, 0x09, /* x */ + 0x23, 0x42, 0x57, 0x12, 0xb2, 0xbb, 0x65, 0x8b, 0x91, 0x96, + 0x93, 0x2e, 0x02, 0xc7, 0x8b, 0x25, 0x82, 0xfe, 0x74, 0x2d, + 0xaa, 0x28, + 0x32, 0x87, 0x94, 0x23, 0xab, 0x1a, 0x03, 0x75, 0x89, 0x57, /* y */ + 0x86, 0xc4, 0xbb, 0x46, 0xe9, 0x56, 0x5f, 0xde, 0x0b, 0x53, + 0x44, 0x76, 0x67, 0x40, 0xaf, 0x26, 0x8a, 0xdb, 0x32, 0x32, + 0x2e, 0x5c, + 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* order */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0f, 0xd8, 0xcd, 0xdf, + 0xc8, 0x7b, 0x66, 0x35, 0xc1, 0x15, 0xaf, 0x55, 0x6c, 0x36, + 0x0c, 0x67, + } +}; + static const struct { EC_CURVE_DATA h; unsigned char data[0 + 64 * 6]; } - _EC_GOST_2012_TC26_A = { + _EC_GOST_2012_512_Test = { + { + NID_X9_62_prime_field, 0, 64, 1 + }, + { /* no seed */ + 0x45, 0x31, 0xac, 0xd1, 0xfe, 0x00, 0x23, 0xc7, 0x55, 0x0d, /* p */ + 0x26, 0x7b, 0x6b, 0x2f, 0xee, 0x80, 0x92, 0x2b, 0x14, 0xb2, + 0xff, 0xb9, 0x0f, 0x04, 0xd4, 0xeb, 0x7c, 0x09, 0xb5, 0xd2, + 0xd1, 0x5d, 0xf1, 0xd8, 0x52, 0x74, 0x1a, 0xf4, 0x70, 0x4a, + 0x04, 0x58, 0x04, 0x7e, 0x80, 0xe4, 0x54, 0x6d, 0x35, 0xb8, + 0x33, 0x6f, 0xac, 0x22, 0x4d, 0xd8, 0x16, 0x64, 0xbb, 0xf5, + 0x28, 0xbe, 0x63, 0x73, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x07, + 0x1c, 0xff, 0x08, 0x06, 0xa3, 0x11, 0x16, 0xda, 0x29, 0xd8, /* b */ + 0xcf, 0xa5, 0x4e, 0x57, 0xeb, 0x74, 0x8b, 0xc5, 0xf3, 0x77, + 0xe4, 0x94, 0x00, 0xfd, 0xd7, 0x88, 0xb6, 0x49, 0xec, 0xa1, + 0xac, 0x43, 0x61, 0x83, 0x40, 0x13, 0xb2, 0xad, 0x73, 0x22, + 0x48, 0x0a, 0x89, 0xca, 0x58, 0xe0, 0xcf, 0x74, 0xbc, 0x9e, + 0x54, 0x0c, 0x2a, 0xdd, 0x68, 0x97, 0xfa, 0xd0, 0xa3, 0x08, + 0x4f, 0x30, 0x2a, 0xdc, + 0x24, 0xd1, 0x9c, 0xc6, 0x45, 0x72, 0xee, 0x30, 0xf3, 0x96, /* x */ + 0xbf, 0x6e, 0xbb, 0xfd, 0x7a, 0x6c, 0x52, 0x13, 0xb3, 0xb3, + 0xd7,
Re: ospf6d: bring ospf6d closer to ospfd
On Sat, Mar 28, 2020 at 05:00:11PM +0100, Remi Locherer wrote: > On Sat, Mar 21, 2020 at 05:25:45PM +0100, Denis Fondras wrote: > > Biggest chunk is rework of rde_asext_get()/rde_asext_put(). > > Also change get_net_link() and get_rtr_link() to work like ospfd couterpart. > > Reads good to me and I didn't spot any issues running tests with it. > Thank you Remi. > One question: why "if 0" the "Dump SPF tree to log"? > Doh! It is not (yet) time to '#if 0' this part. This is from an unpublished diff that changes how if_find() works. Thus printing the SPF tree needs to be rewritten. > > > > Index: rde.c > > === > > RCS file: /cvs/src/usr.sbin/ospf6d/rde.c,v > > retrieving revision 1.84 > > diff -u -p -r1.84 rde.c > > --- rde.c 17 Feb 2020 08:12:22 - 1.84 > > +++ rde.c 21 Mar 2020 16:04:47 - > > @@ -59,8 +59,9 @@ intrde_req_list_exists(struct rde_nbr > > voidrde_req_list_del(struct rde_nbr *, struct lsa_hdr *); > > voidrde_req_list_free(struct rde_nbr *); > > > > -struct lsa *rde_asext_get(struct kroute *); > > -struct lsa *rde_asext_put(struct kroute *); > > +struct iface *rde_asext_lookup(struct in6_addr, int); > > +voidrde_asext_get(struct kroute *); > > +voidrde_asext_put(struct kroute *); > > > > int comp_asext(struct lsa *, struct lsa *); > > struct lsa *orig_asext_lsa(struct kroute *, u_int16_t); > > @@ -217,6 +218,7 @@ __dead void > > rde_shutdown(void) > > { > > struct area *a; > > + struct vertex *v, *nv; > > > > /* close pipes */ > > msgbuf_clear(_ospfe->ibuf.w); > > @@ -232,6 +234,10 @@ rde_shutdown(void) > > LIST_REMOVE(a, entry); > > area_del(a); > > } > > + for (v = RB_MIN(lsa_tree, _tree); v != NULL; v = nv) { > > + nv = RB_NEXT(lsa_tree, _tree, v); > > + vertex_free(v); > > + } > > rde_nbr_free(); > > > > free(iev_ospfe); > > @@ -643,8 +649,6 @@ rde_dispatch_parent(int fd, short event, > > struct kroutekr; > > struct imsgev *iev = bula; > > struct imsgbuf *ibuf = >ibuf; > > - struct lsa *lsa; > > - struct vertex *v; > > ssize_t n; > > int shut = 0, link_ok, prev_link_ok, orig_lsa; > > unsigned int ifindex; > > @@ -676,13 +680,7 @@ rde_dispatch_parent(int fd, short event, > > break; > > } > > memcpy(, imsg.data, sizeof(kr)); > > - > > - if ((lsa = rde_asext_get()) != NULL) { > > - v = lsa_find(NULL, lsa->hdr.type, > > - lsa->hdr.ls_id, lsa->hdr.adv_rtr); > > - > > - lsa_merge(nbrself, lsa, v); > > - } > > + rde_asext_get(); > > break; > > case IMSG_NETWORK_DEL: > > if (imsg.hdr.len != IMSG_HEADER_SIZE + sizeof(kr)) { > > @@ -691,20 +689,7 @@ rde_dispatch_parent(int fd, short event, > > break; > > } > > memcpy(, imsg.data, sizeof(kr)); > > - > > - if ((lsa = rde_asext_put()) != NULL) { > > - v = lsa_find(NULL, lsa->hdr.type, > > - lsa->hdr.ls_id, lsa->hdr.adv_rtr); > > - > > - /* > > -* if v == NULL no LSA is in the table and > > -* nothing has to be done. > > -*/ > > - if (v) > > - lsa_merge(nbrself, lsa, v); > > - else > > - free(lsa); > > - } > > + rde_asext_put(); > > break; > > case IMSG_IFINFO: > > if (imsg.hdr.len != IMSG_HEADER_SIZE + > > @@ -1202,48 +1187,77 @@ rde_req_list_free(struct rde_nbr *nbr) > > /* > > * as-external LSA handling > > */ > > -struct lsa * > > -rde_asext_get(struct kroute *kr) > > +struct iface * > > +rde_asext_lookup(struct in6_addr prefix, int plen) > > { > > + > > struct area *area; > > struct iface*iface; > > struct iface_addr *ia; > > - struct in6_addr addr; > > - > > - LIST_FOREACH(area, >area_list, entry) > > - LIST_FOREACH(iface, >iface_list, entry) > > + struct in6_addr ina, inb; > > + > > + LIST_FOREACH(area, >area_list, entry) { > > + LIST_FOREACH(iface, >iface_list, entry) { > > TAILQ_FOREACH(ia, >ifa_list, entry) { > > if (IN6_IS_ADDR_LINKLOCAL(>addr)) > >
Re: [PATCH v2 1/2] ec: add support for several more GOST curves
Verified added curve parameters _EC_GOST_2012_256_TC26_A and _EC_GOST_2012_512_TC26_C are equivalent to the definition of https://tools.ietf.org/html/rfc7836#appendix-A.2 . Verified added curve parameter _EC_GOST_2012_512_Test is equivalent to https://tools.ietf.org/html/draft-deremin-rfc4491-bis-04#appendix-D . I had confirmed that portable build and regresses succeeded. I'm ok with this diff. On Sat, Mar 28, 2020 at 07:16:13PM +0300, Dmitry Baryshkov wrote: > Add support for GOST curves defined by RFC 7836 and > draft-deremin-rfc4491-bis. Add aliases for 256-bit GOST curves (see > draft-smyshlyaev-tls12-gost-suites). 512-bit curve ids were renamed to > follow names defined in tc26 OID registry. > (https://tc26.ru/about/protsedury-i-reglamenty/identifikatory-obektov-oid-tekhnicheskogo-komiteta-po-standartizatsii-kriptograficheskaya-zashchita-1.html) > > Sponsored by ROSA Linux. > > Signed-off-by: Dmitry Baryshkov > --- > src/lib/libcrypto/ec/ec_curve.c | 162 +++- > src/lib/libcrypto/gost/gostr341001_params.c | 4 +- > src/lib/libcrypto/objects/obj_mac.num | 10 +- > src/lib/libcrypto/objects/objects.txt | 10 +- > 4 files changed, 176 insertions(+), 10 deletions(-) > > diff --git a/src/lib/libcrypto/ec/ec_curve.c b/src/lib/libcrypto/ec/ec_curve.c > index e075b1ed3ea5..830bb47b3d0b 100644 > --- a/src/lib/libcrypto/ec/ec_curve.c > +++ b/src/lib/libcrypto/ec/ec_curve.c > @@ -2900,11 +2900,103 @@ static const struct { > } > }; > > +/* This curve is defined in two birationally equal forms: canonical and > Twisted > + * Edwards. We do calculations in canonical (Weierstrass) form. */ > +static const struct { > + EC_CURVE_DATA h; > + unsigned char data[0 + 32 * 6]; > +} > + _EC_GOST_2012_256_TC26_A = { > + { > + NID_X9_62_prime_field, 0, 32, 4 > + }, > + { /* no seed */ > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, > /* p */ > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, > + 0xFD, 0x97, > + 0xc2, 0x17, 0x3f, 0x15, 0x13, 0x98, 0x16, 0x73, 0xaf, 0x48, > /* a */ > + 0x92, 0xc2, 0x30, 0x35, 0xa2, 0x7c, 0xe2, 0x5e, 0x20, 0x13, > + 0xbf, 0x95, 0xaa, 0x33, 0xb2, 0x2c, 0x65, 0x6f, 0x27, 0x7e, > + 0x73, 0x35, > + 0x29, 0x5f, 0x9b, 0xae, 0x74, 0x28, 0xed, 0x9c, 0xcc, 0x20, > /* b */ > + 0xe7, 0xc3, 0x59, 0xa9, 0xd4, 0x1a, 0x22, 0xfc, 0xcd, 0x91, > + 0x08, 0xe1, 0x7b, 0xf7, 0xba, 0x93, 0x37, 0xa6, 0xf8, 0xae, > + 0x95, 0x13, > + 0x91, 0xe3, 0x84, 0x43, 0xa5, 0xe8, 0x2c, 0x0d, 0x88, 0x09, > /* x */ > + 0x23, 0x42, 0x57, 0x12, 0xb2, 0xbb, 0x65, 0x8b, 0x91, 0x96, > + 0x93, 0x2e, 0x02, 0xc7, 0x8b, 0x25, 0x82, 0xfe, 0x74, 0x2d, > + 0xaa, 0x28, > + 0x32, 0x87, 0x94, 0x23, 0xab, 0x1a, 0x03, 0x75, 0x89, 0x57, > /* y */ > + 0x86, 0xc4, 0xbb, 0x46, 0xe9, 0x56, 0x5f, 0xde, 0x0b, 0x53, > + 0x44, 0x76, 0x67, 0x40, 0xaf, 0x26, 0x8a, 0xdb, 0x32, 0x32, > + 0x2e, 0x5c, > + 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > /* order */ > + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0f, 0xd8, 0xcd, 0xdf, > + 0xc8, 0x7b, 0x66, 0x35, 0xc1, 0x15, 0xaf, 0x55, 0x6c, 0x36, > + 0x0c, 0x67, > + } > +}; > + > static const struct { > EC_CURVE_DATA h; > unsigned char data[0 + 64 * 6]; > } > - _EC_GOST_2012_TC26_A = { > + _EC_GOST_2012_512_Test = { > + { > + NID_X9_62_prime_field, 0, 64, 1 > + }, > + { /* no seed */ > + 0x45, 0x31, 0xac, 0xd1, 0xfe, 0x00, 0x23, 0xc7, 0x55, 0x0d, > /* p */ > + 0x26, 0x7b, 0x6b, 0x2f, 0xee, 0x80, 0x92, 0x2b, 0x14, 0xb2, > + 0xff, 0xb9, 0x0f, 0x04, 0xd4, 0xeb, 0x7c, 0x09, 0xb5, 0xd2, > + 0xd1, 0x5d, 0xf1, 0xd8, 0x52, 0x74, 0x1a, 0xf4, 0x70, 0x4a, > + 0x04, 0x58, 0x04, 0x7e, 0x80, 0xe4, 0x54, 0x6d, 0x35, 0xb8, > + 0x33, 0x6f, 0xac, 0x22, 0x4d, 0xd8, 0x16, 0x64, 0xbb, 0xf5, > + 0x28, 0xbe, 0x63, 0x73, > + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > /* a */ > + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > + 0x00, 0x00, 0x00, 0x07, > + 0x1c, 0xff, 0x08, 0x06, 0xa3, 0x11, 0x16, 0xda, 0x29, 0xd8, > /* b */ > + 0xcf, 0xa5, 0x4e, 0x57, 0xeb, 0x74,
Re: [PATCH v2 2/2] gost: populate params tables with new curves
Hi, I have 2 questions. In GostR3410_512_params[], "A" and "TCA" have the same NID, "B" and "TCB" too. I thought these were redundant, but are there any reasons for this ? In GostR3410_512_params[], don't you need the record for NID_id_tc26_gost_3410_12_512_paramSetTest ? Best regards, On Sat, Mar 28, 2020 at 07:16:14PM +0300, Dmitry Baryshkov wrote: > Allow users to specify new curves via strings. > > Sponsored by ROSA Linux > > Signed-off-by: Dmitry Baryshkov > --- > src/lib/libcrypto/gost/gostr341001_params.c | 7 +++ > 1 file changed, 7 insertions(+) > > diff --git a/src/lib/libcrypto/gost/gostr341001_params.c > b/src/lib/libcrypto/gost/gostr341001_params.c > index 13054cd0fc26..0f068d97eb0a 100644 > --- a/src/lib/libcrypto/gost/gostr341001_params.c > +++ b/src/lib/libcrypto/gost/gostr341001_params.c > @@ -94,12 +94,19 @@ static const GostR3410_params GostR3410_256_params[] = { > { "0", NID_id_GostR3410_2001_TestParamSet }, > { "XA", NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet }, > { "XB", NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet }, > + { "TCA", NID_id_tc26_gost_3410_12_256_paramSetA }, > + { "TCB", NID_id_tc26_gost_3410_12_256_paramSetB }, > + { "TCC", NID_id_tc26_gost_3410_12_256_paramSetC }, > + { "TCD", NID_id_tc26_gost_3410_12_256_paramSetD }, > { NULL, NID_undef }, > }; > > static const GostR3410_params GostR3410_512_params[] = { > { "A", NID_id_tc26_gost_3410_12_512_paramSetA }, > { "B", NID_id_tc26_gost_3410_12_512_paramSetB }, > + { "TCA", NID_id_tc26_gost_3410_12_512_paramSetA }, > + { "TCB", NID_id_tc26_gost_3410_12_512_paramSetB }, > + { "TCC", NID_id_tc26_gost_3410_12_512_paramSetC }, > { NULL, NID_undef }, > }; > > -- > 2.25.1 >
[patch] Remove "do not return a value" from libcrypto/libssl manpages
Hi there! I found some more. Best, Martin Index: libcrypto/man/RC4.3 === RCS file: /cvs/src/lib/libcrypto/man/RC4.3,v retrieving revision 1.7 diff -u -p -r1.7 RC4.3 --- libcrypto/man/RC4.3 6 Jun 2019 01:06:59 - 1.7 +++ libcrypto/man/RC4.3 29 Mar 2020 00:48:17 - @@ -112,11 +112,6 @@ yield a continuous key stream. Since RC4 is a stream cipher (the input is XOR'ed with a pseudo-random key stream to produce the output), decryption uses the same function calls as encryption. -.Sh RETURN VALUES -.Fn RC4_set_key -and -.Fn RC4 -do not return values. .Sh SEE ALSO .Xr blowfish 3 , .Xr EVP_EncryptInit 3 , Index: libcrypto/man/X509_STORE_CTX_set_verify_cb.3 === RCS file: /cvs/src/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3,v retrieving revision 1.4 diff -u -p -r1.4 X509_STORE_CTX_set_verify_cb.3 --- libcrypto/man/X509_STORE_CTX_set_verify_cb.322 Mar 2018 17:38:08 - 1.4 +++ libcrypto/man/X509_STORE_CTX_set_verify_cb.329 Mar 2020 00:48:17 - @@ -108,9 +108,6 @@ In some cases (such as S/MIME verificati structure is created and destroyed internally and the only way to set a custom verification callback is by inheriting it from the associated .Vt X509_STORE . -.Sh RETURN VALUES -.Fn X509_STORE_CTX_set_verify_cb -does not return a value. .Sh EXAMPLES Default callback operation: .Bd -literal Index: libcrypto/man/X509_STORE_set_verify_cb_func.3 === RCS file: /cvs/src/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3,v retrieving revision 1.8 diff -u -p -r1.8 X509_STORE_set_verify_cb_func.3 --- libcrypto/man/X509_STORE_set_verify_cb_func.3 27 Mar 2018 17:35:50 - 1.8 +++ libcrypto/man/X509_STORE_set_verify_cb_func.3 29 Mar 2020 00:48:17 - @@ -86,11 +86,6 @@ structure when it is initialized. This can be used to set the verification callback when the .Vt X509_STORE_CTX is otherwise inaccessible (for example during S/MIME verification). -.Sh RETURN VALUES -.Fn X509_STORE_set_verify_cb -and -.Fn X509_STORE_set_verify_cb_func -do not return a value. .Sh SEE ALSO .Xr X509_STORE_CTX_set_verify_cb 3 , .Xr X509_STORE_new 3 Index: libssl/man/SSL_set_verify_result.3 === RCS file: /cvs/src/lib/libssl/man/SSL_set_verify_result.3,v retrieving revision 1.4 diff -u -p -r1.4 SSL_set_verify_result.3 --- libssl/man/SSL_set_verify_result.3 27 Mar 2018 17:35:50 - 1.4 +++ libssl/man/SSL_set_verify_result.3 29 Mar 2020 00:48:17 - @@ -79,9 +79,6 @@ The valid codes for .Fa verify_result are documented in .Xr openssl 1 . -.Sh RETURN VALUES -.Fn SSL_set_verify_result -does not provide a return value. .Sh SEE ALSO .Xr openssl 1 , .Xr ssl 3 ,