Make the openssh test pass after adding mlkem.
This has a magic value looking for what happens when we HRR,
more or less assuming it might never change. it now has.
Commenting it out get us by it, unsure if we should change
this or get rid of it.
ok tb@
Hook up X25519MKLEM768 to the TLS 1.3 handshake
This does the following:
1) Adds a second key share prediction to the TLS 1.3 handshake.
We only add one as we are unlikely to want to send more than
one PQ one, and one classical one and are unlikely to waste
bytes on a second PQ algorithm (anything that wants something
else that we support can HRR to get it)
2) Adds X25519MLKEM768 (4588) to our list of supported groups.
We add this to our preferred client and server key shares for TLS 1.3
and we now have a separate list for TLS 1.2 which does not do this,
cleaning up the old "full list" from the comments.
3) Updates the golden magic numbers in the regression tests to allow
for the above two things changing the handshake, so the regress
tests pass.
[4 lines not shown]
Add a MLKEM768_X25519 hybrid key share.
This implements the currently in use MLKEM768_X25519 hybrid
key share as outlined in
https://datatracker.ietf.org/doc/draft-ietf-tls-ecdhe-mlkem/
This commit does not yet wire this up to anything, that is done
in follow on changes.
ok tb@ jsing@ kenjiro@
Do not read over buffer if format is a single #, and do not loop forever
if UTF-8 is unfinished in a format. Reported by Giorgi Kobakhia im
GitHub issue 4735.
kr_shutdown() and the functions called by it should not try to enqueue
any imsgs. This code is called late in the parent before exit. There is
no need to enqueue any imsgs since nothing will send them out and the
childs are probably gone as well.
Fixes a crash on shutdown.
Reported by Alexander Mukhin alexander.i.mukhin (at) gmail.com
OK tb@ deraadt@
rpki-client: convert CCR to opaque ASN1_STRINGs as far as possible
Add wrappers for hex encoding and copying an ASN.1 string similar to the
already existing base64 encoding API. Make these and the rest of the file
use accessors so that it keeps compiling with opaque ASN1_STRING.
To complete the conversion of rpki-client, which needs to know and set
unused bits in a BIT STRING, we will need to provide ASN1_BIT_STRING_set1()
and ASN1_BIT_STRING_get_length() both in libcrypto and in the portable
compat layer.
looks good to claudio
https://github.com/openssl/openssl/issues/29117https://github.com/openssl/openssl/issues/29184https://github.com/openssl/openssl/issues/29185
Fold in support for sha256-psk in addition to psk when PMF is in use on a
network that uses the default WPA settings in join.
Fixes my home network and kirill@'s network
OK stsp@
Update get/setthrname and pthread_get/set_name_np man pages to advise
of what buffer sizes to use. After discussion with Theo, _MAXCOMLEN
was the best value to use for these non-portable interfaces. Also update
for setthrname(2) no longer failing with EINTVAL.
ok deraadt@
Instead of failing with EINVAL when setthrname(2) is passed a thread
name longer then _MAXCOMLEN-1, truncate the name to fit. This is likely
what the user wants and saves them from having to snprintf(3) into a
buffer sized _MAXCOMLEN first. Man page update to follow.
This makes pthread_set_name_np(3) succeed with long thread names
instead of silently failing.
ok deraadt@ miod@ sthen@ mpi@
Use the correct start address for the initial immutable address range
for a shared library. The code used the load offset of the shared
library instead of the start address of the mapped memory. In most case
that works because the first segment of a shared library typically starts
at virtual address zero. But on sparc64 (and possibly other architectures
that still use ld.bfd) libicudata.so from ports has a non-zero virtual
address (possibly because it is a data-only library). So this fixes
the bug reported by claudio@
ok deraadt@, jca@, claudio@
This moves the code to lookup and set the pftable_id and rtlabel_id
from rde_apply_set() to filterset_recv(). This was already done in the
nexthop case.
OK tb@
rpki-client: convert most of ip.c to opaque ASN1_STRING
There is still a flag access due to unused bits, fixing this will have to
wait until we have an API everyone agrees on.
ok claudio
The definition of PAGE_SHIFT should not be limited to defined(_KERNEL); this
prevents userland from getting a valid PAGE_SIZE definition by including
<machine/param.h>.
Reported on bugs@
rpki-client: fix ip_addr_afi_parse()
The somewhat weird length checks would nominally accept an octet string
of length 1, in which case the subsequent memcpy() would perform a 1-byte
overread (harmless since libcrypto 'helpfully' adds a trailing NUL) since
ip.c r1.12.
The only allowed length for an AFI are 2 and 3 per RFC 3779 and SAFI is
out, so pull the check for presence of the SAfI up and reject other
lengths != 2.
Also convert this function to opaque ASN1_STRING.
ok job
rpki-client: convert cms.c to opaque ASN1_STRING
Add length checks for the eContent to avoid malloc(0) and malloc(huge).
Neither of these should be reachable, but who knows for sure...
feedback/ok claudio
Fix possible use-after-free in up_generate_addpath()
adjout_prefix_withdraw() is too complex to be sure that there is never a
case where the prefix is removed and freed. So use the safe idiom and fetch
the next element before calling adjout_prefix_withdraw().
Fix for CID 500335
OK tb@
Let the page daemon recover when uao_set_swslot() returns ENOMEM.
When all available pages have been exhausted it might not be possible for the
aobj layer to allocate a new element for a hash table. In that case simply
skip the page. The page daemon will likely find a page that can be added to
the cluster without requiring any allocation in uao_set_swslot().
Not that this edge case, reported by bluhm@, can be triggered because the
aiodone daemon releases the memory reserved for the page daemon asynchronously.
So there might always be a window where no page are available to write pages
to disk.
Tested by and ok bluhm@
