sparc64 auto allocation during install does not use fdisk(8).
Add *.sparc64.ok files that reflect sparc64 reality.
Should fix disklabel(8) regression on sparc64.
Requested by & ok bluhm@
Make rpki-client choose the verification time of the time it is invoked
rather than always getting the current system time for every certificate
verification. This will result in output that is not variable on run-time.
Using the time of invocation does not work well with fast publishing CAs. It
can take a few minutes to reach a repo and that CA may have issued certificates
that are not yet valid if that startup time of rpki-client is used to validate.
This still keeps the -P option to specify a fixed validation time.
OK beck@ job@ tb@
This is an un-revert with nits of the previously landed change
to do this which broke libtls. libtls has now been changed to
not use this function.
This change ensures that if something is returned it is "text"
(UTF-8) and a C string not containing a NUL byte. Historically
callers to this function assume the result is text and a C string
however the OpenSSL version simply hands them the bytes from an
ASN1_STRING and expects them to know bad things can happen which
they almost universally do not check for. Partly inspired by
goings on in boringssl.
ok jsing@ tb@
X509_NAME_get_text_by_NID is kind of a bad interface that
we wish to make safer, and does not give us the visibility
we really want here to detect hostile things.
Instead call the lower level functions to do some better
checking that should be done by X509_NAME_get_text_by_NID,
but is not in the OpenSSL version. Specifically we will treat
the input as hostile and fail if:
1) The certificate contains more than one CN in the subject.
2) The CN does not decode as UTF-8
3) The CN is of invalid length (must be between 1 and 64 bytes)
4) The CN contains a 0 byte
4) matches the existing logic, 1 and 2, and 3 are new checks.
ok tb@
Without this, hostflags set on the SSL_CTX would not propagate to newly
created SSL. This is surprising behavior that was changed in OpenSSL 1.1
by Christian Heimes after the issue was flagged by Quentin Pradet:
https://bugs.python.org/issue43522
This is a version of the fix that landed in OpenSSL.
There used to be a workaround in place in urllib3, but that was removed at
some point. We haven't fixed this earlier since it wasn't reported. It only
showed up after recent fallout of extraordinarily strict library checking
in urllib3 coming from their own interpretation of the implications of
PEP 644.
ok jsing
Now that rpki-client no longer uses LibreSSL-specific ASN1_time_* API,
we can get rid of some of the gross hacks needed for testing against
OpenSSL in regress. This simplifies things greatly.
Unfortunately, the unistd.h hack needs to stay until someone unearths
their STACK_OF compat diffs.
While splitting out emulated virtio network and block devices into
separate processes, I originally used named mappings via shm_mkstemp(3).
While this functionally achieved the desired result, it had two
unintended consequences:
1) tearing down a vm process and its child processes required
excessive locking as the guest memory was tied into the VFS layer.
2) it was observed by mlarkin@ that actions in other parts of the
VFS layer could cause some of the guest memory to flush to storage,
possibly filling /tmp.
This commit adds a new vmm(4) ioctl dedicated to allowing a process
request the kernel share a mapping of guest memory into its own vm
space. This requires an open fd to /dev/vmm (requiring root) and
both the "vmm" and "proc" pledge(2) promises. In addition, the caller
must know enough about the original memory ranges to reconstruct them
to make the vm's ranges.
Tested with help from Mischa Peters.
ok mlarkin@
This test depends on RAND_set_rand_method() allowing stupid things like
making ECDSA signatures deterministic. This was gutted a long time ago
and the function should have followed its wrappers into the attic.
Currently these functions return raw ASN1_STRING bytes as
a C string and ignore the encoding in a "hold my beer I am
a toolkit not a functioning API surely it's just for testing
and you'd never send nasty bytes" kind of way.
Sadly some callers seem to use them to fetch things liks
subject name components for comparisons, and often just
use the result as a C string.
Instead, encode the resulting bytes as UTF-8 so it is
something like "text",
Add a failure case if the length provided is inadequate
or if the resulting text would contain an nul byte.
based on boringssl.
nits by dlg@
ok tb@
and for now, skip the the BIO_R_* reason codes.
It looks like all public symbols in the BIO library
are now documented or marked as intentionally undocumented.
These were adapted from BoringSSL's regress tests for x509
policy. They are currently marked as expected to fail as
we have not enabled LIBRESSL_HAS_POLICY_DAG by default yet, and
the old tree based policy code from OpenSSL is special.
These tests pass when we build with LIBRESSL_HAS_POLICY_DAG.
Still a work in progress adapting tests from boringssl x509_test.cc
but dropping in here for tb to be able to look at and run as well
since the new stuff still has bugs.
This verifies that we put PSK always last and that the Apache 2 special
does what it is supposed to do. There is also some weak validation of
the Fisher-Yates shuffle that will likely catch errors introduced in
tlsext_randomize_build_order()
rather than always getting the current system time for every certificate
verification. This will result in output that is not variable on run-time.
ok tb@ claudio@
This currently only covers Ed25519 using the c2sp-testvectors package
and checks that our Ed25519 implementation behaves as expected from a
"ref10" implementation.
This test has Go and c2sp-testvectors as a hard dependency. It will
optionally pick up any OpenSSL package installed on the system and
test that as well.
https://github.com/C2SP/CCTVhttps://github.com/C2SP/CCTV/tree/main/ed25519