summary refs log tree commit diff
diff options
context:
space:
mode:
authorJune McEnroe <june@causal.agency>2020-11-24 17:48:21 -0500
committerJune McEnroe <june@causal.agency>2020-11-24 17:48:21 -0500
commit8c64ad00a366095ac3d575f3605cb6e4659d6b81 (patch)
treeb3efc92ac09f8e5f493b1d062a4a51ff496a658d
parentImport LibreSSL 3.2.2 (diff)
downloadlibretls-8c64ad00a366095ac3d575f3605cb6e4659d6b81.tar.gz
libretls-8c64ad00a366095ac3d575f3605cb6e4659d6b81.zip
Import LibreSSL 3.3.0
-rw-r--r--VERSION2
-rw-r--r--compat/getentropy_freebsd.c6
-rw-r--r--compat/getentropy_netbsd.c6
-rw-r--r--compat/getentropy_win.c27
-rw-r--r--m4/check-os-options.m42
-rw-r--r--man/Makefile.am36
6 files changed, 15 insertions, 64 deletions
diff --git a/VERSION b/VERSION
index 19ef286..8fe1da8 100644
--- a/VERSION
+++ b/VERSION
@@ -1,2 +1,2 @@
-3.2.2
+3.3.0
 
diff --git a/compat/getentropy_freebsd.c b/compat/getentropy_freebsd.c
index 30cd68e..ea90ffe 100644
--- a/compat/getentropy_freebsd.c
+++ b/compat/getentropy_freebsd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: getentropy_freebsd.c,v 1.3 2016/08/07 03:27:21 tb Exp $	*/
+/*	$OpenBSD: getentropy_freebsd.c,v 1.4 2020/10/12 22:08:33 deraadt Exp $	*/
 
 /*
  * Copyright (c) 2014 Pawel Jakub Dawidek <pjd@FreeBSD.org>
@@ -32,11 +32,9 @@
 static size_t
 getentropy_sysctl(u_char *buf, size_t size)
 {
-	int mib[2];
+	const int mib[2] = { CTL_KERN, KERN_ARND };
 	size_t len, done;
 
-	mib[0] = CTL_KERN;
-	mib[1] = KERN_ARND;
 	done = 0;
 
 	do {
diff --git a/compat/getentropy_netbsd.c b/compat/getentropy_netbsd.c
index 45d68c9..5dc8959 100644
--- a/compat/getentropy_netbsd.c
+++ b/compat/getentropy_netbsd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: getentropy_netbsd.c,v 1.3 2016/08/07 03:27:21 tb Exp $	*/
+/*	$OpenBSD: getentropy_netbsd.c,v 1.4 2020/10/12 22:08:33 deraadt Exp $	*/
 
 /*
  * Copyright (c) 2014 Pawel Jakub Dawidek <pjd@FreeBSD.org>
@@ -32,11 +32,9 @@
 static size_t
 getentropy_sysctl(u_char *buf, size_t size)
 {
-	int mib[2];
+	const int mib[2] = { CTL_KERN, KERN_ARND };
 	size_t len, done;
 
-	mib[0] = CTL_KERN;
-	mib[1] = KERN_ARND;
 	done = 0;
 
 	do {
diff --git a/compat/getentropy_win.c b/compat/getentropy_win.c
index 2abeb27..64514b3 100644
--- a/compat/getentropy_win.c
+++ b/compat/getentropy_win.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: getentropy_win.c,v 1.5 2016/08/07 03:27:21 tb Exp $	*/
+/*	$OpenBSD: getentropy_win.c,v 1.6 2020/11/11 10:41:24 bcook Exp $	*/
 
 /*
  * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org> 
@@ -21,39 +21,30 @@
  */
 
 #include <windows.h>
+#include <bcrypt.h>
 #include <errno.h>
 #include <stdint.h>
 #include <sys/types.h>
-#include <wincrypt.h>
-#include <process.h>
 
 int	getentropy(void *buf, size_t len);
 
 /*
- * On Windows, CryptGenRandom is supposed to be a well-seeded
- * cryptographically strong random number generator.
+ * On Windows, BCryptGenRandom with BCRYPT_USE_SYSTEM_PREFERRED_RNG is supposed
+ * to be a well-seeded, cryptographically strong random number generator.
+ * https://docs.microsoft.com/en-us/windows/win32/api/bcrypt/nf-bcrypt-bcryptgenrandom
  */
 int
 getentropy(void *buf, size_t len)
 {
-	HCRYPTPROV provider;
-
 	if (len > 256) {
 		errno = EIO;
 		return (-1);
 	}
 
-	if (CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL,
-	    CRYPT_VERIFYCONTEXT) == 0)
-		goto fail;
-	if (CryptGenRandom(provider, len, buf) == 0) {
-		CryptReleaseContext(provider, 0);
-		goto fail;
+	if (FAILED(BCryptGenRandom(NULL, buf, len, BCRYPT_USE_SYSTEM_PREFERRED_RNG))) {
+		errno = EIO;
+		return (-1);
 	}
-	CryptReleaseContext(provider, 0);
-	return (0);
 
-fail:
-	errno = EIO;
-	return (-1);
+	return (0);
 }
diff --git a/m4/check-os-options.m4 b/m4/check-os-options.m4
index 8241aee..c014efb 100644
--- a/m4/check-os-options.m4
+++ b/m4/check-os-options.m4
@@ -112,7 +112,7 @@ char buf[1]; getentropy(buf, 1);
 		CPPFLAGS="$CPPFLAGS -D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS"
 		CPPFLAGS="$CPPFLAGS -DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0600"
 		CPPFLAGS="$CPPFLAGS"
-		AC_SUBST([PLATFORM_LDADD], ['-lws2_32'])
+		AC_SUBST([PLATFORM_LDADD], ['-lws2_32 -lbcrypt'])
 		;;
 	*solaris*)
 		HOST_OS=solaris
diff --git a/man/Makefile.am b/man/Makefile.am
index c2f2697..ad840b6 100644
--- a/man/Makefile.am
+++ b/man/Makefile.am
@@ -2282,14 +2282,6 @@ install-data-hook:
 	ln -sf "SSL_num_renegotiations.3" "$(DESTDIR)$(mandir)/man3/SSL_clear_num_renegotiations.3"
 	ln -sf "SSL_num_renegotiations.3" "$(DESTDIR)$(mandir)/man3/SSL_total_renegotiations.3"
 	ln -sf "SSL_read.3" "$(DESTDIR)$(mandir)/man3/SSL_peek.3"
-	ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_max_early_data.3"
-	ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_max_early_data.3"
-	ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get_max_early_data.3"
-	ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_set_max_early_data.3"
-	ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_get_early_data_status.3"
-	ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_get_max_early_data.3"
-	ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_set_max_early_data.3"
-	ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_write_early_data.3"
 	ln -sf "SSL_renegotiate.3" "$(DESTDIR)$(mandir)/man3/SSL_renegotiate_abbreviated.3"
 	ln -sf "SSL_renegotiate.3" "$(DESTDIR)$(mandir)/man3/SSL_renegotiate_pending.3"
 	ln -sf "SSL_rstate_string.3" "$(DESTDIR)$(mandir)/man3/SSL_rstate_string_long.3"
@@ -3101,16 +3093,6 @@ install-data-hook:
 	ln -sf "tls_read.3" "$(DESTDIR)$(mandir)/man3/tls_handshake.3"
 	ln -sf "tls_read.3" "$(DESTDIR)$(mandir)/man3/tls_reset.3"
 	ln -sf "tls_read.3" "$(DESTDIR)$(mandir)/man3/tls_write.3"
-	ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_chain.3"
-	ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_error_depth.3"
-	ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_error_string.3"
-	ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_free.3"
-	ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_new.3"
-	ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_intermediates.3"
-	ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_max_chains.3"
-	ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_max_depth.3"
-	ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_max_signatures.3"
-	ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_purpose.3"
 
 uninstall-local:
 	-rm -f "$(DESTDIR)$(mandir)/man3/ACCESS_DESCRIPTION_free.3"
@@ -4903,14 +4885,6 @@ uninstall-local:
 	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_clear_num_renegotiations.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_total_renegotiations.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_peek.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_max_early_data.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_max_early_data.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get_max_early_data.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_set_max_early_data.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_early_data_status.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_max_early_data.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_max_early_data.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_write_early_data.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_renegotiate_abbreviated.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_renegotiate_pending.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_rstate_string_long.3"
@@ -5722,13 +5696,3 @@ uninstall-local:
 	-rm -f "$(DESTDIR)$(mandir)/man3/tls_handshake.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/tls_reset.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/tls_write.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_chain.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_error_depth.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_error_string.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_free.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_new.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_intermediates.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_max_chains.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_max_depth.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_max_signatures.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_purpose.3"
up here is evidence that this is too jargony for a manual. Patch attached. - M. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2018-04-19expand: Do not quote backslashes in unquoted parameter expansionHerbert Xu On Mon, Mar 26, 2018 at 07:25:20PM +0200, Martijn Dekker wrote: > Op 26-03-18 om 17:38 schreef Harald van Dijk: > > And not by dash 0.5.4. Like I wrote, dash 0.5.5 had some bugs that were > > fixed in 0.5.6, which mostly restored the behaviour to match <0.5.5. > > Ah, sorry. dash 0.5.4 and earlier don't compile on my system, so they > are not included in my conveniently accessible arsenal of test shells. > > > As for my patches, that was by accident and doesn't work reliably. When > > the shell sees no metacharacters, pathname expansion is bypassed, and > > backslash isn't considered a metacharacter. Which got me to my original > > example of /de\v: there are no metacharacters in there, so the shell > > doesn't look to see if it matches anything. Which seems highly > > desirable: the shell shouldn't need to hit the file system for words not > > containing metacharacters. The only way then to get consistent behaviour > > is if the backslash is taken as quoted, so I'm not tempted to argue for > > the behaviour you're hoping for, sorry. :) Here is a better example: a="/*/\nullx" b="/*/\null"; printf "%s\n" $a $b dash currently prints /*/\nullx /*/\null bash prints /*/\nullx /dev/null You may argue the bash behaviour is inconsistent but it actually makes sense. What happens is that quote removal only applies to the original token as seen by the shell. It is never applied to the result of parameter expansion. Now you may ask why on earth does the second line say "/dev/null" instead of "/dev/\null". Well that's because it is not the quote removal step that removed the backslash, but the pathname expansion. The fact that the /de\v does not become /dev even though it exists is just the result of the optimisation to avoid unnecessarily calling stat(2). I have checked POSIX and I don't see anything that forbids this behaviour. So going back to dash yes I think we should adopt the bash behaviour for pathname expansion and keep the existing case semantics. This patch does exactly that. Note that this patch does not work unless you have already applied https://patchwork.kernel.org/patch/10306507/ because otherwise the optimisation mentioned above does not get detected correctly and we will end up doing quote removal twice. This patch also updates expmeta to handle naked backslashes at the end of the pattern which is now possible. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2018-04-19shell: Add subdir-objects to AM_INIT_AUTOMAKEJason Bowen I've attached a patch which adds the subdir-objects option to AM_INIT_AUTOMAKE. For a while now when I've compiled dash I received a warning from automake that there are source files in a subdirectory but that the subdir-objects automake option was not supplied. I've just been adding it myself, but I finally got around to submitting a patch. The code still compiles for now (i'm using automake 1.15.1), but warning text is rarely nice to see and, if the warning text is to be believed, then the warning will eventually become an error. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2018-04-19eval: Restore input files in evalcommandHerbert Xu When evalcommand invokes a command that modifies parsefile and then bails out without popping the file, we need to ensure the input file is restored so that the shell can continue to execute. Reported-by: Martijn Dekker <martijn@inlv.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2018-04-19eval: Reap zombies after built-in commands and functionsHerbert Xu Currently dash does not reap dead children after built-in commands or functions. This means that if you construct a loop consisting of solely built-in commands and functions, then zombies can hang around indefinitely. This patch fixes this by reaping when necessary after each built-in command and function. Reported-by: Denys Vlasenko <vda.linux@googlemail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2018-04-19redir: Fix typo in noclobber codeHerbert Xu The noclobber code has a typo in it that causes it to fail. This patch fixes it. Reported-by: Denys Vlasenko <vda.linux@googlemail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2018-04-19expand: Fix glibc glob(3) supportHerbert Xu It's been a while since we disabled glob(3) support by default. It appears to be working now, however, we have to change our code to detect the no-match case correctly. In particular, we need to test for GLOB_NOMAGIC | GLOB_NOCHECK instead of GLOB_MAGCHAR. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2018-04-02expand: Fix buffer overflow in expandmetaHerbert Xu The native version of expandmeta allocates a buffer that may be overrun for two reasons. First of all the size is 1 byte too small but this is normally hidden because the minimum size is rounded up to 2048 bytes. Secondly, if the directory level is deep enough, any buffer can be overrun. This patch fixes both problems by calling realloc when necessary. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2018-04-02builtin: Move echo space/nl handling into print_escape_strHerbert Xu Currently echocmd uses print_escape_str to do everything apart from printing the spaces/newlines separating its arguments. This patch moves the actual printing into print_escape_str as well using the format parameter. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2018-04-02builtin: Fix echo performance regressionHerbert Xu The commit d6c0e1e2ffbf7913ab69d51cc794d48d41c8fcb1 ("[BUILTIN] Handle embedded NULs correctly in printf") caused a performance regression in the echo built-in because every echo call now goes through the printf %b slow path where the string is always printed twice to ensure the space padding is correct in the presence of NUL characters. In fact this regression applies to printf %b as well. This is easily fixed by making printf %b take the fast path when no precision/field width modifiers are present. This patch also changes the second strchurnul call to strspn which generates slightly better code. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2018-04-02expand: Fix ghost fields with unquoted $@/$*Herbert Xu Harald van Dijk <harald@gigawatt.nl> wrote: > On 22/03/2018 22:38, Martijn Dekker wrote: >> Op 22-03-18 om 20:28 schreef Harald van Dijk: >>> On 22/03/2018 03:40, Martijn Dekker wrote: >>>> This patch fixes the bug that, given no positional parameters, unquoted >>>> $@ and $* incorrectly generate one empty field (they should generate no >>>> fields). Apparently that was a side effect of the above. >>> >>> This seems weird though. If you want to remove the recording of empty >>> regions because they are pointless, then how does removing them fix a >>> bug? Doesn't this show that empty regions do have an effect? Perhaps >>> they're not supposed to have any effect, perhaps it's a specific >>> combination of empty regions and something else that triggers some bug, >>> and perhaps that combination can no longer occur with your patch. >> >> The latter is my guess, but I haven't had time to investigate it. > > Looking into it again: > > When IFS is set to an empty string, sepc is set to '\0' in varvalue(). > This then causes *quotedp to be set to true, meaning evalvar()'s quoted > variable is turned on. quoted is then passed to recordregion() as the > nulonly parameter. > > ifsp->nulonly has a bigger effect than merely selecting whether to use > $IFS or whether to only split on null bytes: in ifsbreakup(), nulonly > also causes string termination to be suppressed. That's correct: that > special treatment is required to preserve empty fields in "$@" > expansion. But it should *only* be used when $@ is quoted: ifsbreakup() > takes nulonly from the last IFS region, even if it's empty, so having an > additional zero-length region with nulonly enabled causes confusion. > > Passing quoted by value to varvalue() and not attempting to modify it > should therefore, and in my quick testing does, also work to fix the > original $@ bug. You're right. The proper fix to this is to ensure that nulonly is not set in varvalue for $*. It should only be set for $@ when it's inside double quotes. In fact there is another bug while we're playing with $@/$*. When IFS is set to a non-whitespace character such as :, $* outside quotes won't remove empty fields as it should. This patch fixes both problems. Reported-by: Martijn Dekker <martijn@inlv.org> Suggested-by: Harald van Dijk <harald@gigawatt.nl> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2018-04-02parser: Allow newlines within parameter substitutionHerbert Xu On Fri, Mar 16, 2018 at 11:27:22AM +0800, Herbert Xu wrote: > On Thu, Mar 15, 2018 at 10:49:15PM +0100, Harald van Dijk wrote: > > > > Okay, it can be trivially modified to something that does work in other > > shells (even if it were actually executed), but gets rejected at parse time > > by dash: > > > > if false; then > > : ${$+ > > } > > fi > > That's just a bug in dash's parser with ${} in general, because > it bombs out without the if clause too: > > : ${$+ > } This patch fixes the parsing of newlines with parameter substitution. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2018-04-02expand: Fix bugs with words connected to the right of $@Herbert Xu On Sun, Mar 04, 2018 at 12:44:59PM +0100, Harald van Dijk wrote: > > command: set -- a ""; space=" "; printf "<%s>" "$@"$space > bash: <a><> > dash 0.5.8: <a>< > > dash 0.5.9.1: <a>< > > dash patched: <a><> This is actually composed of two bugs. First of all our tracking of quotemark is wrong so anything after "$@" becomes quoted. Once we fix that then the problem is that the first space character after "$@" is not recognised as an IFS. This patch fixes both. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2018-03-25Revert "[BUILTIN] Remove unnecessary restoration of format string in printf"Herbert Xu This reverts commit 7bb413255368e94395237d789f522891093c5774. The commit breaks printf with more than argument. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2018-03-22parser: Fix backquote support in here-document EOF markHerbert Xu