aboutsummaryrefslogtreecommitdiff
path: root/sys/netinet/sctp_auth.c
Commit message (Collapse)AuthorAgeFilesLines
* net: clean up empty lines in .c and .h filesMateusz Guzik2020-09-011-10/+0
| | | | Notes: svn path=/head/; revision=365071
* Non-functional changes due to upstream cleanup.Michael Tuexen2020-06-111-6/+2
| | | | | | | MFC after: 1 week Notes: svn path=/head/; revision=362054
* Retire SCTP_SO_LOCK_TESTING.Michael Tuexen2020-06-071-4/+0
| | | | | | | | | | | | This was intended to test the locking used in the MacOS X kernel on a FreeBSD system, to make use of WITNESS and other debugging infrastructure. This hasn't been used for ages, to take it out to reduce the #ifdef complexity. MFC after: 1 week Notes: svn path=/head/; revision=361895
* Remove assignment without effect.Michael Tuexen2020-05-181-1/+0
| | | | | | | MFC after: 3 days Notes: svn path=/head/; revision=361227
* Improve input validation for some parameters having a too smallMichael Tuexen2019-12-201-1/+2
| | | | | | | | | | | | reported length. Thanks to Natalie Silvanovich from Google for finding one of these issues in the SCTP userland stack and reporting it. MFC after: 1 week Notes: svn path=/head/; revision=355931
* Only allow a SCTP-AUTH shared key to be updated by the applicationMichael Tuexen2019-09-171-1/+1
| | | | | | | | | | | if it is not deactivated and not used. This avoids a use-after-free problem. Reported by: da_cheng_shao@yeah.net MFC after: 3 days Notes: svn path=/head/; revision=352438
* Mitigate providing a timing signal if the COOKIE or AUTHMichael Tuexen2018-10-011-1/+1
| | | | | | | | | | | | validation fails. Thanks to jmg@ for reporting the issue, which was discussed in https://admbugs.freebsd.org/show_bug.cgi?id=878 Approved by: re (TBD@) MFC after: 1 week Notes: svn path=/head/; revision=339042
* Remove unused code.Michael Tuexen2018-09-181-34/+0
| | | | | | | | Approved by: re (kib@) MFC after: 1 week Notes: svn path=/head/; revision=338749
* Whitespace changes due to changes in ident.Michael Tuexen2018-07-191-0/+6
| | | | Notes: svn path=/head/; revision=336511
* Revert https://svnweb.freebsd.org/changeset/base/336503Michael Tuexen2018-07-191-59/+62
| | | | | | | since I also ran the export script with different parameters. Notes: svn path=/head/; revision=336508
* Whitespace changes due to change if ident.Michael Tuexen2018-07-191-62/+59
| | | | Notes: svn path=/head/; revision=336503
* Don't overflow a buffer if we receive an INIT or INIT-ACK chunkMichael Tuexen2018-06-021-0/+2
| | | | | | | | | | | | | without a RANDOM parameter but with a CHUNKS or HMAC-ALGO parameter. Please note that sending this combination violates the specification. Thnanks to Ronald E. Crane for reporting the issue for the userland stack. MFC after: 3 days Notes: svn path=/head/; revision=334532
* sys: further adoption of SPDX licensing ID tags.Pedro F. Giffuni2017-11-201-0/+2
| | | | | | | | | | | | | | | | | Mainly focus on files that use BSD 3-Clause license. The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts. Special thanks to Wind River for providing access to "The Duke of Highlander" tool: an older (2014) run over FreeBSD tree was useful as a starting point. Notes: svn path=/head/; revision=326023
* Fix a bug reported by Felix Weinrank using the libfuzzer on theMichael Tuexen2017-10-251-3/+3
| | | | | | | | | userland stack. MFC after: 3 days Notes: svn path=/head/; revision=324971
* Use memset/memcpy instead of bzero/bcopy.Michael Tuexen2017-07-191-30/+30
| | | | | | | | | | Just use one variant instead of both. Use the memset/memcpy ones since they cause less problems in crossplatform deployment. MFC after: 1 week Notes: svn path=/head/; revision=321204
* Fix the accounting and add code to detect errors in accounting.Michael Tuexen2017-07-191-1/+1
| | | | | | | | Joint work with rrs@ MFC after: 1 week Notes: svn path=/head/; revision=321197
* Handle sctp_get_next_param() in a consistent way.Michael Tuexen2017-06-231-23/+30
| | | | | | | | | | This addresses an issue found by Felix Weinrank using libfuzz. While there, use also consistent nameing. MFC after: 3 days Notes: svn path=/head/; revision=320300
* Whitespace changes.Michael Tuexen2016-12-261-51/+51
| | | | | | | | | | The toolchain for processing the sources has been updated. No functional change. MFC after: 3 days Notes: svn path=/head/; revision=310590
* Address a potential memory leak found a the clang static code analyzerMichael Tuexen2016-07-161-3/+6
| | | | | | | | | running on the userland stack. MFC after: 3 days Notes: svn path=/head/; revision=302928
* Use __func__ instead of __FUNCTION__.Michael Tuexen2015-10-191-3/+3
| | | | | | | | | | This allows to compile the userland stack without errors using gcc5. Thanks to saghul for makeing me aware and providing the patch. MFC after: 1 week Notes: svn path=/head/; revision=289570
* Cleanup the handling of error causes for ERROR chunks. This fixesMichael Tuexen2015-09-121-13/+12
| | | | | | | | | | an inconsistency of the padding handling. The final padding is now considered to be a chunk padding. MFC after: 1 week Notes: svn path=/head/; revision=287717
* Make sure that we don't free an SCTP shared key too early.Michael Tuexen2015-03-251-2/+2
| | | | | | | | | Thanks to Pouyan Sepehrdad from Qualcomm Product Security Initiative for reporting the issue. MFC after: 3 days Notes: svn path=/head/; revision=280642
* Use a consistent type for the number of HMAC algorithms.Michael Tuexen2014-09-161-3/+3
| | | | | | | | | | | | This fixes a bug which resulted in a warning on the userland stack, when compiled on Windows. Thanks to Peter Kasting from Google for reporting the issue and provinding a potential fix. MFC after: 3 days Notes: svn path=/head/; revision=271673
* Add support for the SCTP_AUTH_SUPPORTED and SCTP_ASCONF_SUPPORTEDMichael Tuexen2014-08-121-15/+0
| | | | | | | | | socket options. Add also a sysctl to control the support of ASCONF. MFC after: 1 week Notes: svn path=/head/; revision=269858
* Remove the asconf_auth_nochk sysctl. This was off by default and onlyMichael Tuexen2014-08-011-2/+1
| | | | | | | existed to be able to test with non-compliant peers a long time ago. Notes: svn path=/head/; revision=269396
* Initialize SCTP cmsg's and notification's buffer before copying outXin LI2014-07-081-0/+1
| | | | | | | | | | | to userland. Submitted by: tuexen Security: CVE-2014-3953 Security: FreeBSD-SA-14:17.kmem Notes: svn path=/head/; revision=268431
* Get rid of the artification limitation enforced byMichael Tuexen2013-11-071-30/+12
| | | | | | | | | | SCTP_AUTH_RANDOM_SIZE_MAX. This was suggested by Andrew Galante. MFC after: 3 days Notes: svn path=/head/; revision=257804
* All changes affect only SCTP-AUTH:Michael Tuexen2013-09-021-81/+13
| | | | | | | | | | | | * Remove non working code related to SHA224. * Remove support for non-standardised HMAC-IDs using SHA384 and SHA512. * Prefer SHA256 over SHA1. * Minor cleanup. MFC after: 2 weeks Notes: svn path=/head/; revision=255160
* Mechanically substitute flags from historic mbuf allocator withGleb Smirnoff2012-12-051-2/+2
| | | | | | | | | | | | malloc(9) flags within sys. Exceptions: - sys/contrib not touched - sys/mbuf.h edited manually Notes: svn path=/head/; revision=243882
* Using %p in a format string requires a void *.Michael Tuexen2012-09-051-3/+3
| | | | | | | MFC after: 10 days Notes: svn path=/head/; revision=240148
* Use consistent text at the begining of the files.Michael Tuexen2012-05-231-2/+2
| | | | | | | MFC after: 3 days Notes: svn path=/head/; revision=235828
* Use SCTP_PRINTF() instead of printf() in all SCTP sources.Michael Tuexen2012-05-041-10/+10
| | | | | | | MFC after: 3 days Notes: svn path=/head/; revision=234995
* Fix a type in an SCTP AUTH related notification. Keep the old nameMichael Tuexen2012-04-261-1/+1
| | | | | | | | | | for backwards compatibility. Spotted by Irene Ruengeler. MFC after: 3 days Notes: svn path=/head/; revision=234699
* Address issues found by clang. While there, fix also some styleMichael Tuexen2011-12-271-2/+0
| | | | | | | | | issues. MFC after: 3 months. Notes: svn path=/head/; revision=228907
* Fix unused parameter warnings.Michael Tuexen2011-12-171-3/+3
| | | | | | | | | While there, fix some whitespace issues. MFC after: 3 months. Notes: svn path=/head/; revision=228653
* Add support for the newly added SCTP API.Michael Tuexen2011-06-151-1/+1
| | | | | | | | | | | | | | | | In particular add support for: * SCTP_SNDINFO, SCTP_PRINFO, SCTP_AUTHINFO, SCTP_DSTADDRV4, and SCTP_DSTADDRV6 cmsgs. * SCTP_NXTINFO and SCTP_RCVINFO cmgs. * SCTP_EVENT, SCTP_RECVRCVINFO, SCTP_RECVNXTINFO and SCTP_DEFAULT_SNDINFO socket option. * Special association ids (SCTP_FUTURE_ASSOC, ...) * sctp_recvv() and sctp_sendv() functions. MFC after: 1 month. Notes: svn path=/head/; revision=223132
* Fix a locking issue showing up on Mac OS X when subscribing toMichael Tuexen2011-05-081-2/+6
| | | | | | | | | authentication events. DTLS/SCTP renegotiations trigger the bug. MFC after: 2 weeks. Notes: svn path=/head/; revision=221627
* Remove code with any effect.Michael Tuexen2011-05-031-3/+0
| | | | Notes: svn path=/head/; revision=221411
* 1) Typo correction in comments and one spacing change.Randall Stewart2011-02-051-0/+2
| | | | | | | | 2) Mass update to all copyrights. MFC after: 3 Months Notes: svn path=/head/; revision=218319
* Fix a locking issue which shows up when the code is usedMichael Tuexen2010-09-191-1/+1
| | | | | | | | | on Mac OS X. MFC after: 2 weeks. Notes: svn path=/head/; revision=212850
* Spacing issuesRandall Stewart2010-06-051-5/+5
| | | | | | | MFC after: 1 Week Notes: svn path=/head/; revision=208856
* Get rid of support of an old version of the SCTP-AUTH draft.Michael Tuexen2010-01-161-498/+1
| | | | | | | | | Get rid of unused MD5 code. MFC after: 1 week Notes: svn path=/head/; revision=202449
* Use always LIST_EMPTY instead of sometime SCTP_LIST_EMPTY,Michael Tuexen2009-11-171-1/+1
| | | | | | | | | | which is defined as LIST_EMPTY. Approved by: rrs (mentor) MFC after: 1 month Notes: svn path=/head/; revision=199437
* Turns out that when a receiver forwards through its TNS's theRandall Stewart2009-07-281-1/+1
| | | | | | | | | | | | | | | | | | processing code holds the read lock (when processing a FWD-TSN for pr-sctp). If it finds stranded data that can be given to the application, it calls sctp_add_to_readq(). The readq function also grabs this lock. So if INVAR is on we get a double recurse on a non-recursive lock and panic. This fix will change it so that readq() function gets a flag to tell if the lock is held, if so then it does not get the lock. Approved by: re@freebsd.org (Kostik Belousov) MFC after: 1 week Notes: svn path=/head/; revision=195918
* - Cleanup checksum code.Randall Stewart2009-02-031-2/+4
| | | | | | | | | | | | | | | | | | | | - Prepare for CRC offloading, add MIB counters (RS/MT). - Bugfix: Disable CRC computation for IPv6 addresses with local scope (MT). - Bugfix: Handle close() with SO_LINGER correctly when notifications are generated during the close() call(MT). - Bugfix: Generate DRY event when sender is dry during subscription. Only for 1-to-1 style sockets (RS/MT) - Bugfix: Put vtags for the correct amount of time into time-wait (MT). - Bugfix: Clear vtag entries correctly on expiration (MT). - Bugfix: shutdown() indicates ENOTCONN when called for unconnected 1-to-1 style sockets (MT). - Bugfix: In sctp Auth code (PL). - Add support for devices that support SCTP csum offload (igb). - Add missing sctp_associd to mib sysctl xsctp_tcb structure (RS) Obtained from: With help from Peter Lei and Michael Tuexen Notes: svn path=/head/; revision=188067
* Code from the hack-session known as the IETF (and aRandall Stewart2008-12-061-173/+317
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | bit of debugging afterwards): - Fix protection code for notification generation. - Decouple associd from vtag - Allow vtags to have less strigent requirements in non-uniqueness. o don't pre-hash them when you issue one in a cookie. o Allow duplicates and use addresses and ports to discriminate amongst the duplicates during lookup. - Add support for the NAT draft draft-ietf-behave-sctpnat-00, this is still experimental and needs more extensive testing with the Jason Butt ipfw changes. - Support for the SENDER_DRY event to get DTLS in OpenSSL working with a set of patches from Michael Tuexen (hopefully heading to OpenSSL soon). - Update the support of SCTP-AUTH by Peter Lei. - Use macros for refcounting. - Fix MTU for UDP encapsulation. - Fix reporting back of unsent data. - Update assoc send counter handling to be consistent with endpoint sent counter. - Fix a bug in PR-SCTP. - Fix so we only send another FWD-TSN when a SACK arrives IF and only if the adv-peer-ack point progressed. However we still make sure a timer is running if we do have an adv_peer_ack point. - Fix PR-SCTP bug where chunks were retransmitted if they are sent unreliable but not abandoned yet. With the help of: Michael Teuxen and Peter Lei :-) MFC after: 4 weeks Notes: svn path=/head/; revision=185694
* - Macro-izes the packed declaration in all headers.Randall Stewart2008-06-141-3/+3
| | | | | | | | | | | | | | | | | | | | | - Vimage prep - these are major restructures to move all global variables to be accessed via a macro or two. The variables all go into a single structure. - Asconf address addition tweaks (add_or_del Interfaces) - Fix rwnd calcualtion to be more conservative. - Support SACK_IMMEDIATE flag to skip delayed sack by demand of peer. - Comment updates in the sack mapping calculations - Invarients panic added. - Pre-support for UDP tunneling (we can do this on MAC but will need added support from UDP to get a "pipe" of UDP packets in. - clear trace buffer sysctl added when local tracing on. Note the majority of this huge patch is all the vimage prep stuff :-) Notes: svn path=/head/; revision=179783
* - Fix a bug where the socket may have been closed whichRandall Stewart2008-01-281-0/+8
| | | | | | | | | could cause a crash in the auth code. Obtained from: Michael Tuexen MFC after: 1 week Notes: svn path=/head/; revision=175750
* - Locking compatiability changes. This involves addingRandall Stewart2007-09-081-1/+1
| | | | | | | | | | | | | | additional flags to many function calls. The flags only get used in BSD when we compile with lock testing. These flags allow apple to escape the "giant" lock it holds on the socket and have more fine-grained locking in the NKE. It also allows us to test (with witness) the locking used by apple via a compile switch (manually applied). Approved by: re@freebsd.org(B Mah) Notes: svn path=/head/; revision=172090
* - During shutdown pending, when the last sack came in andRandall Stewart2007-08-271-2/+64
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the last message on the send stream was "null" but still there, a state we allow, we could get hung and not clean it up and wait for the shutdown guard timer to clear the association without a graceful close. Fix this so that that we properly clean up. - Added support for Multiple ASCONF per new RFC. We only (so far) accept input of these and cannot yet generate a multi-asconf. - Sysctl'd support for experimental Fast Handover feature. Always disabled unless sysctl or socket option changes to enable. - Error case in add-ip where the peer supports AUTH and ADD-IP but does NOT require AUTH of ASCONF/ASCONF-ACK. We need to ABORT in this case. - According to the Kyoto summit of socket api developers (Solaris, Linux, BSD). We need to have: o non-eeor mode messages be atomic - Fixed o Allow implicit setup of an assoc in 1-2-1 model if using the sctp_**() send calls - Fixed o Get rid of HAVE_XXX declarations - Done o add a sctp_pr_policy in hole in sndrcvinfo structure - Done o add a PR_SCTP_POLICY_VALID type flag - yet to-do in a future patch! - Optimize sctp6 calls to reuse code in sctp_usrreq. Also optimize when we close sending out the data and disabling Nagle. - Change key concatenation order to match the auth RFC - When sending OOTB shutdown_complete always do csum. - Don't send PKT-DROP to a PKT-DROP - For abort chunks just always checksums same for shutdown-complete. - inpcb_free front state had a bug where in queue data could wedge an assoc. We need to just abandon ones in front states (free_assoc). - If a peer sends us a 64k abort, we would try to assemble a response packet which may be larger than 64k. This then would be dropped by IP. Instead make a "minimum" size for us 64k-2k (we want at least 2k for our initack). If we receive such an init discard it early without all the processing. - When we peel off we must increment the tcb ref count to keep it from being freed from underneath us. - handling fwd-tsn had bugs that caused memory overwrites when given faulty data, fixed so can't happen and we also stop at the first bad stream no. - Fixed so comm-up generates the adaption indication. - peeloff did not get the hmac params copied. - fix it so we lock the addr list when doing src-addr selection (in future we need to use a multi-reader/one writer lock here) - During lowlevel output, we could end up with a _l_addr set to null if the iterator is calling the output routine. This means we would possibly crash when we gather the MTU info. Fix so we only do the gather where we have a src address cached. - we need to be sure to set abort flag on conn state when we receive an abort. - peeloff could leak a socket. Moved code so the close will find the socket if the peeloff fails (uipc_syscalls.c) Approved by: re@freebsd.org(Ken Smith) Notes: svn path=/head/; revision=171990
generated by cgit v1.3 (git 2.53.0) at 2026-04-16 20:22:51 +0000