summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* Change the known output to be the expected output, so that webeck2020-09-141-1421/+1421
| | | | | | no longer ignore the expected failures from the legacy name constraints validation, and will have a regress failure if we regress.
* Use a fixed validation time in these tests so we neverbeck2020-09-141-2/+4
| | | | | have to re-generate these certificates and this should just keep working even if the certs get old
* remove unneeded variable "type".beck2020-09-141-6/+5
| | | | | Yak for my shaving pleasure found by llvm static analyzer ok tb@
* Don't leak names on successbeck2020-09-141-1/+2
| | | | | found by llvm static analyzer. ok tb@
* remove unneded variable "time1"beck2020-09-141-6/+6
| | | | | noticed by llvm static analyzer ok tb@
* remove unneded variable "time"beck2020-09-141-3/+2
| | | | | noticed by llvm static analyzer ok tb@
* fix bug introduced on review where refactor made it possible tobeck2020-09-141-2/+2
| | | | | | | eat a NULL. found by clang static analyzer ok tb@
* re-enable new x509 chain verifier as the defaultbeck2020-09-141-3/+1
| | | | ok tb@
* Correctly fix double free introduced on review.beck2020-09-142-3/+3
| | | | | | | the roots for a ctx are only freed in the free function, not in the clear function, so that a ctx can be re-used with the same roots. ok tb@
* Fix double free - review moved the pop_free of roots to x509_verify_ctx_freebeck2020-09-141-2/+1
| | | | so we don't need to pop free the roots separately
* revert previous, need to fix a problembeck2020-09-141-1/+3
|
* Enable the use of the new x509 chain validator by default.beck2020-09-141-3/+1
| | | | ok jsing@ tb@
* Connect a client to a server. Both can be current libressl, orbluhm2020-09-145-10/+193
| | | | | | | openssl 1.0.2, or openssl 1.1. Pin client or server to a fixed TLS version number. Incompatible versions must fail. Check that client and server have used correct version by grepping in their session print out.
* Add regress for SSL_{CTX_,}set_ciphersuites().jsing2020-09-132-7/+318
|
* Implement SSL_{CTX_,}set_ciphersuites().jsing2020-09-135-13/+211
| | | | | | | | | | OpenSSL added a separate API for configuring TLSv1.3 ciphersuites. Provide this API, while retaining the current behaviour of being able to configure TLSv1.3 via the existing interface. Note that this is not currently exposed in the headers/exported symbols. ok beck@ inoguchi@ tb@
* Add new x509 certificate chain validator in x509_verify.cbeck2020-09-1311-68/+1281
| | | | | | | | | | | | | | | | | | | The new validator finds multiple validated chains to handle the modern PKI cases which may frequently have multiple paths via different intermediates to different roots. It is loosely based on golang's x509 validator This includes integration so that the new validator can be used via X509_verify_cert() as well as a new api x509_verify() which will return multiple chains (similar to go). The new validator is not enabled by default with this commit, this will be changed in a follow on commit. The new public API is not yet exposed, and will be finalized and exposed with a man page and a library minor bump later. ok tb@ inoguchi@ jsing@
* Improve handling of BIO_read()/BIO_write() failures in the TLSv1.3 stack.jsing2020-09-131-1/+9
| | | | | | | | | | | | | | | | When BIO returns a failure, it does not always add an error to the error stack. In the case of the legacy stack, this was generally handled by the guesswork performed by SSL_get_error(). However, in the case of the new stack we push an 'unknown' error onto the stack. Improve this situation by specifically checking errno in the case of a BIO_read() or BIO_write() failure. If the error stack is empty then push a SYSerror() with the errno which is preferable to the 'unknown' error later. Noted by bluhm@ via syslogd regress. ok beck@ tb@
* Use the correct type for tls1_set_ec_id()tb2020-09-121-3/+3
| | | | | | The curve_id is a uint16, not an int. ok beck jsing
* Simplify tls1_set_ec_id() a bittb2020-09-121-24/+19
| | | | | | | Use more descriptive variable names, explain why NID_undef is fine and simplify the logic. ok beck jsing
* Unindent a bit of code that performs a few too many checks totb2020-09-121-10/+8
| | | | figure out whether top > 0 or top == 0.
* If CPU does not support AES-NI, LibreSSL TLS 1.3 client prefersbluhm2020-09-121-9/+18
| | | | chacha-poly over aes-gcm. Expect both fallbacks for non 1.3 ciphers.
* Avoid an out-of-bounds access in BN_rand()tb2020-09-121-3/+8
| | | | | | | | | | If BN_rand() is called with top > 0 and bits == 1, it would allocate a buf[] of size 1 and set the top bit of buf[1]. Found in OpenSSL commit efee575ad464bfb60bf72dcb73f9b51768f4b1a1 while looking for something else. ok beck djm inoguchi
* Change over to use the new x509 name constraints verification.beck2020-09-121-28/+7
| | | | ok jsing@
* remove unused include that breaks regressbeck2020-09-121-1/+0
|
* Include machine/endian.h in gost2814789.cinoguchi2020-09-121-1/+3
| | | | | | | To pick up __STRICT_ALIGNMENT define, include machine/endian.h. No kidding... deraadt@ ok bcook@ jsing@
* Enable cert and cipher interop tests. cert just works. cipher hasbluhm2020-09-113-55/+35
| | | | | | | | been fixed to work with libressl TLS 1.3. Both libressl and openssl11 replace obsolete TLS 1.2 ciphers with AEAD-AES256-GCM-SHA384 or TLS_AES_256_GCM_SHA384 in TLS 1.3 respectively. The test expects that now. Currently GOST does not work with libressl and TLS 1.3 and is disabled.
* Add x509_constraints.c - a new implementation of x509 name constraints, withbeck2020-09-115-7/+1767
| | | | | | | regression tests. The use of the new name constraints is not yet activated in x509_vfy.c and will be activated in a follow on commit ok jsing@
* Remove cipher_list_by_id.jsing2020-09-117-89/+32
| | | | | | | | | | | | | | | | | When parsing a cipher string, a cipher list is created, before being duplicated and sorted - the second copy being stored as cipher_list_by_id. This is done only so that a client can ensure that the cipher selected by a server is in the cipher list. This is pretty pointless given that most clients are short-lived and that we already had to iterate over the cipher list in order to build the client hello. Additionally, any update to the cipher list requires that cipher_list_by_id also be updated and kept in sync. Remove all of this and replace it with a simple linear scan - the overhead of duplicating and sorting the cipher list likely exceeds that of a simple linear scan over the cipher list (64 maximum, more typically ~9 or so). ok beck@ tb@
* Simplify SSL_get_ciphers().jsing2020-09-111-13/+7
| | | | ok beck@, tb@
* Rename ssl_cipher_is_permitted()jsing2020-09-113-10/+10
| | | | | | | | | | The name ssl_cipher_is_permitted() is not entirely specific - what it really means is "can this cipher be used with a given version range". Use ssl_cipher_allowed_in_version_range() to more clearly indicate this. Bikeshedded with tb@ ok tb@
* Some SSL_AD_* defines snuck into the TLSv1.3 code - replace them withjsing2020-09-112-10/+10
| | | | | | TLS13_ALERT_* defines. ok beck@ tb@
* Add issuer cache, to be used by upcoming changes to validation code.beck2020-09-113-1/+216
| | | | ok tb@ jsing@
* Various ciphers related clean up.jsing2020-09-111-41/+36
| | | | | | | Consistently use the names 'ciphers' and 'cipher' instead of 'sk' and 'c'. Remove some redundant code, unnecessary parentheses and fix some style(9). ok inoguchi@ tb@
* Enable test-tls13-large-number-of-extensions.pytb2020-09-101-2/+7
| | | | | | Skip sending an empty ECPF extension for now: we don't accept it since according to RFC 4492 and 8422 it needs to advertise uncompressed point formats.
* Wrap long lines, add space in front of goto label in openssl(1) ocsp.cinoguchi2020-09-091-93/+118
|
* Change SSLv23_client_method to TLS_client_method openssl(1) ocspinoguchi2020-09-091-2/+2
|
* Remove space between pointer '*' and variable name in ocsp.cinoguchi2020-09-091-39/+39
|
* Convert openssl(1) ocsp option handlinginoguchi2020-09-091-443/+725
| | | | input and ok tb@
* Add option type OPTION_UL_VALUE_ORinoguchi2020-09-092-2/+9
| | | | ok tb@
* Set alpn_selected_len = 0 when alpn_selected is NULLinoguchi2020-09-091-1/+4
| | | | ok jsing@ tb@
* Import latest OPENSSL_NO_* flags from OpenSSL 1.1.1ginoguchi2020-09-091-0/+8
| | | | ok tb@
* Mention that EC_KEY_get0_public_key returns a public key.tb2020-09-081-3/+5
| | | | wording from jmc
* Garbage collect renew_ticket in tls_decrypt_tickettb2020-09-071-8/+5
| | | | | | | | | | | | This is only set in one place and read in one place to set the badly named tlsext_ticket_expected flag. It seems preferable to set this flag directly, thus simplifying the logic. This slightly changes the behavior in that this flag is now set earlier, but this seems preferable anyway. Any error between the old and the new position where the flag is set is either fatal (so the connection will be closed) or a decrypt error (so the flag will be set). discussed with jsing
* For page-sized and larger allocations do not put the pages we'reotto2020-09-061-21/+18
| | | | | | | shaving off into the cache but unamp them. Pages in the cache get re-used and then a future grow of the first allocation will be hampered. Also make realloc a no-op for small shrinkage. ok deraadt@
* Ignore ftruncate failure with errno == EAGAINtb2020-09-041-2/+5
| | | | | | This makes piping the OCSP response to other programs with -o - work. input and r+ guenther
* Clean up asn1/x_info.ctb2020-09-031-22/+9
| | | | | | | | | | Instead of using malloc(3) and manually setting part of the structure to zero, part to something else and leaving the rest uninitialized, we can benefit from the fact that there's this thing called calloc(3). Moreover, all variants of free(3) in libcrypto are NULL safe. ok beck inoguchi
* Remove unnecessary zeroing after recallocarray(3)tb2020-09-031-3/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Zap a memset that was redundant since OpenSSL 0.97b was merged by markus in 2003. Nowadays it's otto's recallocarray(3) that does the zeroing. ok beck inoguchi otto PS: ASN1_BIT_STRING_set_bit(3) was committed on Dec 21 1998 by Ralf S. Engelschnall and used this bizarre allocation idiom: if (a->data == NULL) c=(unsigned char *)Malloc(w+1); else c=(unsigned char *)Realloc(a->data,w+1); People complained about Malloc, Realloc and Free being used elsewhere, so on Jun 1 2000, Richarde Levitte swept the OpenSSL tree and it became this. if (a->data == NULL) c=(unsigned char *)OPENSSL_malloc(w+1); else c=(unsigned char *)OPENSSL_realloc(a->data,w+1); Then it was found that existing data should be cleaned, and on Nov 13 2002 Ben Laurie changed the last line to c=(unsigned char *)OPENSSL_realloc_clean(a->data, a->length, w+1);
* KNF and comment tweakstb2020-09-021-8/+10
|
* Zero out data to avoid leaving stack garbage in the tail oftb2020-09-011-1/+3
| | | | | | | the session id in case the copied session id is shorter than SSL_MAX_SESSION_ID_LENGTH. long standing bug pointed out by jsing
* The bumping of sess_cb_hit stats can wait until handling oftb2020-09-011-4/+3
| | | | get_session_cb is completed.