summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* describe six more PKCS7 attribute functionsschwarze2020-06-101-14/+208
|
* The check_includes step is incorrect dependency management model forderaadt2020-06-093-33/+3
| | | | | | how our tree gets built. If this was done in all the libraries (imagine sys/dev), it would disrupt the development process hugely. So it should not be done here either. use 'make includes' by hand instead.
* Implement a rolling hash of the ClientHello message, Enforce RFC 8446beck2020-06-067-9/+181
| | | | | | | | section 4.1.2 to ensure subsequent ClientHello messages after a HelloRetryRequest messages must be unchanged from the initial ClientHello. ok tb@ jsing@
* Add a custom copy handler for AES key wraptb2020-06-051-5/+31
| | | | | | | | | | | | | This is necessary because ctx->cipher_data is an EVP_AES_WRAP_CTX containing a pointer to ctx->iv. EVP_CIPHER_CTX_copy() uses memcpy to copy cipher_data to the target struct. The result is that the copy contains a pointer to the wrong struct, which then leads to a use-after-free. The custom copy handler fixes things up to avoid that. Issue reported by Guido Vranken ok beck inoguchi jsing
* Use IANA allocated GOST ClientCertificateTypes.jsing2020-06-053-9/+15
| | | | | | | | | | | IANA has allocated numbers for GOST ClientCertificateType. Use them in addition to private values (left in place for compatibility). Diff from Dmitry Baryshkov <dbaryshkov@gmail.com> Sponsored by ROSA Linux ok inoguchi@ tb@
* Stop sending GOST R 34.10-94 as a CertificateType.jsing2020-06-051-3/+1
| | | | | | | | | | | | GOST R 34.10-94 is an obsolete certificate type, unsupported by LibreSSL and by the rest of current software, so there is no point in sending in the CertificateTypes. Diff from Dmitry Baryshkov <dbaryshkov@gmail.com> Sponsored by ROSA Linux ok inoguchi@ tb@
* Handle GOST in ssl_cert_dup().jsing2020-06-051-1/+5
| | | | | | | | | | Add missing case entry for SSL_PKEY_GOST01. Diff from Dmitry Baryshkov <dbaryshkov@gmail.com> Sponsored by ROSA Linux ok inoguchi@ tb@
* Enable GOST_SIG_FORMAT_RS_LE when verifying certificate signatures.jsing2020-06-052-2/+15
| | | | | | | | | | | | | | GOST cipher suites requires that CertVerify signatures be generated in a special way (see ssl3_send_client_kex_gost(), ssl3_get_cert_verify()). However, the GOST_SIG_FORMAT_RS_LE flag was not passed in case of TLS 1.2 connections (because they use different code path). Set this flag on GOST PKEYs. Diff from Dmitry Baryshkov <dbaryshkov@gmail.com> Sponsored by ROSA Linux ok inoguchi@ tb@
* Allow GOST R 34.11-2012 in PBE/PBKDF2/PKCS#5.jsing2020-06-051-1/+3
| | | | | | | | Diff from Dmitry Baryshkov <dbaryshkov@gmail.com> Sponsored by ROSA Linux ok inoguchi@ tb@
* Add OIDs for HMAC using Streebog (GOST R 34.11-2012) hash function.jsing2020-06-052-0/+4
| | | | | | | | Diff from Dmitry Baryshkov <dbaryshkov@gmail.com> Sponsored by ROSA Linux ok inoguchi@ tb@
* Add a few more errors to help debugging.jsing2020-06-051-6/+16
| | | | | | | | Diff from Dmitry Baryshkov <dbaryshkov@gmail.com> Sponsored by ROSA Linux. ok inoguchi@ tb@
* Add support for additional GOST curves.jsing2020-06-054-12/+182
| | | | | | | | | | | | | These GOST curves are defined in RFC 7836 and draft-deremin-rfc4491-bis. Add aliases for 256-bit GOST curves (see draft-smyshlyaev-tls12-gost-suites) and rename the 512-bit curve ids to follow names defined in tc26 OID registry. Diff from Dmitry Baryshkov <dbaryshkov@gmail.com> Sponsored by ROSA Linux. ok inoguchi@
* Remove remaining error *_str_functs[]jsing2020-06-054-274/+11
| | | | | | | | | A number of years ago we dropped the concept of having function names in errors, since it is not that useful and very quickly gets out of sync when refactoring. It would seem that some new ones got imported and some missed the last clean up. ok tb@ beck@ "kill it with fire"
* Apply some style(9).jsing2020-06-051-34/+30
|
* One error file per directory is plenty.jsing2020-06-053-229/+157
|
* When X509_ATTRIBUTE_create() receives an invalid NID (e.g., -1), returnschwarze2020-06-044-19/+124
| | | | | | | | | | | failure rather than silently constructing a broken X509_ATTRIBUTE object that might cause NULL pointer accesses later on. This matters because X509_ATTRIBUTE_create() is used by documented API functions like PKCS7_add_attribute(3) and the NID comes straight from the user. This fixes a bug found while working on documentation. OK tb@ and "thanks" bluhm@
* minor polishing:schwarze2020-06-041-4/+10
| | | | | | * below SEE ALSO, point to the most similar function that is not deprecated * add a comment saying why ERR_load_ERR_strings() is intentionally undocumented * update the comment specifying the merge status
* Align tls13_server_select_certificate() withtb2020-06-041-3/+7
| | | | | | tls13_client_select_certificate(). ok inoguchi
* Improve client certificate selection for TLSv1.3tb2020-06-041-16/+80
| | | | | | This allows clients to use EC certificates. ok inoguchi, jsing
* mention that TLS_method(3) also supports TLSv1.3;schwarze2020-06-041-3/+3
| | | | tb@ OKed this part of a larger diff from inoguchi@
* Collapse the x509v3 directory into x509.jsing2020-06-0438-47/+44
| | | | | | | This avoids the need to grep across directories to find functions and prepares for further rototilling and chainsawing. Discussed with tb@ (who also tested the release build)
* new manual page PKCS7_add_attribute(3);schwarze2020-06-047-12/+201
| | | | tweaks and OK tb@
* Properly document PKCS7_final(3), which was already mentionedschwarze2020-06-0310-32/+263
| | | | in passing in some other manual pages.
* Enable the record layer limits test and mark two finished test cases astb2020-06-031-5/+8
| | | | | xfail for now. Arguably, the expected decode_error is more appropriate than the decrypt_error that we send at the moment.
* Remove const modifier in return type of tls13_handshake_active_state()tb2020-06-021-3/+3
| | | | | | which make no sense as pointed out by gcc on sparc64. ok jsing
* distracting whitespacetb2020-06-021-5/+5
|
* Split the handling of post handshake handshake messages into itstb2020-06-011-55/+44
| | | | | | | | own recv function. This simplifies tls13_recod_layer_read_internal() greatly and makes the phh handling easier to reason about since the code is no longer glued to the right hand edge of the terminal. ok jsing
* Remove expired certificate, ok tb@sthen2020-06-011-53/+1
| | | | /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
* Enable the test-tls13-zero-length-data.py test, skipping thetb2020-06-011-8/+10
| | | | three tests that fail due to a BIO_gets() bug.
* Enable test-dhe-rsa-key-exchange-with-bad-messages.pytb2020-06-011-4/+2
|
* Send an illegal_parameter alert if a client sends us invalid DH keytb2020-06-011-3/+15
| | | | | | | | | shares. Previously we would fail and just close the pipe. Fixes the remaining failing test-dhe-rsa-key-exchange-with-bad-messages.py tests of tlsfuzzer. ok beck (earlier version) jsing
* Add a mechanism to set an alert in those parts of the read half oftb2020-06-011-3/+21
| | | | | | | | | | the record layer that don't do I/O themselves. Use this mechanism to send a record overflow alert for messages that have overlong plaintext or inner plaintext. Fixes most of the remaining record-layer-limits failures of tlsfuzzer. ok jsing
* bump to LibreSSL 3.2.1libressl-v3.2.0bcook2020-06-011-3/+3
|
* Replace ssl_max_server_version() with ssl_downgrade_max_version()jsing2020-05-313-30/+6
| | | | | | | Replace the only occurrence of ssl_max_server_version() with a call to ssl_downgrade_max_version() and remove ssl_max_server_version(). ok beck@ tb@
* When building a chain look for non-expired certificates first.jsing2020-05-311-8/+29
| | | | | | | | | | | | | | | | | | | | | Currently, when building a certificate chain we look up an issuer and if it is the only issuer certificate available we still use it even if it has expired. When X509_V_FLAG_TRUSTED_FIRST is not in use, untrusted certificates are processed first and if one of these happens to be expired it will be used to build the chain, even if there is another non-expired option in the trusted store. Rework this code so that we first look for a non-expired untrusted certificate. If one does not exist then we take a look in the trusted store to see if we would be able to build the chain and only if there is not, do we then look for an expired untrusted certificate. This makes certificate validation possible for various sites that are serving expired AddTrust certificates. Issue reported by Christian Heimes via GitHub. ok beck@ tb@
* Correct downgrade sentinels when a version pinned method is in use.jsing2020-05-314-7/+40
| | | | | | | | | Previously only the enabled protocol versions were considered, however we also have to consider the method in use which may be version pinned. Found the hard way by danj@ with haproxy and force-tlsv12. ok beck@ inoguchi@ tb@
* Fix printing long doubles on architectures with hm and lm bits.mortimer2020-05-311-1/+9
| | | | | | Issue reported with initial patch by enh@google.com. ok deraadt@
* Improve server certificate selection for TLSv1.3.jsing2020-05-292-23/+94
| | | | | | | | | This allows an EC certificate to be selected and used, if the client sigalgs would allow it. With feedback from tb@ ok inoguchi@ tb@
* Handle the case where we receive a valid 0 byte application data record.jsing2020-05-291-1/+10
| | | | | | | | In this situation we cannot return zero bytes, as that signals EOF. Rather we need to return TLS13_IO_WANT_POLLIN so tell the caller to call us again, at which point we'll pull up the next record. ok tb@
* Wire up the servername callback in the TLSv1.3 server.jsing2020-05-293-3/+45
| | | | | | | | This makes SNI work correctly with TLSv1.3. Found the hard way by danj@, gonzalo@ and others. ok beck@ inoguchi@ tb@
* Mop up servername_done, which is unused.jsing2020-05-293-14/+3
| | | | ok beck@ inoguchi@ tb@
* Add checks for SH downgrade sentinel and HRR hash in appstest.shinoguchi2020-05-291-1/+27
|
* more tests after getopt_long.c rev. 1.32;schwarze2020-05-271-10/+43
| | | | OK martijn@
* This patch fixes one bug and one instance of undesirable behaviour.schwarze2020-05-271-9/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The bug, present since 4.4BSD, was that a trailing dash in an option group, when the dash is not permitted as an option letter, resulted in the whole option group being returned as an argument, even though the previous option in the group was already parsed as an option: OPTS=abc ./getopt-test -a- -c arg ===>> OPT(a)ARG(-a-)ARG(-c)ARG(arg). Instead, treat the dash as an invalid option and continue parsing options: ===>> OPT(a)ERR(?-)OPT(c)ARG(arg). The undesirable behaviour was that allowing the dash as an option letter only allowed isolated dashes ("-") and trailing dashes in groups ("-a-"), but neither middle dashes in groups ("-a-b"), even though that already partially worked in 4.4BSD, nor leading dashes in groups ("--a"), even though that works on all other BSDs and on glibc. Also, while POSIX does not require that the dash can be used as an option letter at all, arguably, it encourages that letters either be fully supported or not supported at all. It is dubious whether supporting an option letter in some positions but not in others can be considered conforming. This patch makes OpenBSD behaviour identical to FreeBSD and NetBSD, improves compatibility with glibc (except that glibc does not support isolated "-"), improves compatibility with DragonFly (except that DragonFly is buggy when the dash option letter can take an optional argument but that argument is not present), improves compatibility with Illumos and Solaris 11 (except those do not support "-" and mishandle "--a"), and restores 4.4BSD behaviour for "-a-b". In no respect i'm aware of is compatibility with any other systems reduced. For the full rationale, see my mail to tech@ on 30 Mar 2020 14:26:41 +0200. Part of the problem was originally reported by an anonymous coward on tech@ on 12 Mar 2020 03:40:24 +0200, additional analysis was contributed by martijn@, and then the OP sent the final version of the patch i'm now committing on 17 Mar 2020 19:17:56 +0200. No licensing problem here because after the commit, the file does not contain a single word written by the OP. Also, the OP told me in private mail that he intends to publish the patch under the ISC license already contained in the file and that he wishes to be known by the pseudonym "0xef967c36". OK martijn@, and no objection when shown on tech@, but commit delayed to stay clear of the release.
* document PKCS7_dataFinal(3);schwarze2020-05-273-3/+162
| | | | tweak and OK tb@
* minor cleanup ahead of the following work:schwarze2020-05-261-12/+14
| | | | | remove references to the SSL protocol which is no longer supported and use .Xr rather than .Fn for functions documented elsewhere
* Add additional length checks for TLSv1.3 plaintext and inner plaintext.jsing2020-05-261-1/+6
| | | | Reminded by and ok beck@
* Previous commit caught a few errx() cases by accident. undo them.tb2020-05-241-25/+25
|
* Fix some stylistic nits from jsing.tb2020-05-241-8/+11
| | | | ok jsing
* Clear SSL_MODE_AUTO_RETRY in libtls, since we handle WANT_POLLIN correctly.jsing2020-05-241-1/+3
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-26 05:41:22 +0000