| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
to implement.
Add a tls_config_set_sign_cb() function that allows to register
a callback for the signing operation on a tls_config. When used,
the context installs fake pivate keys internally, and the callback
receives the hash of the public key.
Add a tls_signer_*() set of functions to manage tls_signer objects.
A tls_signer is an opaque structure on which keys are added.
It is used to compute signatures with private keys identified by
their associated public key hash.
Discussed with and ok jsing@ tb@
|
| |
|
|
|
|
| |
to match reality.
spotted by/ok jmc
|
| |
|
|
| |
spotted by/ok jmc
|
| |
|
|
|
|
|
|
|
|
|
| |
If tls13_recod_layer_send_pending() returns TLS13_IO_EOF, we will
bubble this up to the caller via tls13_legacy_return_code(), which
translates TLS13_IO_EOF to 0. This can happen if we have pending
post handshake-handshake data and the peer closes the pipe.
Presumably tls13_legacy_shutdown() should be rewritten yet again.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the peer closed the write side of the connection and we have not
yet received the close_notify, SSL_shutdown() makes an extra read to
try and read the peer's close_notify from the pipe. In that situation,
we receive EOF. The legacy stack will return -1 while the TLSv1.3
stack will end up returning 0.
Since the documentation is not super explicit about what should be
done if SSL_shutdown() returns 0, some applications will enter an
infinite loop. The code and documentation indicate that SSL_shutdown()
should only be called once more if it returned 0. Newer versions
of the OpenSSL documentation explicitly say that one should call
SSL_read() if SSL_shutdown() returns 0 in order to retrieve the
close_notify. Doing this would also have avoided this infinite loop.
Reported by Carsten Arzig and bluhm with a test case extracted from the
syslogd tests using IO::Socket::SSL, which has such an infinite loop.
ok bluhm jsing
|
| |
|
|
| |
to claudio
|
| |
|
|
|
|
|
| |
ret is used to bubble up an error from ssl3_get_message() and is unused
otherwise. Zap dead store and silly ret = 1; return ret;
ok inoguchi jsing
|
| |
|
|
|
|
|
| |
'goto fatal_err' so that the illegal_parameter alert is
actually sent in case of X509_get0_pubkey() failure.
ok inoguchi jsing
|
| |
|
|
|
|
|
|
|
| |
If the hostname is too long, tlsext_sni_is_valid_hostname() will fail
without having initialized *is_ip. As a result, the garbage value could
lead to accepting (but otherwise ignoring) overlong and possibly invalid
hostnames without erroring in tlsext_sni_server_parse().
ok inoguchi jsing
|
| |
|
|
|
|
| |
convert to usual form of error checking.
ok inoguchi jsing
|
| |
|
|
|
|
| |
CID 251047 251094
OK beck@ jsing@ millert@ tb@
|
| |
|
|
|
|
| |
CID 250936 251103
OK beck@ jsing@ millert@ tb@
|
| |
|
|
|
|
| |
CID 345116
ok beck@ tb@
|
| |
|
|
|
|
|
|
| |
CID 25131
ok beck@ tb@
suggest using X509_REQ_get0_pubkey() and remove the EVP_PKEY_free() from tb@
|
| |
|
|
|
|
| |
ok beck@ tb@
suggest using X509_get0_pubkey() and remove EVP_PKEY_free() from tb@
|
| |
|
|
| |
ok beck@ tb@
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
... including those inlined into print_dname(). This also fixes
-Wunused-but-set-variable warnings warnings in smtpd and smtpctl.
The code was imported with asr and then copied around.
ok deraadt@ guenther@
|
| |
|
|
| |
suggestion from tb@
|
| |
|
|
|
|
| |
CID 21653
ok jsing@ millert@ tb@
|
| |
|
|
| |
input from tb@
|
| |
|
|
|
|
| |
CID 24893
ok jsing@ millert@ tb@
|
| |
|
|
| |
ok jsing@ millert@ tb@
|
| |
|
|
|
|
| |
CID 24839
ok jsing@ millert@ tb@
|
| |
|
|
|
|
| |
CID 24778
ok jsing@ millert@ tb@
|
| |
|
|
|
|
| |
CID 24812
ok jsing@ millert@ tb@
|
| |
|
|
|
|
| |
It returns 1 on success and 0 for failure, never negative value.
ok jsing@ millert@ tb@
|
| |
|
|
| |
ok jsing@ millert@ tb@
|
| |
|
|
|
|
|
| |
CID 21665 24835
comment from jsing@ and tb@
ok jsing@ millert@ tb@
|
| |
|
|
|
|
| |
CID 24869
ok jsing@ millert@ tb@
|
| |
|
|
|
|
|
|
|
|
|
| |
freeing of what they return despite being get0 functions: the stack
of X509s that they return must be freed with sk_X509_free(). The get0
thus probably refers to the individual certs, but not to the stack
itself.
The libcrypto and libssl APIs never cease to amaze with new traps.
ok inoguchi
|
| |
|
|
|
|
| |
CID 345137
ok jsing@ tb@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
EVP_EncryptInit_ex, EVP_DecryptInit_ex and HMAC_Init_ex are possible to
fail and return error.
Error from these functions will be fatal for the callback, and I choose to
return -1.
SSL_CTX_set_tlsext_ticket_key_cb.3 explains the return value of callback.
This also could fix Coverity CID 345319.
ok jsing@ tb@
|
| |
|
|
|
|
| |
CID 345316
ok tb@
|
| |
|
|
|
|
| |
CID 345314 345320
ok tb@
|
| |
|
|
| |
ok tb@
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
This function has a weird dance of allocating an ASN1_STRING in an
inner scope and assigning it to a void pointer in an outer scope for
passing it to X509_PUBKEY_set0_param() and ASN1_STRING_free() on error.
This can be simplified and streamlined.
ok inoguchi
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
asn1_par.c r1.29 changed to access p[0] directly, and this pointer could be
overrun since ASN1_get_object advances pointer to the first content octet.
In case invalid ASN1 Boolean data, it has length but no content, I thought
this could be happen.
Adding check p with tot (diff below) will avoid this failure.
Reported by oss-fuzz 43633 and 43648(later)
ok tb@
|
| | |
|
| |
|
|
| |
after the bump
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ok inoguchi jsing
|
