| Commit message (Collapse) | Author | Files | Lines |
|---|
|
tb@ agrees that it should not be part of the public API
|
|
tweaks and OK tb@
|
|
ok tb
|
|
|
|
|
|
|
|
how our tree gets built. If this was done in all the libraries (imagine
sys/dev), it would disrupt the development process hugely. So it should
not be done here either. use 'make includes' by hand instead.
|
|
section 4.1.2 to ensure subsequent ClientHello messages after a
HelloRetryRequest messages must be unchanged from the initial
ClientHello.
ok tb@ jsing@
|
|
This is necessary because ctx->cipher_data is an EVP_AES_WRAP_CTX
containing a pointer to ctx->iv. EVP_CIPHER_CTX_copy() uses memcpy
to copy cipher_data to the target struct. The result is that the
copy contains a pointer to the wrong struct, which then leads to a
use-after-free. The custom copy handler fixes things up to avoid
that.
Issue reported by Guido Vranken
ok beck inoguchi jsing
|
|
IANA has allocated numbers for GOST ClientCertificateType. Use them in
addition to private values (left in place for compatibility).
Diff from Dmitry Baryshkov <dbaryshkov@gmail.com>
Sponsored by ROSA Linux
ok inoguchi@ tb@
|
|
GOST R 34.10-94 is an obsolete certificate type, unsupported by
LibreSSL and by the rest of current software, so there is no point in
sending in the CertificateTypes.
Diff from Dmitry Baryshkov <dbaryshkov@gmail.com>
Sponsored by ROSA Linux
ok inoguchi@ tb@
|
|
Add missing case entry for SSL_PKEY_GOST01.
Diff from Dmitry Baryshkov <dbaryshkov@gmail.com>
Sponsored by ROSA Linux
ok inoguchi@ tb@
|
|
GOST cipher suites requires that CertVerify signatures be generated in a
special way (see ssl3_send_client_kex_gost(), ssl3_get_cert_verify()).
However, the GOST_SIG_FORMAT_RS_LE flag was not passed in case of TLS 1.2
connections (because they use different code path). Set this flag on
GOST PKEYs.
Diff from Dmitry Baryshkov <dbaryshkov@gmail.com>
Sponsored by ROSA Linux
ok inoguchi@ tb@
|
|
Diff from Dmitry Baryshkov <dbaryshkov@gmail.com>
Sponsored by ROSA Linux
ok inoguchi@ tb@
|
|
Diff from Dmitry Baryshkov <dbaryshkov@gmail.com>
Sponsored by ROSA Linux
ok inoguchi@ tb@
|
|
Diff from Dmitry Baryshkov <dbaryshkov@gmail.com>
Sponsored by ROSA Linux.
ok inoguchi@ tb@
|
|
These GOST curves are defined in RFC 7836 and draft-deremin-rfc4491-bis.
Add aliases for 256-bit GOST curves (see
draft-smyshlyaev-tls12-gost-suites) and rename the 512-bit curve ids to
follow names defined in tc26 OID registry.
Diff from Dmitry Baryshkov <dbaryshkov@gmail.com>
Sponsored by ROSA Linux.
ok inoguchi@
|
|
A number of years ago we dropped the concept of having function names in
errors, since it is not that useful and very quickly gets out of sync when
refactoring. It would seem that some new ones got imported and some missed
the last clean up.
ok tb@ beck@ "kill it with fire"
|
|
|
|
|
|
failure rather than silently constructing a broken X509_ATTRIBUTE object
that might cause NULL pointer accesses later on. This matters because
X509_ATTRIBUTE_create() is used by documented API functions like
PKCS7_add_attribute(3) and the NID comes straight from the user.
This fixes a bug found while working on documentation.
OK tb@ and "thanks" bluhm@
|
|
* below SEE ALSO, point to the most similar function that is not deprecated
* add a comment saying why ERR_load_ERR_strings() is intentionally undocumented
* update the comment specifying the merge status
|
|
tls13_client_select_certificate().
ok inoguchi
|
|
This allows clients to use EC certificates.
ok inoguchi, jsing
|
|
tb@ OKed this part of a larger diff from inoguchi@
|
|
This avoids the need to grep across directories to find functions and
prepares for further rototilling and chainsawing.
Discussed with tb@ (who also tested the release build)
|
|
tweaks and OK tb@
|
|
in passing in some other manual pages.
|
|
xfail for now. Arguably, the expected decode_error is more appropriate
than the decrypt_error that we send at the moment.
|
|
which make no sense as pointed out by gcc on sparc64.
ok jsing
|
|
|
|
own recv function. This simplifies tls13_recod_layer_read_internal()
greatly and makes the phh handling easier to reason about since the
code is no longer glued to the right hand edge of the terminal.
ok jsing
|
|
/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
|
|
three tests that fail due to a BIO_gets() bug.
|
|
|
|
shares. Previously we would fail and just close the pipe.
Fixes the remaining failing test-dhe-rsa-key-exchange-with-bad-messages.py
tests of tlsfuzzer.
ok beck (earlier version) jsing
|
|
the record layer that don't do I/O themselves. Use this mechanism
to send a record overflow alert for messages that have overlong
plaintext or inner plaintext.
Fixes most of the remaining record-layer-limits failures of tlsfuzzer.
ok jsing
|
|
|
|
Replace the only occurrence of ssl_max_server_version() with a call
to ssl_downgrade_max_version() and remove ssl_max_server_version().
ok beck@ tb@
|
|
Currently, when building a certificate chain we look up an issuer and if
it is the only issuer certificate available we still use it even if it has
expired. When X509_V_FLAG_TRUSTED_FIRST is not in use, untrusted
certificates are processed first and if one of these happens to be expired
it will be used to build the chain, even if there is another non-expired
option in the trusted store.
Rework this code so that we first look for a non-expired untrusted
certificate. If one does not exist then we take a look in the trusted
store to see if we would be able to build the chain and only if there is
not, do we then look for an expired untrusted certificate.
This makes certificate validation possible for various sites that are
serving expired AddTrust certificates.
Issue reported by Christian Heimes via GitHub.
ok beck@ tb@
|
|
Previously only the enabled protocol versions were considered, however we
also have to consider the method in use which may be version pinned.
Found the hard way by danj@ with haproxy and force-tlsv12.
ok beck@ inoguchi@ tb@
|
|
Issue reported with initial patch by enh@google.com.
ok deraadt@
|
|
This allows an EC certificate to be selected and used, if the client
sigalgs would allow it.
With feedback from tb@
ok inoguchi@ tb@
|
|
In this situation we cannot return zero bytes, as that signals EOF. Rather
we need to return TLS13_IO_WANT_POLLIN so tell the caller to call us again,
at which point we'll pull up the next record.
ok tb@
|
|
This makes SNI work correctly with TLSv1.3.
Found the hard way by danj@, gonzalo@ and others.
ok beck@ inoguchi@ tb@
|
|
ok beck@ inoguchi@ tb@
|
|
|
|
OK martijn@
|
|
The bug, present since 4.4BSD, was that a trailing dash in an option
group, when the dash is not permitted as an option letter, resulted
in the whole option group being returned as an argument, even though
the previous option in the group was already parsed as an option:
OPTS=abc ./getopt-test -a- -c arg ===>> OPT(a)ARG(-a-)ARG(-c)ARG(arg).
Instead, treat the dash as an invalid option and continue parsing
options: ===>> OPT(a)ERR(?-)OPT(c)ARG(arg).
The undesirable behaviour was that allowing the dash as an option
letter only allowed isolated dashes ("-") and trailing dashes in
groups ("-a-"), but neither middle dashes in groups ("-a-b"), even
though that already partially worked in 4.4BSD, nor leading dashes
in groups ("--a"), even though that works on all other BSDs and on
glibc. Also, while POSIX does not require that the dash can be
used as an option letter at all, arguably, it encourages that letters
either be fully supported or not supported at all. It is dubious
whether supporting an option letter in some positions but not in
others can be considered conforming.
This patch makes OpenBSD behaviour identical to FreeBSD and NetBSD,
improves compatibility with glibc (except that glibc does not support
isolated "-"), improves compatibility with DragonFly (except that
DragonFly is buggy when the dash option letter can take an optional
argument but that argument is not present), improves compatibility
with Illumos and Solaris 11 (except those do not support "-" and
mishandle "--a"), and restores 4.4BSD behaviour for "-a-b". In no
respect i'm aware of is compatibility with any other systems reduced.
For the full rationale, see my mail to tech@
on 30 Mar 2020 14:26:41 +0200.
Part of the problem was originally reported by an anonymous coward
on tech@ on 12 Mar 2020 03:40:24 +0200, additional analysis was
contributed by martijn@, and then the OP sent the final version of
the patch i'm now committing on 17 Mar 2020 19:17:56 +0200.
No licensing problem here because after the commit, the file does
not contain a single word written by the OP. Also, the OP told me
in private mail that he intends to publish the patch under the ISC
license already contained in the file and that he wishes to be known
by the pseudonym "0xef967c36".
OK martijn@, and no objection when shown on tech@,
but commit delayed to stay clear of the release.
|
|
tweak and OK tb@
|
