summaryrefslogtreecommitdiff
path: root/src/lib/libtls/tls.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Remove the ability to do tls 1.0 and 1.1 from libtls.beck2023-07-021-7/+3
| | | | | | | | With this change any requests from configurations to request versions of tls before tls 1.2 will use tls 1.2. This prepares us to deprecate tls 1.0 and tls 1.1 support from libssl. ok tb@
* libtls: switch ECDSA_METHOD usage to EC_KEY_METHODop2023-06-181-5/+5
| | | | | | | | | | | smtpd and the bits it needs in libtls are the only consumer left of ECDSA_METHOD, which is long deprecated. This paves the way for the removal in libcrypto. The diff is from gilles' work on OpenSMTPD-portable, libretls had a similar diff. ok tb@, jsing@
* Forcibly update the EVP_PKEY's internal keyop2023-05-251-13/+25
| | | | | | | | | | | | | | | | | | | | | | | | To aid privilege separation, libtls maintains application-specific data on the key inside the EVP_PKEY abstraction because the EVP API doesn't provide a way to do that on the EVP_PKEY itself. OpenSSL 3 changed behavior of EVP_PKEY_get1_RSA() and related functions. These now return a struct from some cache. Thus, modifying the RSA will no longer modify the EVP_PKEY like it did previously, which was clearly implied to be the case in the older documentation. This is a subtle breaking change that affects several applications. While this is documented, no real solution is provided. The transition plan from one OpenSSL major version to the next one tends to involve many #ifdef in the ecosystem, and the only suggestion provided by the new documentation is to switch to a completely unrelated, new API. Instead, forcibly reset the internal key on EVP_PKEY after modification, this way the change is picked up also by OpenSSL 3. Fixes issue 1171 in OpenSMTPD-portable ok tb@, jsing@
* add missing #include <string.h>; ok tb@op2023-05-141-1/+2
|
* Plug a long standing leak in libtls CRL handlingtb2022-02-081-2/+1
| | | | | | | | | X509_STORE_add_crl() does not take ownership of the CRL, it bumps its refcount. So nulling out the CRL from the stack will leak it. Issue reported by KS Sreeram, thanks! ok jsing
* Introduce a signer interface intented to make TLS privsep simplereric2022-01-251-1/+19
| | | | | | | | | | | | | | | | to implement. Add a tls_config_set_sign_cb() function that allows to register a callback for the signing operation on a tls_config. When used, the context installs fake pivate keys internally, and the callback receives the hash of the public key. Add a tls_signer_*() set of functions to manage tls_signer objects. A tls_signer is an opaque structure on which keys are added. It is used to compute signatures with private keys identified by their associated public key hash. Discussed with and ok jsing@ tb@
* Switch from X509_VERIFY_PARAM_set_flags() to X509_STORE_set_flags().tb2021-10-211-2/+2
| | | | | | This reduces the number of reacharounds into libcrypto internals. ok jsing
* Use *printf %d instead of %itb2021-10-211-2/+2
| | | | ok jsing
* Use SSL_CTX_get0_param() rather than reaching into the SSL_CTX.jsing2021-10-021-2/+2
|
* Use "EC/RSA key setup failure" to align error with otherstb2021-02-011-3/+3
| | | | ok eric jsing
* Move private key setup to a helper function with proper erroreric2021-01-261-10/+47
| | | | | | | checking. Only install the hash on the key if fake key is used, and do it for EC keys too. ok tb@ jsing@
* return -1 on error for consistencyeric2021-01-211-2/+2
| | | | ok tb@
* Allow setting a keypair on a tls context without specifying the privateeric2021-01-211-22/+62
| | | | | | | | key, and fake it internally with the certificate public key instead. It makes it easier for privsep engines like relayd that don't have to use bogus keys anymore. ok beck@ tb@ jsing@
* Clear SSL_MODE_AUTO_RETRY in libtls, since we handle WANT_POLLIN correctly.jsing2020-05-241-1/+3
|
* Add support for TLSv1.3 as a protocol to libtls.jsing2020-01-201-1/+4
| | | | | | | This makes tls_config_parse_protocols() recognise and handle "tlsv1.3". If TLSv1.3 is enabled libtls will also request libssl to enable it. ok beck@ tb@
* Add a mutex to guard reference counting for tls_config.jsing2019-04-011-1/+3
| | | | | | | | This makes libtls more friendly for multithreaded use - otherwise we can end up with incorrect refcounts and end up freeing when we should not be (or not freeing when we should be). ok beck@
* expose the default cert file as a function, not a define. it's reallytedu2018-11-291-2/+2
| | | | | | an internal detail of the library, so the string should live inside it, not in the application code. ok jsing
* Define TLS_CA_CERT_FILE rather than having every application create theirjsing2018-11-061-2/+2
| | | | | | own define for /etc/ssl/cert.pem. ok beck@ bluhm@ tb@
* Switch to OPENSSL_init_ssl() and prevent an openssl configuration file fromjsing2018-04-071-3/+2
| | | | | | being loaded behind our back, at a later point. ok beck@
* Automatically handle library initialisation for libtls.jsing2018-03-191-3/+2
| | | | | | | | | Now that we have tls_init() under pthread_once(), automatically initialise libtls from the entry point functions (tls_config(), tls_client() and tls_server()) - this makes an explicit tls_init() call no longer a requirement. ok bcook@ beck@ inoguchi@
* un-revert tls_init pthread_once change, now that stub is added so that ↵beck2018-03-081-12/+20
| | | | builds work
* backout. diff was not tested comprehensively, resulting in a broken tree.deraadt2018-03-071-20/+12
|
* Make tls_init() concurrently callable using pthread_once().beck2018-03-071-12/+20
| | | | | | | | | | | ok jsing@ This brings pthread_once usage into libressl, which will need to get dealt with correctly in portable. This sets us up to autoinit libtls, and we will also be using pthread_once to deal with autoinit stuff in libssl and libcrypto
* Move the keypair pubkey hash handling code to during config.jsing2018-02-101-4/+29
| | | | | | | | | | | | | | The keypair pubkey hash was being generated and set in the keypair when the TLS context was being configured. This code should not be messing around with the keypair contents, since it is part of the config (and not the context). Instead, generate the pubkey hash and store it in the keypair when the certificate is configured. This means that we are guaranteed to have the pubkey hash and as a side benefit, we identify bad certificate content when it is provided, instead of during the context configuration. ok beck@
* Have tls_keypair_pubkey_hash() call tls_keypair_load_cert() instead ofjsing2018-02-081-2/+3
| | | | | rolling its own certificate loading. This also means we get better error reporting on failure.
* Move tls_keypair_pubkey_hash() to the keypair file.jsing2018-02-081-41/+1
|
* Avoid a memory leak that results when the same tls_config is reused.jsing2018-02-081-1/+4
| | | | Reported by and fix from Nate Bessette <openbsd at nate dot sh> - thanks.
* Keep track of which keypair is in use by a TLS context.jsing2017-09-201-1/+4
| | | | | | | | | | This fixes a bug where by a TLS server with SNI would always only return the OCSP staple for the default keypair, rather than returning the OCSP staple associated with the keypair that was selected via SNI. Issue reported by William Graeber and confirmed by Andreas Bartelt. Fix tested by William Graeber and Andreas Bartelt - thanks!
* Fix unchecked return nitbeck2017-08-281-2/+5
| | | | ok bcook@ jsing@
* Don't use tls_cert_hash for the hashing used by the engine offloading magicclaudio2017-08-091-7/+20
| | | | | | | | for the TLS privsep code. Instead use X509_pubkey_digest() because only the key should be used as identifier. Relayd is rewriting certificates and then the hash would change. Rename the hash is struct tls_keypair to pubkey_hash to make clear what this hash is about. With input and OK jsing@
* Add support for providing CRLs to libtls - once a CRL is provided wejsing2017-07-061-1/+41
| | | | | | | | enable CRL checking for the full certificate chain. Based on a diff from Jack Burton <jack at saosce dot com dot au>, thanks! Discussed with beck@
* Use the tls_password_cb() callback with all PEM_read_bio_*() calls, so thatjsing2017-06-221-6/+6
| | | | | | | we can prevent libcrypto from going behind our back and trying to read passwords from standard input (which we may not be permitted to do). Found by jsg@ with httpd and password protected keys.
* Fix incorrect indentation.jsing2017-06-221-2/+2
|
* Plug a memory leak in tls_keypair_cert_hash(), introduced in r1.60.jsing2017-06-221-1/+3
|
* Remove dead code that has remained hiding since ressl.c r1.14!jsing2017-06-221-4/+1
|
* Return an error if tls_handshake() is called on a TLS context that hasjsing2017-05-071-1/+6
| | | | already completed a TLS handshake.
* Perform reference counting for tls_config. This allows tls_config_free() tojsing2017-05-061-3/+10
| | | | | | | | | be called as soon as it has been passed to the final tls_configure() call, simplifying lifetime tracking for the application. Requested some time ago by tedu@. ok beck@
* Add tls_peer_cert_chain_pem - To retreive the peer certificate and chainbeck2017-04-051-1/+4
| | | | | | | as PEM format. This allows for it to be used or examined with tools external to libtls bump minor ok jsing@
* Internal changes to allow for relayd engine privsep. sends the hash of thebeck2017-04-051-2/+65
| | | | | | public key as an identifier to RSA, and adds an function for relayd to use to disable private key checking when doing engine privsep. ok jsing@
* Use a flag to track when we need to call SSL_shutdown(). This avoids anjsing2017-01-261-2/+3
| | | | | | | | | issue where by calling tls_close() on a TLS context that has not attempted a handshake, results in an unexpected failure. Reported by Vinay Sajip. ok beck@
* Disable session cache and tickets by default.claudio2017-01-221-1/+5
| | | | OK beck@ jsing@
* whitespacederaadt2017-01-131-3/+3
|
* If certificate verification has been disabled, do not attempt to load ajsing2017-01-031-5/+9
| | | | | | | CA chain or specify CA paths. This prevents attempts to access the file system, which may fail due to pledge. ok bluhm@
* Revert previous - the original code was correct since X509_verify_cert()jsing2017-01-031-5/+5
| | | | | | | | | | | should not have changed the X509_STORE_CTX error value on success and it was initialised to X509_V_OK by X509_STORE_CTX_init(). Other software also depends on this behaviour. Previously X509_verify_cert() was mishandling the X509_STORE_CTX error value when validating alternate chains. This has been fixed and further changes now explicitly ensure that the error value will be set to X509_V_OK if X509_verify_cert() returns success.
* fix cert verify. a cert with an alt chain may verify but leave an errortedu2017-01-021-5/+5
| | | | | | in the context. don't look for errors in case of success. fixes spurious verify errors. guilty change tracked and fix tested by sthen
* Hook up a certificate verify callback so that we can set user friendlyjsing2016-12-261-4/+29
| | | | | | | | | | | | | | | | | | error messages, instead of libssl error strings. This gives us messages like: certificate verification failed: certificate has expired Instead of: 14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed This also lets us always enable peer verification since the no verification case is now handled via the callback. Tested by tedu@ ok beck@
* rename ocsp_ctx to ocspbeck2016-11-051-6/+6
| | | | ok jsing@
* Only set an error from libssl related code, if an error has not alreadyjsing2016-11-031-6/+41
| | | | | | | | been set by libtls code. This avoids the situation where a libtls callback has set an error, only to have it replaced by a less useful libssl based error. ok beck@
* Add OCSP client side support to libtls.beck2016-11-021-1/+6
| | | | | | | | | | | | | - Provide access to certificate OCSP URL - Provide ability to check a raw OCSP reply against an established TLS ctx - Check and validate OCSP stapling info in the TLS handshake if a stapled OCSP response is provided.` Add example code to show OCSP URL and stapled info into netcat. ok jsing@
* Add callback-based interface to libtls.bcook2016-09-041-1/+5
| | | | | | | This allows working with buffers and callback functions instead of directly on sockets or file descriptors. Original patch from Tobias Pape <tobias_at_netshed.de>. ok beck@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-19 22:55:31 +0000