summaryrefslogtreecommitdiff
path: root/src/lib/libtls (follow)
Commit message (Collapse)AuthorAgeFilesLines
* minor libssl bump (SSL_OP_NO_RENEGOTIATION/SSL_OP_ALLOW_CLIENT_RENEGOTIATION)HEADmastersthen3 days1-1/+1
| | | | | | | | | code #ifdef'ing these and compiled with new headers won't work as expected on earlier libraries minor libtls bump to match libssl bump ok tb@
* Give libtls the same bump as libcrypto and libssltb6 days1-2/+2
|
* Document tls_peer_cert_common_name()tb2024-12-101-2/+13
| | | | ok beck
* bump minor after symbol additiontb2024-12-101-1/+1
|
* expose tls_peer_cert_common_name()tb2024-12-101-0/+1
|
* Provide tls_peer_cert_common_name()tb2024-12-105-24/+105
| | | | | | | | | | | | | | | | There is currently no sane way of getting your hands on the common name or subject alternative name of the peer certificate from libtls. It is possible to extract it from the peer cert's PEM by hand, but that way lies madness. While the common name is close to being deprecated in the webpki, it is still the de facto standard to identify client certs. It would be nice to have a way to access the subject alternative names as well, but this is a lot more difficult to expose in a clean and sane C interface due to its multivaluedness. Initial diff from henning, with input from beck, jsing and myself henning and bluhm have plans of using this in syslogd. ok beck
* The subject of a certificate is not optionaltb2024-11-121-2/+2
| | | | | | | | | | | | A certificate must have a subject, so X509_get_subject_name() cannot return NULL on a correctly parsed certificate, even if the subject is empty (which is allowed). So if X509_get_subject_name() returns NULL, error instead of silently ignoring it in tls_check_common_name(). This is currently no issue. Where it matters, the match against the common name will fail later, so we fail closed anyway. ok jsing
* major bump for libcrypto libssl and libtlstb2024-08-311-2/+2
|
* Give libtls the same bump as libssltb2024-08-121-1/+1
|
* libtls: fix legacy protocol parsingtb2024-08-022-6/+6
| | | | | | | | | | | | | | | | | | | | Redefining TLS_PROTOCOL_TLSv1_0 and TLS_PROTOCOL_TLSv1_1 to be the same as TLS_PROTOCOL_TLSv1_2 had undesired side effects, as witnessed in the accompanying regress tests. The protocol string all:tlsv1.0 would disable TLSv1.2 (so only enable TLSv1.3) and tlsv1.2:!tlsv1.1 would disable all protocols. It makes more sense to ignore any setting of TLSv1.0 and TLSv1.1, so if you request 'tlsv1.1' you get no protocol, but 'all:!tlsv1.1' will enable the two supported protocols TLSv1.3 and TLSv1.2. Restore the defines to their original values and adjust the parsing code to set/unset them. Issue reported by Kenjiro Nakayama Fixes https://github.com/libressl/openbsd/issues/151 with/ok jsing
* sync includes in tls_signer.cop2024-06-111-3/+12
| | | | | | | | | | | | | | | | | | pthread -> mutex stdint -> uint8_t stdio.h -> asprintf stdlib.h -> calloc string.h -> memcpy ecdsa -> ECDSA_METHOD leftover, remove ec -> EC_KEY evp -> EVP_PKEY pem -> PEM_read_bio_X509 x509 -> X509 90% of the diff is from tb@, I only spotted the missing string.h :) ok tb@
* crank libtls like libcrypto and libssltb2024-04-151-1/+1
|
* Remove spaces before tabstb2024-04-081-2/+2
|
* Use TLS_ERROR_INVALID_ARGUMENT for "too large" and "too small" errorsjoshua2024-03-282-8/+9
| | | | ok beck tb
* Use TLS_ERROR_OUT_OF_MEMORY error code for calloc errors in libtlsjoshua2024-03-281-6/+7
| | | | ok jsing
* Add TLS_ERROR_INVALID_ARGUMENT error code to libtlsjoshua2024-03-273-12/+15
| | | | | | | This is an initial pass, defining the error code and using it for "too long"/length-related errors. ok beck jsing
* Add TLS_ERROR_INVALID_CONTEXT error code to libtlsjoshua2024-03-264-11/+16
| | | | ok jsing@ beck@
* Fix previous commit.jsing2024-03-261-2/+2
|
* Add error code support to libtlsjoshua2024-03-2612-225/+363
| | | | | | | | | This adds tls_config_error_code() and tls_error_code(), which will become public API at a later date. Additional error codes will be added in follow-up commits. ok jsing@ beck@
* Use errno_value instead of num for readabilityjoshua2024-03-261-7/+7
| | | | ok jsing@
* Use errno_value instead of num for readabilityjoshua2024-03-262-12/+12
| | | | ok beck@ jsing@
* Convert libressl to use the BoringSSL style time conversionsbeck2024-03-242-9/+22
| | | | | | | | This gets rid of our last uses of timegm and gmtime in the library and things that ship with it. It includes a bit of refactoring in ocsp_cl.c to remove some obvious ugly. ok tb@
* crank libtls majortb2024-03-021-1/+1
| | | | same bump as libcrypto and libssl
* typo: mutiple -> multipleop2023-11-221-2/+2
| | | | from Ryan Kavanagh (rak [at] debian [dot] org), ok tb@
* Remove last caller of ASN1_time_parse(3) in libtlstb2023-11-131-3/+4
| | | | | | | | This one is slightly annoying since ASN1_TIME_to_tm(3) doesn't provide a direct check for a GeneralizedTime, so call ASN1_GENERALIZEDTIME_check() as well. This means LibreSSL parses the time twice. Shrug. ok beck
* Remove ASN1_time_parse() dependency in tls_conninfo.ctb2023-11-131-3/+3
| | | | | | | | | | During r2k22 ported some of the missing OpenSSL ASN.1 time API. This is a step towards removing the dependency of libtls on ASN1_time_parse(). The latter grew a dependency on CBS/CBB, and thus the choice is to pull in all this code or to use a no longer maintained version of the API. Both options are unappealing. ok beck
* remove tls_reset(3) from the NAME, SYNOPSIS, and HISTORY sectionsschwarze2023-09-181-10/+5
| | | | because it is documented in the separate tls_client(3) manual page
* bump libcrypto, libssl, libtls majorstb2023-07-281-1/+1
|
* Remove the ability to do tls 1.0 and 1.1 from libtls.beck2023-07-024-24/+18
| | | | | | | | With this change any requests from configurations to request versions of tls before tls 1.2 will use tls 1.2. This prepares us to deprecate tls 1.0 and tls 1.1 support from libssl. ok tb@
* Zap stray spacetb2023-06-271-2/+2
|
* Turns out EC_KEY_METHOD_new() has dup built in...tb2023-06-181-21/+3
| | | | | | | ... because RSA_meth_new() doesn't. So we can fortunately lose a few lines added in the previous commit. Three cheers for the masters of inconsistency. ok jsing
* tls_signer: reinstate the default EC_KEY methodstb2023-06-181-2/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, we would set the ECDSA_METHOD on the EC_KEY, which, by way of lovely indirection in our three crypto/ec* directories ended up having no effect on the default methods. Now that we set a new EC_KEY_METHOD, we need to make sure we still have the other handlers that we might need. Like so many things that were made opaque in the 1.1 re"design", the accessors were written without actual application code in mind. In particular, EC_KEY_METHOD lacks a dup(). This means we get to fetch the default methods with getters and then set them again on the new method. This is particularly awesome because once someone adds a new method to the opaque struct, all applications will have to adapt and do a get/set dance. So far this is very reminiscent of PostgreSQL with BIO_meth_* https://github.com/postgres/postgres/blob/a14e75eb0b6a73821e0d66c0d407372ec8376105/src/interfaces/libpq/fe-secure-openssl.c#L1921-L1928 Only it's worse here because someone wanted to be smart and save a few public functions, so we have to use getters that get several functions at once. Which in turn means we need to have function pointers with the precise signatures which are part of the struct that was made opaque. We will add a EC_KEY_METHOD_dup() in the next bump, but for now this is the best fix we can have. Whenever you think you've seen the worst turds in this code base, you find another one that could serve as an exemplar. ok jsing op
* Switch tls_ecdsa_do_sign() to EC_KEY_get_ex_data()tb2023-06-181-3/+3
| | | | | | | Since libtls now sets the ex_data with EC_KEY_set_ex_data(), the do_sign() callback needs to have a matching change. ok jsing op
* libtls: switch ECDSA_METHOD usage to EC_KEY_METHODop2023-06-183-17/+12
| | | | | | | | | | | smtpd and the bits it needs in libtls are the only consumer left of ECDSA_METHOD, which is long deprecated. This paves the way for the removal in libcrypto. The diff is from gilles' work on OpenSMTPD-portable, libretls had a similar diff. ok tb@, jsing@
* Rework tls_check_subject_altname() error handlingtb2023-06-011-12/+13
| | | | | | | Default to having rv = -1 and explicitly goto done to set rv = 0. This matches other code better. ok jsing
* Check for X509_get_ext_d2i() failuretb2023-06-011-4/+10
| | | | | | | | | | X509_get_ext_d2i() (or rather X509V3_get_d2i()) can return NULL for various reasons. If it fails because the extension wasn't found, it sets *crit = -1. In any other case, e.g., the cert is bad or we ran out of memory in X509V3_EXT_d2i(), crit is set to something else, so we should actually error. ok jsing
* Correctly catch all return values from X509_NAME_get_index_by_NIDbeck2023-05-291-6/+11
| | | | | | And some comment requests, from jsing@ ok jsing@
* correct comment, spotted by tb@beck2023-05-281-4/+4
|
* Refactor tls_check_common_name to use lower level API.beck2023-05-281-12/+47
| | | | | | | | | | | | | | | | | | | | X509_NAME_get_text_by_NID is kind of a bad interface that we wish to make safer, and does not give us the visibility we really want here to detect hostile things. Instead call the lower level functions to do some better checking that should be done by X509_NAME_get_text_by_NID, but is not in the OpenSSL version. Specifically we will treat the input as hostile and fail if: 1) The certificate contains more than one CN in the subject. 2) The CN does not decode as UTF-8 3) The CN is of invalid length (must be between 1 and 64 bytes) 4) The CN contains a 0 byte 4) matches the existing logic, 1 and 2, and 3 are new checks. ok tb@
* Forcibly update the EVP_PKEY's internal keyop2023-05-251-13/+25
| | | | | | | | | | | | | | | | | | | | | | | | To aid privilege separation, libtls maintains application-specific data on the key inside the EVP_PKEY abstraction because the EVP API doesn't provide a way to do that on the EVP_PKEY itself. OpenSSL 3 changed behavior of EVP_PKEY_get1_RSA() and related functions. These now return a struct from some cache. Thus, modifying the RSA will no longer modify the EVP_PKEY like it did previously, which was clearly implied to be the case in the older documentation. This is a subtle breaking change that affects several applications. While this is documented, no real solution is provided. The transition plan from one OpenSSL major version to the next one tends to involve many #ifdef in the ecosystem, and the only suggestion provided by the new documentation is to switch to a completely unrelated, new API. Instead, forcibly reset the internal key on EVP_PKEY after modification, this way the change is picked up also by OpenSSL 3. Fixes issue 1171 in OpenSMTPD-portable ok tb@, jsing@
* add missing #include <string.h>; ok tb@op2023-05-148-8/+18
|
* tls_verify.c: give up on variable alignment in this filetb2023-05-111-6/+6
| | | | | | The previous commit resulted in misalignment, which impacts my OCD worse than no alignment at all. Alignment wasn't consistently done in this file anyway. op tells me it won't affect current efforts in reducing the diff.
* switch two ASN1_STRING_data() to ASN1_STRING_get0_data()op2023-05-101-5/+5
| | | | | | | | | and while here mark as const data. This diff is actually from gilles@, in OpenSMTPD-portable bundled libtls. ok tb@, jsing@
* Use -Wshadow with clangtb2023-05-051-2/+2
| | | | ok jsing (a very long time ago)
* Fix error handling in tls_check_common_name()tb2023-05-051-6/+10
| | | | | | | | A calloc failure should be a fatal error, so make it return -1. Also switch the default rv to -1 and distinguish error cases with acceptable situations with goto err/goto done. ok jsing
* Bump majors after symbol addition and removaltb2023-04-251-2/+2
|
* Drop X9.31 support from libtlstb2023-04-092-7/+2
| | | | | | | | | The TLS signer isn't exposed in public API (we should finally fix it...) and it supports X9.31, a standard that has been retired and deprecated for a very long time. libcrypto will stop supporting it soon, this step is needed to prepare userland. ok jsing
* Crankl libcrypto/libssl/libtls minors after symbol additiontb2023-03-101-1/+1
|
* Bump libtls minor to match libcrypto and libssltb2022-11-131-1/+1
|
* bump major after libcrypto and libssl major bumptb2022-09-111-2/+2
|