| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
symbol is exposed api and we probably need to deprecate it thoughtfully.
|
| |
|
|
| |
No functional change.
|
| |
|
|
|
|
|
|
|
|
|
| |
On OSX and Windows platform portable build fails since it can't find
NAME_CONSTRAINTS_check.
It is still remain in x509v3.h and Symbols.list but '#if 0'ed from
x509_ncons.c.
In this situation, some platforms appears to get error.
Add noop NAME_CONSTRAINTS_check stub to solve this issue.
ok beck@
|
| |
|
|
|
|
|
| |
for compatibility with OpenSSL
and for consistency with neighbouring functions;
suggested by jsing@ after i documented the crash;
OK jsing@.
|
| |
|
|
|
|
| |
is already a comment above it in ssl_lib.c in both OpenSSL and LibreSSL:
/* The old interface to get the same thing as SSL_get_ciphers(). */
Suggested by and OK jsing@.
|
| |
|
|
|
|
|
|
|
| |
CBB_add_bytes() calls CBB_add_space(), which now explicitly zeros memory
to avoid information leaks. However CBB_add_bytes() calls memcpy() for the
same memory region, so the memset() is unnecessary. Avoid this by inlining
part of CBB_add_space() rather than calling it directly.
ok beck@ tb@
|
| |
|
|
| |
ok beck@
|
| |
|
|
|
|
|
| |
Rather than duplicating code, have x509_verify_ctx_new_from_xsc() call
x509_verify_ctx_new(), then handle the xsc specific parts.
ok beck@
|
| |
|
|
|
|
| |
context used by an SSL object, so do not talk about the SSL_CTX
that "an SSL object was created from";
fixing an inaccuracy pointed out by jsing@.
|
| |
|
|
|
|
|
|
|
| |
Split the existing tls12_record_layer_write_mac() function so that we can
soon reuse part of it for the read side.
No functional change.
ok tb@
|
| |
|
|
|
|
|
| |
fails, to match the behaviour of ssl_create_cipher_list(). This also
agrees with the behaviour of SSL_set_ciphersuites(3) in OpenSSL.
Issue found while writing documentation.
OK jsing@
|
| |
|
|
| |
This should be a 'goto err' rather than returning.
|
| |
|
|
|
|
|
|
| |
content there. Clarify when the returned pointers become invalid,
which is far from obvious but sets surprising traps for the user.
For three of the functions, correct statements about when they fail.
Also improve a number of wordings while here.
OK beck@
|
| |
|
|
|
|
| |
happy
ok tb@
|
| |
|
|
|
|
| |
verification code.
ok jsing@
|
| |
|
|
|
|
| |
of staying with the new name constraint code this will be deleted
ok jsing@
|
| |
|
|
|
|
|
| |
In particular, figure what the handshake_func should be early on, so we
can just assign later.
ok beck@
|
| |
|
|
|
|
|
| |
Now that get_ssl_method is no longer used, we can garbage collect the
function pointer and some associated machinery.
ok beck@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If we use the default method (now TLSv1.3) and end up talking to a TLSv1.2
server that gives us a session ticket, then try to resume that session,
we end up trying to talk TLS without doing a handshake.
This is caused by the state (S3I(s)->hs.state) getting cleared, which
results in SSL_do_handshake() and others thinking they do not need to do
anything (as SSL_in_init() and SSL_in_before() are not true).
The reason this occurs is due to SSL_set_ssl_method() calling ssl_free()
and ssl_new() when switching methods. The end result is that the S3I(s)
has been freed and reallocated, losing the state in the process.
Since the state is part of the S3I(s) structure, move its initialisation
into ssl3_clear() - this ensures it gets correctly reinitialised across a
SSL_set_ssl_method() call.
Issue noticed by sthen@ with nginx and unifi.
ok beck@ tb@
|
| |
|
|
|
|
|
|
|
|
| |
SSL_set_ssl_method() checks to see if the method is already the same, so
we do not need to do this check in three different places. Switch to
dtls1_get_client_method()/tls1_get_client_method() to find the method -
this is a slight change in behaviour, however there is not much point
trying to resume a session on something other than a client.
ok beck@
|
| |
|
|
|
|
|
|
| |
Move assignment to the correct place so that the run continuation condition
actually checks what it is supposed to. Found by getting lucky when running
regress.
ok beck jsing
|
| |
|
|
|
| |
simpler and more consistent in x509_verify.c rev. 1.6;
OK beck@
|
| |
|
|
|
|
|
|
|
|
| |
This may be changed substantially before we enable the public api,
as discussions are still happening over it's final form, however
after one pass by ingo he would rather this was here and it can be
adjusted in tree, but not installed by the makefile until we make
this visible
ok schwarze@
|
| |
|
|
|
|
|
|
| |
to X509_V_ERR_OUT_OF_MEM instead of UNSPECIFIED in chain_append when
allocation fails.
noticed by ingo@
ok tb@
|
| | |
|
| |
|
|
|
|
|
| |
the extension list.
found by llvm static analyzer
ok tb@
|
| |
|
|
|
| |
Yak for my shaving pleasure found by llvm static analyzer
ok tb@
|
| |
|
|
|
| |
found by llvm static analyzer.
ok tb@
|
| |
|
|
|
| |
noticed by llvm static analyzer
ok tb@
|
| |
|
|
|
| |
noticed by llvm static analyzer
ok tb@
|
| |
|
|
|
|
|
| |
eat a NULL.
found by clang static analyzer
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
| |
the roots for a ctx are only freed in the free function, not in the
clear function, so that a ctx can be re-used with the same roots.
ok tb@
|
| |
|
|
| |
so we don't need to pop free the roots separately
|
| | |
|
| |
|
|
| |
ok jsing@ tb@
|
| |
|
|
|
|
|
|
|
|
| |
OpenSSL added a separate API for configuring TLSv1.3 ciphersuites. Provide
this API, while retaining the current behaviour of being able to configure
TLSv1.3 via the existing interface.
Note that this is not currently exposed in the headers/exported symbols.
ok beck@ inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new validator finds multiple validated chains to handle the modern
PKI cases which may frequently have multiple paths via different
intermediates to different roots. It is loosely based on golang's x509
validator
This includes integration so that the new validator can be used via
X509_verify_cert() as well as a new api x509_verify() which will
return multiple chains (similar to go).
The new validator is not enabled by default with this commit, this
will be changed in a follow on commit.
The new public API is not yet exposed, and will be finalized and
exposed with a man page and a library minor bump later.
ok tb@ inoguchi@ jsing@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When BIO returns a failure, it does not always add an error to the error
stack. In the case of the legacy stack, this was generally handled by the
guesswork performed by SSL_get_error(). However, in the case of the new
stack we push an 'unknown' error onto the stack.
Improve this situation by specifically checking errno in the case of a
BIO_read() or BIO_write() failure. If the error stack is empty then push
a SYSerror() with the errno which is preferable to the 'unknown' error
later.
Noted by bluhm@ via syslogd regress.
ok beck@ tb@
|
| |
|
|
|
|
| |
The curve_id is a uint16, not an int.
ok beck jsing
|
| |
|
|
|
|
|
| |
Use more descriptive variable names, explain why NID_undef is fine
and simplify the logic.
ok beck jsing
|
| |
|
|
| |
figure out whether top > 0 or top == 0.
|
| |
|
|
|
|
|
|
|
|
| |
If BN_rand() is called with top > 0 and bits == 1, it would allocate
a buf[] of size 1 and set the top bit of buf[1].
Found in OpenSSL commit efee575ad464bfb60bf72dcb73f9b51768f4b1a1 while
looking for something else.
ok beck djm inoguchi
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
|
| |
To pick up __STRICT_ALIGNMENT define, include machine/endian.h.
No kidding... deraadt@
ok bcook@ jsing@
|
| |
|
|
|
|
|
| |
regression tests. The use of the new name constraints is not yet activated
in x509_vfy.c and will be activated in a follow on commit
ok jsing@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When parsing a cipher string, a cipher list is created, before being
duplicated and sorted - the second copy being stored as cipher_list_by_id.
This is done only so that a client can ensure that the cipher selected by
a server is in the cipher list. This is pretty pointless given that most
clients are short-lived and that we already had to iterate over the cipher
list in order to build the client hello. Additionally, any update to the
cipher list requires that cipher_list_by_id also be updated and kept in
sync.
Remove all of this and replace it with a simple linear scan - the overhead
of duplicating and sorting the cipher list likely exceeds that of a simple
linear scan over the cipher list (64 maximum, more typically ~9 or so).
ok beck@ tb@
|
| |
|
|
| |
ok beck@, tb@
|
| |
|
|
|
|
|
|
|
|
| |
The name ssl_cipher_is_permitted() is not entirely specific - what it
really means is "can this cipher be used with a given version range".
Use ssl_cipher_allowed_in_version_range() to more clearly indicate this.
Bikeshedded with tb@
ok tb@
|
| |
|
|
|
|
| |
TLS13_ALERT_* defines.
ok beck@ tb@
|
