summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Revise signer callback interface.jsing2022-02-012-83/+128
| | | | | | | | | | | | | | | | | | | | | | | | | | The current design of tls_sign_cb provides a pointer to a buffer where the signature needs to be copied, however it fails to provide a length which could result in buffer overwrites. Furthermore, tls_signer_sign() is designed such that it allocates and returns ownership to the caller. Revise tls_sign_cb so that the called function is expected to allocate a buffer, returning ownership of the buffer (along with its length) to the caller of the callback. This makes it far easier (and safer) to implement a tls_sign_cb callback, plus tls_signer_sign can be directly plugged in (with an appropriate cast). While here, rename and reorder some arguments - while we will normally sign a digest, there is no requirement for this to be the case hence use 'input' and 'input_len'. Move padding (an input) before the outputs and add some additional bounds/return value checks. This is technically an API/ABI break that would need a libtls major bump, however since nothing is using the signer interface (outside of regress), we'll ride the original minor bump. With input from tb@ ok inoguchi@ tb@
* Add test coverage for tls_signer when used with a TLS server.jsing2022-01-301-2/+189
| | | | | | In this configuration the tls_signer is provided with the server certificate and private key, while the TLS server is configured with a sign callback and is only provided with the certificate.
* Add initial regress for tls_signer.jsing2022-01-303-1/+305
|
* Add limits.h for INT_MAX in tls_signer.cinoguchi2022-01-291-1/+3
| | | | ok jsing@ tb@
* Error check for sk_push in libsslinoguchi2022-01-281-4/+7
| | | | | | CID 118976 118979 ok tb@
* Error check for sk_push in libsslinoguchi2022-01-281-2/+5
| | | | | | CID 24838 comment and ok tb@
* Expose tls_signer_error()jsing2022-01-281-0/+1
| | | | | | | Add tls_signer_error to Symbols.list - this was missed during the last libtls minor bump and can ride along. ok deraadt@
* sort includes as usualtb2022-01-271-2/+2
|
* Do not depend on engine.h pulling in err.h and evp.htb2022-01-272-6/+10
|
* whitespacetb2022-01-261-4/+4
|
* minor bump after api additiomeric2022-01-251-1/+1
|
* Introduce a signer interface intented to make TLS privsep simplereric2022-01-257-5/+438
| | | | | | | | | | | | | | | | to implement. Add a tls_config_set_sign_cb() function that allows to register a callback for the signing operation on a tls_config. When used, the context installs fake pivate keys internally, and the callback receives the hash of the public key. Add a tls_signer_*() set of functions to manage tls_signer objects. A tls_signer is an opaque structure on which keys are added. It is used to compute signatures with private keys identified by their associated public key hash. Discussed with and ok jsing@ tb@
* Rewrite paragraph to refer to EVP_CIPHER_CTX_new() and HMAC_CTX_new()tb2022-01-251-6/+6
| | | | | | to match reality. spotted by/ok jmc
* Remove some HMAC_CTX_init() remnants in HMAC(3).tb2022-01-251-31/+5
| | | | spotted by/ok jmc
* Fix another return 0 bug in SSL_shutdown()tb2022-01-251-6/+8
| | | | | | | | | | | If tls13_recod_layer_send_pending() returns TLS13_IO_EOF, we will bubble this up to the caller via tls13_legacy_return_code(), which translates TLS13_IO_EOF to 0. This can happen if we have pending post handshake-handshake data and the peer closes the pipe. Presumably tls13_legacy_shutdown() should be rewritten yet again. ok jsing
* Avoid an infinite loop in SSL_shutdown()tb2022-01-251-2/+4
| | | | | | | | | | | | | | | | | | | | | If the peer closed the write side of the connection and we have not yet received the close_notify, SSL_shutdown() makes an extra read to try and read the peer's close_notify from the pipe. In that situation, we receive EOF. The legacy stack will return -1 while the TLSv1.3 stack will end up returning 0. Since the documentation is not super explicit about what should be done if SSL_shutdown() returns 0, some applications will enter an infinite loop. The code and documentation indicate that SSL_shutdown() should only be called once more if it returned 0. Newer versions of the OpenSSL documentation explicitly say that one should call SSL_read() if SSL_shutdown() returns 0 in order to retrieve the close_notify. Doing this would also have avoided this infinite loop. Reported by Carsten Arzig and bluhm with a test case extracted from the syslogd tests using IO::Socket::SSL, which has such an infinite loop. ok bluhm jsing
* Document X509_V_ERR_UNNESTED_RESOURCE. Previous version looked goodtb2022-01-241-2/+9
| | | | to claudio
* Garbage collect unused ret in ssl3_get_new_session_ticket()tb2022-01-241-5/+4
| | | | | | | ret is used to bubble up an error from ssl3_get_message() and is unused otherwise. Zap dead store and silly ret = 1; return ret; ok inoguchi jsing
* In ssl3_get_server_key_exchange() switch a 'goto err' totb2022-01-241-2/+2
| | | | | | | 'goto fatal_err' so that the illegal_parameter alert is actually sent in case of X509_get0_pubkey() failure. ok inoguchi jsing
* Avoid use of uninitialized in tlsext_sni_server_parse()tb2022-01-241-1/+3
| | | | | | | | | If the hostname is too long, tlsext_sni_is_valid_hostname() will fail without having initialized *is_ip. As a result, the garbage value could lead to accepting (but otherwise ignoring) overlong and possibly invalid hostnames without erroring in tlsext_sni_server_parse(). ok inoguchi jsing
* Garbage collect the unused rv in tls1_check_ec_server_key() andtb2022-01-241-3/+2
| | | | | | convert to usual form of error checking. ok inoguchi jsing
* Use memmove instead of memcpy for overlapping memoryinoguchi2022-01-221-3/+3
| | | | | | CID 251047 251094 OK beck@ jsing@ millert@ tb@
* Use memmove instead of memcpy for overlapping memoryinoguchi2022-01-221-5/+5
| | | | | | CID 250936 251103 OK beck@ jsing@ millert@ tb@
* X509_GET_PUBKEY(3) return value check in libcryptoinoguchi2022-01-221-2/+3
| | | | | | CID 345116 ok beck@ tb@
* X509_GET_PUBKEY(3) return value check in libcryptoinoguchi2022-01-221-3/+4
| | | | | | | | CID 25131 ok beck@ tb@ suggest using X509_REQ_get0_pubkey() and remove the EVP_PKEY_free() from tb@
* X509_GET_PUBKEY(3) return value check in libcryptoinoguchi2022-01-221-3/+3
| | | | | | ok beck@ tb@ suggest using X509_get0_pubkey() and remove EVP_PKEY_free() from tb@
* X509_GET_PUBKEY(3) return value check in libcryptoinoguchi2022-01-222-4/+7
| | | | ok beck@ tb@
* Remove the remaining three parens in return statements.tb2022-01-201-4/+4
|
* Use correct spelling of NULL.tb2022-01-201-2/+2
|
* remove unused variable from all copies of _asr_strdname()naddy2022-01-202-6/+6
| | | | | | | | ... including those inlined into print_dname(). This also fixes -Wunused-but-set-variable warnings warnings in smtpd and smtpctl. The code was imported with asr and then copied around. ok deraadt@ guenther@
* Add check for EVP_CIPHER_CTX_ctrlinoguchi2022-01-201-4/+6
| | | | suggestion from tb@
* Add check for EVP_CIPHER_CTX_set_key_length return valueinoguchi2022-01-201-2/+3
| | | | | | CID 21653 ok jsing@ millert@ tb@
* Add check for OBJ_nid2obj return valueinoguchi2022-01-201-2/+3
| | | | input from tb@
* Add check for ASN1_INTEGER_setinoguchi2022-01-201-2/+3
| | | | | | CID 24893 ok jsing@ millert@ tb@
* Fix check for BN_mod_inverse_ct return valueinoguchi2022-01-205-13/+13
| | | | ok jsing@ millert@ tb@
* Add check for BN_sub return valueinoguchi2022-01-201-2/+3
| | | | | | CID 24839 ok jsing@ millert@ tb@
* Add check for BIO_indent return valueinoguchi2022-01-201-2/+3
| | | | | | CID 24778 ok jsing@ millert@ tb@
* Add check for BIO_indent return valueinoguchi2022-01-201-3/+5
| | | | | | CID 24812 ok jsing@ millert@ tb@
* Add check for EVP_CIPHER_CTX_set_key_length return valueinoguchi2022-01-201-2/+2
| | | | | | It returns 1 on success and 0 for failure, never negative value. ok jsing@ millert@ tb@
* Add and fix check for BN functions return valueinoguchi2022-01-201-4/+5
| | | | ok jsing@ millert@ tb@
* Add check for BN functions return valueinoguchi2022-01-201-3/+5
| | | | | | | CID 21665 24835 comment from jsing@ and tb@ ok jsing@ millert@ tb@
* Add check for BIO_indent return valueinoguchi2022-01-201-2/+3
| | | | | | CID 24869 ok jsing@ millert@ tb@
* Document the bizarre fact that {CMS,PCKS7}_get0_signers() needs sometb2022-01-192-4/+12
| | | | | | | | | | | freeing of what they return despite being get0 functions: the stack of X509s that they return must be freed with sk_X509_free(). The get0 thus probably refers to the individual certs, but not to the stack itself. The libcrypto and libssl APIs never cease to amaze with new traps. ok inoguchi
* Check return value from EVP_CIPHER_CTX_new in cms_pwri.cinoguchi2022-01-191-2/+4
| | | | | | CID 345137 ok jsing@ tb@
* Check function return value in libtlsinoguchi2022-01-191-9/+21
| | | | | | | | | | | | EVP_EncryptInit_ex, EVP_DecryptInit_ex and HMAC_Init_ex are possible to fail and return error. Error from these functions will be fatal for the callback, and I choose to return -1. SSL_CTX_set_tlsext_ticket_key_cb.3 explains the return value of callback. This also could fix Coverity CID 345319. ok jsing@ tb@
* Avoid memory leak in error path with openssl(1) smimeinoguchi2022-01-161-1/+2
| | | | | | CID 345316 ok tb@
* Avoid memory leak in error path with openssl(1) cmsinoguchi2022-01-161-1/+3
| | | | | | CID 345314 345320 ok tb@
* spellingjsg2022-01-1512-39/+39
| | | | ok tb@
* Add back an accidentally dropped .Pptb2022-01-151-1/+2
|
* Update for HMAC_CTX_{init,cleanup} hand HMAC_cleanup removaltb2022-01-151-50/+2
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-18 12:17:03 +0000