summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Update golden values to match P-521 being enabled by default in the client.jsing2020-08-091-20/+21
| | | | Diff from tb@
* Update golden values to match P-521 being enabled by default in the client.jsing2020-08-091-10/+11
|
* Add P-521 to the list of curves supported by default in the client.jsing2020-08-091-5/+18
| | | | | | | | | | | | | | | A certain VPN provider appears to have configured their servers to only accept P-521 for TLSv1.3 key exchange. The particular VPN software in use also does not currently allow for the TLSv1.3 key share groups to be configured, which means that there is no way to easily use LibreSSL in this situation. Include P-521 in the list of curves that are supported by default in the client, in order to increase interoperability. Discussed at length with beck@, inoguchi@ and tb@. ok tb@
* Use CBB more correctly when writing SSL3/DTLS records.jsing2020-08-092-66/+92
| | | | | | | | | | | | Previously we used CBB to build the record headers, but not the entire record. Use CBB_init_fixed() upfront, then build the record header and add space for the record content. However, in order to do this we need to determine the length of the record upfront. This simplifies the code, removes a number of manual bounds checks and makes way for further improvements. ok inoguchi@ tb@
* Make the explicit IV length handling in DTLS the same as SSL3/TLS.jsing2020-08-091-8/+13
| | | | ok inoguchi@ tb@
* Session resumption is not currently supported for TLSv1.3.tb2020-08-081-4/+4
|
* Enable P-521 and run the tests that use it.tb2020-08-081-5/+3
|
* delete another word to improve the wording; suggested by jmc@schwarze2020-08-061-2/+2
|
* Explain the purpose of CMAC_resume(3) in more detail.schwarze2020-08-061-3/+9
| | | | | | | | Triggered by jmc@ apparently misunderstanding the intention of the text and fixing a grammatical error in a way that wasn't ideal, so i guess he wouldn't have been the only one to find the previous version hard to understand. OK jmc@
* Cleanup aead_ctxinoguchi2020-08-041-1/+3
| | | | ok jsing@ tb@
* Only parse a client's status_request in the CHtb2020-08-031-1/+4
| | | | | | | | A client should only send a status_request as part of the CH. Pointed out by Michael Forney ok inoguchi jsing
* Ensure clients only send a status_request in the CHtb2020-08-031-3/+7
| | | | | | | | | | The current code might cause a client to send a status_request containing a CertificateStatusRequest with its certificate. This makes no sense. Pointed out by Michael Forney ok inoguchi jsing
* Correctly handle server requests for an OCSP responsetb2020-08-031-1/+12
| | | | | | | | | | | | | | | | | According to RFC 8446, 4.4.2.1, a server may request that a client present an OCSP response with its certificate by sending an empty status_request extension as part of the certificate request. The current code expects a full CertificateStatus structure, which is only sent if the server sends an OCSP response with its certificate. This causes interoperability issues with Go's TLS server and with newer GnuTLS where we would abort the handshake with a decode_error alert and length mismatch error. Issue reported and diagnosed by Michael Forney Problem also found by Mikolaj Kucharski and inoguchi. ok inoguchi jsing
* Check the return value of tls1_enc() in the write path.jsing2020-08-022-6/+6
| | | | | | | | | The write path can return a failure in the AEAD path and there is no reason not to check a return value. Spotted by tb@ during another review. ok tb@
* Clean up/simplify more of the dtls1/ssl3 record writing code:jsing2020-08-012-73/+34
| | | | | | | | | | | | - Make the DTLS code much more consistent with the ssl3 code. - Avoid assigning wr->input and wr->length just so they can be used as arguments to memcpy(). - Remove the arc4random_buf() call for the explicit IV, since tls1_enc() already does this for us. ok tb@
* Pull record version selection code up and pass it as an argument tojsing2020-08-011-15/+15
| | | | | | ssl3_create_record(). ok tb@
* Replace hostname underscore with hyphen in appstest.shinoguchi2020-08-011-28/+28
|
* Have ssl_init_wbio_buffer() push the buffering BIO rather than doing itjsing2020-07-301-5/+2
| | | | | | ourselves. Spotted by tb@ during a previous review.
* Clean up and simplify some of the SSL3/DTLS1 record writing code.jsing2020-07-302-76/+72
| | | | | | | | | | | This will allow for further changes to be made with less complexity and easier review. In particular, decide if we need an empty fragment early on and only do the alignment calculation once (rather than in two separate parts of the function. ok tb@ inoguchi@
* Add minimal info callback support for TLSv1.3tb2020-07-303-3/+32
| | | | | | | | | | | | | | As abieber@ found the hard way, some python frameworks (twisted, synapse) thought it a great idea to use the info callback mechanism (designed to get state information about SSL objects) to modify state information such as setting and verifying the SNI. The switch of TLS_method() to default to TLSv1.3 broke these contraptions. Further bits of the info callback mechanism will likely metastasize throughout the TLSv1.3 stack if we need them, so we only do what's really necessary now. Lots of debugging, crucial hint and testing by abieber input & ok jsing
* Wrap long lines s_server.cinoguchi2020-07-271-67/+130
|
* Add function prototype and move sub functions to bottominoguchi2020-07-271-198/+197
|
* Remove space between '*' and pointer variable in s_server.cinoguchi2020-07-271-12/+12
|
* Remove 's_' prefix from member of s_server_config structinoguchi2020-07-271-110/+110
|
* Convert openssl(1) s_server option handlinginoguchi2020-07-271-568/+929
| | | | ok and comments from jsing@
* Handle SSL_MODE_AUTO_RETRY being changed during a TLSv1.3 session.jsing2020-07-251-1/+4
| | | | | | | | | | | | | | | Both Perl's HTTP::Tiny and IO::Socket::SSL know about SSL_MODE_AUTO_RETRY and try to work around the fact that OpenSSL enabled it by default. However, this can lead to the mode being disabled prior to the TLSv1.3 handshake and then enabled after the handshake has completed. In order to handle this correctly we have to check the mode and inform the record layer prior to every read. Issue reported and test case provided by Nathanael Rensen <nathanael@polymorpheus.com>. ok inoguchi@ tb@
* remove half a dozen "goto" statements and a labelschwarze2020-07-251-14/+1
| | | | | that change nothing whatsoever, except making the code harder to read; OK tb@
* tweak previous;jmc2020-07-241-4/+4
|
* document PEM_X509_INFO_read(3) and PEM_X509_INFO_read_bio(3)schwarze2020-07-237-14/+207
| | | | OK tb@
* Fix a bug in PEM_X509_INFO_read_bio(3) that is very likely to causeschwarze2020-07-234-22/+211
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | use-after-free and double-free issues in calling programs. The bug was introduced in SSLeay-0.6.0 released on June 21, 1996 and has been present since OpenBSD 2.4. I found the bug while documenting the function. The bug could bite in two ways that looked quite different from the perspective of the calling code: * If a stack was passed in that already contained some X509_INFO objects and an error occurred, all the objects passed in would be freed, but without removing the freed pointers from the stack, so the calling code would probable continue to access the freed pointers and eventually free them a second time. * If the input BIO contained at least two valid PEM objects followed by at least one PEM object causing an error, at least one freed pointer would be put onto the stack, even though the function would return NULL rather than the stack. But the calling code would still have a pointer to the stack, so it would be likely to access the new bogus pointers sooner or later. Fix all this by remembering the size of the input stack on entry and cutting it back to exactly that size when exiting due to an error, but no further. While here, do some related cleanup: * Garbage collect the automatic variables "error" and "i" which were only used at one single place each. * Use NULL rather than 0 for pointers. I like bugfixes that make the code four lines shorter, reduce the number of variables by one, reduce the number of brace-blocks by one, reduce the number if if-statements by one, and reduce the number of else-clauses by one. Tweaks and OK tb@.
* Fix perl bugs that had me printing the wrong cert number for errorsbeck2020-07-161-8/+9
|
* The exit code from the perl matters herebeck2020-07-151-1/+3
|
* Don't leak the X509_STOREbeck2020-07-151-1/+3
|
* Add certificate validation tests generated using the tools frombeck2020-07-1510945-0/+444760
| | | | | | | | bettertls.com, and a verification suite to try each certificate in the same manner as the web based tests do using X509_verify. This includes the list of "known" failures today in our validaion code so we can move forward without moving back.
* Convert option handling for openssl(1) verify.jsing2020-07-141-88/+220
| | | | ok inoguchi@, tb@
* Dedup the use legacy stack code.jsing2020-07-141-56/+25
| | | | ok inoguchi@ tb@
* Revert the TLSv1.3 version switching fix/hack.jsing2020-07-141-10/+1
| | | | | | | | This is no longer necessary since the TLS_method() now supports TLSv1.3. Reverts r1.211 of ssl_lib.c. ok beck@ inoguchi@ tb@
* Enter the certs regress directory.jsing2020-07-141-1/+2
|
* Add regress for X509_verify() using the new bundles.jsing2020-07-142-3/+369
| | | | | A number of these tests are known to fail due to bugs/incorrect verification implementation.
* Provide generated certificate bundles and roots for regress.jsing2020-07-1474-0/+3721
| | | | ok beck@ tb@
* Provide tools to build certificate changes for verify regress.jsing2020-07-144-0/+636
| | | | | | | | | | This provides a script that generates a variety of certificate chains and assembles them into bundles containing various permutations, which can be used to test our X.509 verification. A Go program is included to verify each of these bundles. ok beck@ tb@
* Force TLSv1.2 when testing SSLv3/TLSv1.2 cipher suites.jsing2020-07-141-1/+1
| | | | Otherwise we end up switching to TLSv1.3 and using a TLSv1.3 cipher suite.
* Add a -tls1_2 option so we can force TLSv1.2 for testing.jsing2020-07-141-5/+9
|
* getopt(3) returns an int so don't use a char to store its return value.kettenis2020-07-142-4/+4
| | | | | | Makes the test work on architectures where char is unsigned. ok deraadt@, millert@
* Remove hypheninoguchi2020-07-141-3/+3
|
* Add single space between pem and ...inoguchi2020-07-141-2/+2
|
* Add manual for openssl(1) certhashinoguchi2020-07-141-2/+57
| | | | ok jmc@
* Clean up s_client.cinoguchi2020-07-101-26/+27
| | | | | | | - Remove space between '*' and pointer variable. - Add function prototype. - Move callback function to bottom. - Move typedef struct to up.
* Change variable bio_c_out from global to localinoguchi2020-07-101-15/+11
| | | | ok tb@
* Wrap long lines and put space in front of label in s_client.cinoguchi2020-07-091-46/+80
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-28 19:02:21 +0000