| Age | Commit message (Collapse) | Author |
|---|
|
|
|
This is an initial pass, defining the error code and using it for
"too long"/length-related errors.
ok beck jsing
|
|
ok jsing@ beck@
|
|
This adds tls_config_error_code() and tls_error_code(), which will become
public API at a later date.
Additional error codes will be added in follow-up commits.
ok jsing@ beck@
|
|
ok jsing@
|
|
ok beck@ jsing@
|
|
With this change any requests from configurations to request
versions of tls before tls 1.2 will use tls 1.2. This prepares
us to deprecate tls 1.0 and tls 1.1 support from libssl.
ok tb@
|
|
smtpd and the bits it needs in libtls are the only consumer left of
ECDSA_METHOD, which is long deprecated. This paves the way for the
removal in libcrypto.
The diff is from gilles' work on OpenSMTPD-portable, libretls had a
similar diff.
ok tb@, jsing@
|
|
To aid privilege separation, libtls maintains application-specific data
on the key inside the EVP_PKEY abstraction because the EVP API doesn't
provide a way to do that on the EVP_PKEY itself.
OpenSSL 3 changed behavior of EVP_PKEY_get1_RSA() and related functions.
These now return a struct from some cache. Thus, modifying the RSA will
no longer modify the EVP_PKEY like it did previously, which was clearly
implied to be the case in the older documentation.
This is a subtle breaking change that affects several applications.
While this is documented, no real solution is provided. The transition
plan from one OpenSSL major version to the next one tends to involve
many #ifdef in the ecosystem, and the only suggestion provided by the
new documentation is to switch to a completely unrelated, new API.
Instead, forcibly reset the internal key on EVP_PKEY after modification,
this way the change is picked up also by OpenSSL 3.
Fixes issue 1171 in OpenSMTPD-portable
ok tb@, jsing@
|
|
|
|
X509_STORE_add_crl() does not take ownership of the CRL, it bumps its
refcount. So nulling out the CRL from the stack will leak it.
Issue reported by KS Sreeram, thanks!
ok jsing
|
|
to implement.
Add a tls_config_set_sign_cb() function that allows to register
a callback for the signing operation on a tls_config. When used,
the context installs fake pivate keys internally, and the callback
receives the hash of the public key.
Add a tls_signer_*() set of functions to manage tls_signer objects.
A tls_signer is an opaque structure on which keys are added.
It is used to compute signatures with private keys identified by
their associated public key hash.
Discussed with and ok jsing@ tb@
|
|
This reduces the number of reacharounds into libcrypto internals.
ok jsing
|
|
ok jsing
|
|
|
|
ok eric jsing
|
|
checking. Only install the hash on the key if fake key is used,
and do it for EC keys too.
ok tb@ jsing@
|
|
ok tb@
|
|
key, and fake it internally with the certificate public key instead.
It makes it easier for privsep engines like relayd that don't have to
use bogus keys anymore.
ok beck@ tb@ jsing@
|
|
|
|
This makes tls_config_parse_protocols() recognise and handle "tlsv1.3".
If TLSv1.3 is enabled libtls will also request libssl to enable it.
ok beck@ tb@
|
|
This makes libtls more friendly for multithreaded use - otherwise we can
end up with incorrect refcounts and end up freeing when we should not be
(or not freeing when we should be).
ok beck@
|
|
an internal detail of the library, so the string should live inside it,
not in the application code.
ok jsing
|
|
own define for /etc/ssl/cert.pem.
ok beck@ bluhm@ tb@
|
|
being loaded behind our back, at a later point.
ok beck@
|
|
Now that we have tls_init() under pthread_once(), automatically initialise
libtls from the entry point functions (tls_config(), tls_client() and
tls_server()) - this makes an explicit tls_init() call no longer a
requirement.
ok bcook@ beck@ inoguchi@
|
|
builds work
|
|
|
|
ok jsing@
This brings pthread_once usage into libressl, which will
need to get dealt with correctly in portable.
This sets us up to autoinit libtls, and we will also be
using pthread_once to deal with autoinit stuff in libssl
and libcrypto
|
|
The keypair pubkey hash was being generated and set in the keypair when the
TLS context was being configured. This code should not be messing around
with the keypair contents, since it is part of the config (and not the
context).
Instead, generate the pubkey hash and store it in the keypair when the
certificate is configured. This means that we are guaranteed to have the
pubkey hash and as a side benefit, we identify bad certificate content
when it is provided, instead of during the context configuration.
ok beck@
|
|
rolling its own certificate loading. This also means we get better error
reporting on failure.
|
|
|
|
Reported by and fix from Nate Bessette <openbsd at nate dot sh> - thanks.
|
|
This fixes a bug where by a TLS server with SNI would always only return
the OCSP staple for the default keypair, rather than returning the OCSP
staple associated with the keypair that was selected via SNI.
Issue reported by William Graeber and confirmed by Andreas Bartelt.
Fix tested by William Graeber and Andreas Bartelt - thanks!
|
|
ok bcook@ jsing@
|
|
for the TLS privsep code. Instead use X509_pubkey_digest() because only the
key should be used as identifier. Relayd is rewriting certificates and then
the hash would change. Rename the hash is struct tls_keypair to pubkey_hash
to make clear what this hash is about.
With input and OK jsing@
|
|
enable CRL checking for the full certificate chain.
Based on a diff from Jack Burton <jack at saosce dot com dot au>, thanks!
Discussed with beck@
|
|
we can prevent libcrypto from going behind our back and trying to read
passwords from standard input (which we may not be permitted to do).
Found by jsg@ with httpd and password protected keys.
|
|
|
|
|
|
|
|
already completed a TLS handshake.
|
|
be called as soon as it has been passed to the final tls_configure() call,
simplifying lifetime tracking for the application.
Requested some time ago by tedu@.
ok beck@
|
|
as PEM format. This allows for it to be used or examined with tools
external to libtls
bump minor
ok jsing@
|
|
public key as an identifier to RSA, and adds an function for relayd to
use to disable private key checking when doing engine privsep.
ok jsing@
|
|
issue where by calling tls_close() on a TLS context that has not attempted
a handshake, results in an unexpected failure.
Reported by Vinay Sajip.
ok beck@
|
|
OK beck@ jsing@
|
|
|
|
CA chain or specify CA paths. This prevents attempts to access the file
system, which may fail due to pledge.
ok bluhm@
|
|
should not have changed the X509_STORE_CTX error value on success and it
was initialised to X509_V_OK by X509_STORE_CTX_init(). Other software also
depends on this behaviour.
Previously X509_verify_cert() was mishandling the X509_STORE_CTX error
value when validating alternate chains. This has been fixed and further
changes now explicitly ensure that the error value will be set to X509_V_OK
if X509_verify_cert() returns success.
|
