summaryrefslogtreecommitdiff
path: root/lib/libtls
AgeCommit message (Collapse)Author
2023-05-10switch two ASN1_STRING_data() to ASN1_STRING_get0_data()Omar Polo
and while here mark as const data. This diff is actually from gilles@, in OpenSMTPD-portable bundled libtls. ok tb@, jsing@
2023-05-05Use -Wshadow with clangTheo Buehler
ok jsing (a very long time ago)
2023-05-05Fix error handling in tls_check_common_name()Theo Buehler
A calloc failure should be a fatal error, so make it return -1. Also switch the default rv to -1 and distinguish error cases with acceptable situations with goto err/goto done. ok jsing
2023-04-25Bump majors after symbol addition and removalTheo Buehler
2023-04-09Drop X9.31 support from libtlsTheo Buehler
The TLS signer isn't exposed in public API (we should finally fix it...) and it supports X9.31, a standard that has been retired and deprecated for a very long time. libcrypto will stop supporting it soon, this step is needed to prepare userland. ok jsing
2023-03-10Crankl libcrypto/libssl/libtls minors after symbol additionTheo Buehler
2022-11-13Bump libtls minor to match libcrypto and libsslTheo Buehler
2022-09-11bump major after libcrypto and libssl major bumpTheo Buehler
2022-07-07Bump libtls minor after libcrypto and libssl minor bumpTheo Buehler
2022-03-24Crank major after symbol removal.Theo Buehler
2022-03-24Hide the tls_signer from public visibility. It's not ready yet andTheo Buehler
should not be used. It will be revisited after release. ok beck inoguchi jsing
2022-02-08Plug a long standing leak in libtls CRL handlingTheo Buehler
X509_STORE_add_crl() does not take ownership of the CRL, it bumps its refcount. So nulling out the CRL from the stack will leak it. Issue reported by KS Sreeram, thanks! ok jsing
2022-02-01Provide our own signature padding defines.Joel Sing
Rather than leaking libcrypto defines through the tls_sign_cb and tls_signer_sign() interfaces, provide and use our own TLS_PADDING_* defines. ok inoguchi@ tb@
2022-02-01Revise signer callback interface.Joel Sing
The current design of tls_sign_cb provides a pointer to a buffer where the signature needs to be copied, however it fails to provide a length which could result in buffer overwrites. Furthermore, tls_signer_sign() is designed such that it allocates and returns ownership to the caller. Revise tls_sign_cb so that the called function is expected to allocate a buffer, returning ownership of the buffer (along with its length) to the caller of the callback. This makes it far easier (and safer) to implement a tls_sign_cb callback, plus tls_signer_sign can be directly plugged in (with an appropriate cast). While here, rename and reorder some arguments - while we will normally sign a digest, there is no requirement for this to be the case hence use 'input' and 'input_len'. Move padding (an input) before the outputs and add some additional bounds/return value checks. This is technically an API/ABI break that would need a libtls major bump, however since nothing is using the signer interface (outside of regress), we'll ride the original minor bump. With input from tb@ ok inoguchi@ tb@
2022-01-29Add limits.h for INT_MAX in tls_signer.cKinichiro Inoguchi
ok jsing@ tb@
2022-01-28Expose tls_signer_error()Joel Sing
Add tls_signer_error to Symbols.list - this was missed during the last libtls minor bump and can ride along. ok deraadt@
2022-01-25minor bump after api additiomEric Faurot
2022-01-25Introduce a signer interface intented to make TLS privsep simplerEric Faurot
to implement. Add a tls_config_set_sign_cb() function that allows to register a callback for the signing operation on a tls_config. When used, the context installs fake pivate keys internally, and the callback receives the hash of the public key. Add a tls_signer_*() set of functions to manage tls_signer objects. A tls_signer is an opaque structure on which keys are added. It is used to compute signatures with private keys identified by their associated public key hash. Discussed with and ok jsing@ tb@
2022-01-19Check function return value in libtlsKinichiro Inoguchi
EVP_EncryptInit_ex, EVP_DecryptInit_ex and HMAC_Init_ex are possible to fail and return error. Error from these functions will be fatal for the callback, and I choose to return -1. SSL_CTX_set_tlsext_ticket_key_cb.3 explains the return value of callback. This also could fix Coverity CID 345319. ok jsing@ tb@
2022-01-14bump libcrypto, libssl, libtls majors after struct visibility changesTheo Buehler
and Symbol addition and removal in libcrypto.
2022-01-10Convert tls_bio_cb for opaque BIOTheo Buehler
joint with jsing
2022-01-01contibutions -> contributionsJonathan Gray
2021-10-31Bump majors after struct visibility changes, symbol removal and symbolTheo Buehler
addition.
2021-10-31Simplify some code by using X509_STORE_CTX_get_obj_by_subject()Theo Buehler
ok beck jsing
2021-10-21libtls: Don't reach into X509_STORE_CTX.Theo Buehler
ok jsing
2021-10-21Switch from X509_VERIFY_PARAM_set_flags() to X509_STORE_set_flags().Theo Buehler
This reduces the number of reacharounds into libcrypto internals. ok jsing
2021-10-21Eliminate a dead assignment and a weird cast. Adjust a comment toTheo Buehler
reality while there. ok jsing
2021-10-21Print uid with %u instead of %i.Theo Buehler
Prompted by a diff by Jonas Termansen, discussed with deraadt, millert ok jsing
2021-10-21Use *printf %d instead of %iTheo Buehler
ok jsing
2021-10-02Use SSL_CTX_get0_param() rather than reaching into the SSL_CTX.Joel Sing
2021-09-10major bump (same type of crank as libssl)Theo Buehler
2021-08-16typo in commentTheo Buehler
2021-06-22zap wonky commas;Jason McIntyre
2021-06-22Clarify tls_config_set_*_file() file I/O semanticskn
tls_config_set_*_file(3) do not just set the file paths like tls_config_set_*_path(3) do, they do load the given file(s) into memory directly using tls_config_load_file(). This distinction is important because it means a later tls_connect(3) will not do any file I/O (at least wrt. those files), which is relevant when for example pleding without "[rwc]path" after loading files into memory and before doing tls_connect(3). The manual's current wording made me use the following due to above way of pledging a program: tls_load_file() tls_config_set_ca_mem() tls_unload_file() While in fact a single tls_config_set_ca_file() call does the same. tls_config.c r1.26 (Aug 2016) change the code but forgot to amend the manual as noted by tb, thanks. Feedback OK tb
2021-06-14Use SSL_AD_INTERNAL_ERRORTheo Buehler
One instance of TLS1_AD_* was missed and broke the tree in the recent switch to using only one version of alert defines internally.
2021-06-01Update RFC reference. RFC 4366 was obsoleted by RFC 6066.Theo Buehler
2021-06-01Avoid sending a trailing dot in SNI as a clientTheo Buehler
While an FQDN includes a trailing dot for the zero-length label of the root, SNI explicitly does not contain it. Contrary to other TLS implementations, our tlsext_sni_is_valid_hostname() rejects a trailing dot. The result is that LibreSSL TLS servers encountering an SNI with trailing dot abort the connection with an illegal_parameter alert. This fixes an issue reported by danj in nc(1) and by sthen in ftp(1). DNS cluebat from florian. ok jsing
2021-06-01Remove unnecessary cast in free.Theo Buehler
ok jsing
2021-05-10give libtls the same bump as libsslTheo Buehler
2021-03-31Bump minors after symbol additionTheo Buehler
2021-03-23OCSP_basic_verify() doesn't set errno, so use tls_set_errorx()Theo Buehler
ok inoguchi
2021-02-01Use "EC/RSA key setup failure" to align error with othersTheo Buehler
ok eric jsing
2021-01-26Move private key setup to a helper function with proper errorEric Faurot
checking. Only install the hash on the key if fake key is used, and do it for EC keys too. ok tb@ jsing@
2021-01-21when using fake keys, skip the private key checkEric Faurot
ok tb@
2021-01-21return -1 on error for consistencyEric Faurot
ok tb@
2021-01-21minor bump after symbol additionEric Faurot
2021-01-21Allow setting a keypair on a tls context without specifying the privateEric Faurot
key, and fake it internally with the certificate public key instead. It makes it easier for privsep engines like relayd that don't have to use bogus keys anymore. ok beck@ tb@ jsing@
2021-01-05Fix indent.Joel Sing
2021-01-05Remove memset that was made redundant with the ASN1_time_parse()Theo Buehler
fix in libcrypto/asn1/a_time_tm.c r1.16. Suggested by jsing
2021-01-02Tweak previous:Ingo Schwarze
* Do not abuse .Bl -tag for lists without bodies, use .Bl -item instead. * In tagged lists, put bodies into bodies, not into heads. * Add a few missing macros. * Drop some useless quoting.