| Age | Commit message (Collapse) | Author |
|---|
|
X509_STORE_add_crl() does not take ownership of the CRL, it bumps its
refcount. So nulling out the CRL from the stack will leak it.
Issue reported by KS Sreeram, thanks!
ok jsing
|
|
Rather than leaking libcrypto defines through the tls_sign_cb and
tls_signer_sign() interfaces, provide and use our own TLS_PADDING_*
defines.
ok inoguchi@ tb@
|
|
The current design of tls_sign_cb provides a pointer to a buffer where the
signature needs to be copied, however it fails to provide a length which
could result in buffer overwrites. Furthermore, tls_signer_sign() is
designed such that it allocates and returns ownership to the caller.
Revise tls_sign_cb so that the called function is expected to allocate a
buffer, returning ownership of the buffer (along with its length) to the
caller of the callback. This makes it far easier (and safer) to implement
a tls_sign_cb callback, plus tls_signer_sign can be directly plugged in
(with an appropriate cast).
While here, rename and reorder some arguments - while we will normally
sign a digest, there is no requirement for this to be the case hence use
'input' and 'input_len'. Move padding (an input) before the outputs and
add some additional bounds/return value checks.
This is technically an API/ABI break that would need a libtls major bump,
however since nothing is using the signer interface (outside of regress),
we'll ride the original minor bump.
With input from tb@
ok inoguchi@ tb@
|
|
ok jsing@ tb@
|
|
Add tls_signer_error to Symbols.list - this was missed during the last
libtls minor bump and can ride along.
ok deraadt@
|
|
|
|
to implement.
Add a tls_config_set_sign_cb() function that allows to register
a callback for the signing operation on a tls_config. When used,
the context installs fake pivate keys internally, and the callback
receives the hash of the public key.
Add a tls_signer_*() set of functions to manage tls_signer objects.
A tls_signer is an opaque structure on which keys are added.
It is used to compute signatures with private keys identified by
their associated public key hash.
Discussed with and ok jsing@ tb@
|
|
EVP_EncryptInit_ex, EVP_DecryptInit_ex and HMAC_Init_ex are possible to
fail and return error.
Error from these functions will be fatal for the callback, and I choose to
return -1.
SSL_CTX_set_tlsext_ticket_key_cb.3 explains the return value of callback.
This also could fix Coverity CID 345319.
ok jsing@ tb@
|
|
and Symbol addition and removal in libcrypto.
|
|
joint with jsing
|
|
|
|
addition.
|
|
ok beck jsing
|
|
ok jsing
|
|
This reduces the number of reacharounds into libcrypto internals.
ok jsing
|
|
reality while there.
ok jsing
|
|
Prompted by a diff by Jonas Termansen, discussed with deraadt, millert
ok jsing
|
|
ok jsing
|
|
|
|
|
|
|
|
|
|
tls_config_set_*_file(3) do not just set the file paths like
tls_config_set_*_path(3) do, they do load the given file(s) into memory
directly using tls_config_load_file().
This distinction is important because it means a later tls_connect(3)
will not do any file I/O (at least wrt. those files), which is relevant when
for example pleding without "[rwc]path" after loading files into memory and
before doing tls_connect(3).
The manual's current wording made me use the following due to above way of
pledging a program:
tls_load_file()
tls_config_set_ca_mem()
tls_unload_file()
While in fact a single tls_config_set_ca_file() call does the same.
tls_config.c r1.26 (Aug 2016) change the code but forgot to amend the manual
as noted by tb, thanks.
Feedback OK tb
|
|
One instance of TLS1_AD_* was missed and broke the tree in the recent
switch to using only one version of alert defines internally.
|
|
|
|
While an FQDN includes a trailing dot for the zero-length label of
the root, SNI explicitly does not contain it. Contrary to other TLS
implementations, our tlsext_sni_is_valid_hostname() rejects a trailing
dot. The result is that LibreSSL TLS servers encountering an SNI with
trailing dot abort the connection with an illegal_parameter alert.
This fixes an issue reported by danj in nc(1) and by sthen in ftp(1).
DNS cluebat from florian.
ok jsing
|
|
ok jsing
|
|
|
|
|
|
ok inoguchi
|
|
ok eric jsing
|
|
checking. Only install the hash on the key if fake key is used,
and do it for EC keys too.
ok tb@ jsing@
|
|
ok tb@
|
|
ok tb@
|
|
|
|
key, and fake it internally with the certificate public key instead.
It makes it easier for privsep engines like relayd that don't have to
use bogus keys anymore.
ok beck@ tb@ jsing@
|
|
|
|
fix in libcrypto/asn1/a_time_tm.c r1.16.
Suggested by jsing
|
|
* Do not abuse .Bl -tag for lists without bodies, use .Bl -item instead.
* In tagged lists, put bodies into bodies, not into heads.
* Add a few missing macros.
* Drop some useless quoting.
|
|
Follow the previous commit and complete the manual page for consistency;
better readable and tags for free.
OK tb
|
|
Manuals like httpd.conf(5) refer to this for valid protocol strings, but
elements inlined into sentences are hard find to spot.
Use a list as already done elsewhere in this manual.
OK jmc on earlier version
Feeback OK tb
|
|
Add a stub for pthread_mutex_destroy() for installers.
ok tb@
|
|
noted by deraadt@
|
|
ok inoguchi@
|
|
ERR_peek_error() returns unsigned long.
Reported by github issue by @rozhuk-im.
ok bcook@ jsing@
|
|
how our tree gets built. If this was done in all the libraries (imagine
sys/dev), it would disrupt the development process hugely. So it should
not be done here either. use 'make includes' by hand instead.
|
|
|
|
|
|
been installed prior to building.
Requested by and ok tb@
|
|
ok jsing@
|
