| Age | Commit message (Collapse) | Author |
|---|
|
usleep(3) is a wrapper around nanosleep(2). We should always call
nanosleep(), even if the input is zero. This makes behavior easier
to reason about and ensures we get a nanosleep() ktrace hit if a
program calls usleep().
ok millert@
|
|
While here, stress that X509_NAME objects cannot share X509_NAME_ENTRY
objects, and polish a few misleading wordings.
|
|
undocumented. It is archaic and practically unused and unusable.
tb@ and jsing@ agree with marking it as undocumented.
Put the comment here because EVP_PKEY_base_id(3) is a viable alternative.
|
|
undocumented macro alias X509_name_cmp(3);
no change to the assembler code generated by the compiler;
OK tb@
|
|
undocumented because it is almost unused in real-world code.
OK tb@
|
|
Now that SSL_METHOD is opaque and in internal headers, we can remove
SSL_METHOD_INTERNAL by merging it back into SSL_METHOD.
ok tb@
|
|
|
|
|
|
This adds functionality for SSL_get_signature_nid(),
SSL_get_peer_signature_nid(), SSL_get_signature_type_nid() and
SSL_get_peer_signature_type_nid().
This is not currently publicly visible and will be exposed at a later
date.
ok inoguchi@ tb@
|
|
Move struct ssl_cipher_st, struct ssl_method_st, struct ssl_session_st and
struct ssl3_state_st from public to private headers. These are already
under #ifdef LIBRESSL_INTERNAL and are no longer publicly visible.
ok inoguchi@ tb@
|
|
and X509_REQ_extract_key(3), using feedback from tb@ and jsing@
|
|
This was inadvertently broken during sigalgs refactoring.
|
|
This means that we do sigalg selection for all cases, including those
where are are not sending sigalgs. This is needed in order to track our
signature type in legacy cases.
ok tb@
|
|
This is needed for upcoming API additions.
|
|
Suggested by tb@
|
|
Wording provided by tb@
|
|
Only use the minimum TLS version to when building a signature algorithms
extension for a ClientHello - in all other cases we should be using the
negotiated TLS version.
ok inoguchi@ tb@
|
|
This simplifies callers, as only the negotiated TLS version needs to be
used here.
Requested by tb@
|
|
|
|
ok inoguchi@ tb@
|
|
ok inoguchi@ tb@
|
|
Provide an ssl_sigalg_for_peer() function that knows how to figure out
which signature algorithm should be used for a peer provided signature,
performing appropriate validation to ensure that the peer provided value
is suitable for the protocol version and key in use.
In the TLSv1.3 code, this replaces the need for separate calls to lookup
the sigalg from the peer provided value, then perform validation.
ok inoguchi@ tb@
|
|
Also, rather than passing in a check_curve flag, pass in the SSL * and
handle version checks internally to ssl_sigalg_pkey_ok(), simplifying
the callers.
ok inoguchi@ tb@
|
|
In the case of TLSv1.0 and TLSv1.1 there is no signature algorithms
extension and default signature algorithms are used - similar applies to
TLSv1.2 when the signature algorithms extension has been omitted.
ok inoguchi@ tb@
|
|
|
|
RFC 8446 section 4.1.4 requires that the client ensure the cipher suite
in the TLSv1.3 HelloRetryRequest and subsequent ServerHello is the same.
Reported via GitHub issue #675.
ok inoguchi@ tb@
|
|
Per RFC 5246 section 6.2.1, zero-length fragments are only permitted for
application data - reject all others.
Reported via GitHub issue #675.
ok inoguchi@ tb@
|
|
and even char is signed on some platforms;
OK millert@ jmc@
|
|
mostly mechanical diff similar to what Emil Engler just sent for sqrt(3)
|
|
|
|
|
|
|
|
|
|
so it is no longer necessary in to do this by hand in various
places of the code interfacing with the legacy stack.
ok jsing
|
|
During the TLSv1.3 handshake, update the legacy state and call the
info callback at the appropriate moment. This is done by mapping
the TLSv1.3 states to the states in the old state machine whenever
that is possible. The callbacks are called at the beginning and end
of the handshake, and just before the state machine advances.
This should fix a periodic warning in logs of tor relays about a
variable that wasn't set although it should have been.
input/ok jsing, ok inoguchi (early version)
|
|
Move the sigalg pointer from SSL_HANDSHAKE_TLS13 to SSL_HANDSHAKE, naming
it our_sigalg, adding an equivalent peer_sigalg. Adjust the TLSv1.3 code
that records our signature algorithm. Add code to record the signature
algorithm used by our peer.
Needed for upcoming API additions.
ok tb@
|
|
ssl3_send_client_verify() already has a pointer to the EVP_PKEY for the
certificate - pass this as an argument to the functions that it calls,
rather than duplicating code/variable declarations.
|
|
Rather that passing in a sigalg list at every call site, pass in the
appropriate TLS version and have ssl_sigalgs_from_value() perform the
sigalg list selection itself. This allows the sigalg lists to be made
internal to the sigalgs code.
ok tb@
|
|
This makes the code more self-documenting and avoids the ambiguity between
ssl_sigalg the struct and ssl_sigalg the function.
ok tb@
|
|
Rather that doing sigalg list selection at every call site, pass in the
appropriate TLS version and have ssl_sigalgs_build() perform the sigalg
list selection itself. This reduces code duplication, simplifies the
calling code and is the first step towards internalising the sigalg lists.
ok tb@
|
|
ok tb@
|
|
This matches the order that sigalgs are specified in.
ok tb@
|
|
When converting to TLS flags, we need to also include SSL_OP_NO_TLSv1,
otherwise the TLS equivalent of SSL_OP_NO_DTLSv1 is TLSv1.0 only, which
does not work so well when we try to switch back to DTLS versions.
|
|
|
|
The pointer `itp' doesn't serve any purpose here, remove it.
Since we're changing these lines, we may as well rename `it' to `itv'
to match the existing `oitv'.
Thread: https://marc.info/?l=openbsd-tech&m=162380665115598&w=2
ok millert@
|
|
was removed in t1_lib.c r1.141.
|
|
|
|
tls_config_set_*_file(3) do not just set the file paths like
tls_config_set_*_path(3) do, they do load the given file(s) into memory
directly using tls_config_load_file().
This distinction is important because it means a later tls_connect(3)
will not do any file I/O (at least wrt. those files), which is relevant when
for example pleding without "[rwc]path" after loading files into memory and
before doing tls_connect(3).
The manual's current wording made me use the following due to above way of
pledging a program:
tls_load_file()
tls_config_set_ca_mem()
tls_unload_file()
While in fact a single tls_config_set_ca_file() call does the same.
tls_config.c r1.26 (Aug 2016) change the code but forgot to amend the manual
as noted by tb, thanks.
Feedback OK tb
|
|
siglongjmp(3) to decide wehther we need to restore the signal mask.
ok deraadt@, drahn@
|
|
As found by djm by fuzzing ssh, scan_scaled can overflow for negative
numbers when rescaling is needed. This is because the rescaled fractional
part is added without taking the sign into account.
ok ian jca
|
