summaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2021-07-11While the traditional OpenSSL return value and behaviour of BIO_dump(3)Bob Beck
is pure comedy gold, and now documented as such, sadly this bit of pure Muppet genius can't really in good consience stay in the tree as is. Change BIO_dump to always return the number of bytes printed on success and to stop printing and return -1 on failure if a writing function fails. ok tb@, jsing@
2021-07-11new manual page ASN1_parse_dump(3)Ingo Schwarze
2021-07-11document ASN1_get_object(3)Ingo Schwarze
2021-07-10Fix a read buffer overrun in X509_CERT_AUX_print(3),Ingo Schwarze
which by implication also affects X509_print(3). The ASN1_STRING_get0_data(3) manual explitely cautions the reader that the data is not necessarily NUL-terminated, and the function X509_alias_set1(3) does not sanitize the data passed into it in any way either, so we must assume the alias->data field is merely a byte array and not necessarily a string in the sense of the C language. I found this bug while writing manual pages for these functions. OK tb@ As an aside, note that the function still produces incomplete and misleading results when the data contains a NUL byte in the middle and that error handling is consistently absent throughout, even though the function provides an "int" return value obviously intended to be 1 for success and 0 for failure, and even though this function is called by another function that also wants to return 1 for success and 0 for failure and even does so in many of its code paths, though not in others. But let's stay focussed. Many things would be nice to have in the wide wild world, but a buffer overflow must not be allowed to remain in our backyard.
2021-07-10new manual page BIO_dump(3)Ingo Schwarze
2021-07-10Add a bunch of workarond in the verifier to support partial chains andBob Beck
the saving of the first error case so that the "autochain" craziness from openssl will work with the new verifier. This should allow the new verification code to work with a bunch of the autochain using cases in some software. (and should allow us to stop using the legacy verifier with autochain) ok tb@
2021-07-09Fix mixup between localKeyID and friendlyName.Theo Buehler
"please commit" schwarze
2021-07-09KNF: remove whitespace between functions and parenthesesTheo Buehler
2021-07-09new manual page for X509_keyid_set1(3), X509_keyid_get0(3),Ingo Schwarze
X509_alias_set1(3), X509_alias_get0(3)
2021-07-08document X509_add1_reject_object(3) and X509_reject_clear(3)Ingo Schwarze
2021-07-08add new manual page for X509_add1_trust_object(3) and X509_trust_clear(3)Ingo Schwarze
2021-07-07Mention that there are alternatives for ERE '+' and '?' in BRE.Martijn van Duren
OK kn@, millert@
2021-07-06document X509_signature_dump(3) and X509_signature_print(3)Ingo Schwarze
2021-07-06Fix a bug in X509_print_ex(3).Ingo Schwarze
If the user set nmflags == X509_FLAG_COMPAT and X509_NAME_print_ex(3) failed, the error return value of 0 was misinterpreted as an indicator of success, causing X509_print_ex(3) to ignore the error, continue printing, and potentially return successfully even though not all the content of the certificate was printed. The X509_NAME_print_ex(3) manual page explains that this function indicates failure by returning 0 if nmflags == X509_FLAG_COMPAT and by returning -1 if nmflags != X509_FLAG_COMPAT. That's definitely atrocious API design (witnessed by the complexity of the code needed for correct error checking), but changing the API contract and becoming incompatible with OpenSSL would make matters even worse. Note that just checking for <= 0 in all cases would not be correct either because X509_NAME_print_ex(3) returns 0 to indicate that it successfully printed zero bytes in some cases, for example when all three of the following conditions hold: 1. nmflags != X509_FLAG_COMPAT 2. indent == 0 (which X509_print_ex(3) does use in some cases) 3. the name object is NULL or empty I found the bug by code inspection and proposed an incomplete patch, then jsing@ proposed this improved version of the patch. OK jsing@.
2021-07-06sync man page with changes 1.2.3 -> 1.2.11. some changes:Jason McIntyre
- update references version number - Z_NULL -> NULL; from millert - terminate function synopses in main body with ";"; from tb - NULL -> NUL; from tb - update NAME and SYNOPSIS for added functions - updated copyright, to match zlib.h - simplify \-1 -> -1 ok tb
2021-07-05document i2a_ASN1_OBJECT(3)Ingo Schwarze
2021-07-04Add missing RCS tagsTheo Buehler
2021-07-04bump major after zlib updateTheo Buehler
2021-07-04Update libz to zlib 1.2.11 and reapply local patches as far as thisTheo Buehler
made sense. Tested in snaps for a few days. deraadt helped with fitting things on floppies and jmatthew found a bug I introduced. ok deraadt
2021-07-04document X509_find_by_subject(3) and X509_find_by_issuer_and_serial(3)Ingo Schwarze
2021-07-04Bugfix: when X509_NAME_dup(3) failed, X509_NAME_set(3) indicated successIngo Schwarze
even though it did not actually set the name. Instead, indicate failure in this case. This commit sneaks in a small, unrelated change in behaviour. If the first argument of X509_NAME_set(3) was NULL, the function used to return failure. Now it crashes the program by accessing the NULL pointer, for compatibility with the same change in OpenSSL. This merges the following two commits from the OpenSSL-1.1.1 branch, which is still available under a free license: 1. 180794c5 Rich Salz Sep 3 11:33:34 2017 -0400 2. c1c1783d Richard Levitte May 17 09:53:14 2018 +0200 OK tb@
2021-07-03Document X509_NAME_set(3).Ingo Schwarze
It is not particularly well-designed and sets a number of traps for the unwary, but it is a public API function in both OpenSSL and LibreSSL and used at various places.
2021-07-03Do a first pass clean up of SSL_METHOD.Joel Sing
The num_ciphers, get_cipher_by_char and put_cipher_by_char function pointers use the same function for all methods - call ssl3_num_ciphers() directly, absorb ssl3_get_cipher_by_char() into SSL_CIPHER_find() and remove the unused ssl3_put_cipher_by_char() code. ok inoguchi@ tb@
2021-07-02usleep(3): always call nanosleep(2)cheloha
usleep(3) is a wrapper around nanosleep(2). We should always call nanosleep(), even if the input is zero. This makes behavior easier to reason about and ensures we get a nanosleep() ktrace hit if a program calls usleep(). ok millert@
2021-07-02Document the read-only (sic!) accessor function X509_NAME_ENTRY_set(3).Ingo Schwarze
While here, stress that X509_NAME objects cannot share X509_NAME_ENTRY objects, and polish a few misleading wordings.
2021-07-02Add a roff comment saying that X509_certificate_type(3) is intentionallyIngo Schwarze
undocumented. It is archaic and practically unused and unusable. tb@ and jsing@ agree with marking it as undocumented. Put the comment here because EVP_PKEY_base_id(3) is a viable alternative.
2021-07-02call the API function X509_NAME_cmp(3) instead of the obsolete,Ingo Schwarze
undocumented macro alias X509_name_cmp(3); no change to the assembler code generated by the compiler; OK tb@
2021-07-02Add a roff comment saying that X509_name_cmp(3) is intentionallyIngo Schwarze
undocumented because it is almost unused in real-world code. OK tb@
2021-07-01Merge SSL_METHOD_INTERNAL into SSL_METHOD.Joel Sing
Now that SSL_METHOD is opaque and in internal headers, we can remove SSL_METHOD_INTERNAL by merging it back into SSL_METHOD. ok tb@
2021-06-30more trivial .Ar -> .Fa replacements in syscall manualsIngo Schwarze
2021-06-30use .Fa rather than .Ar; patch from me at EmilEngler dot comIngo Schwarze
2021-06-30Prepare to provide SSL_get_signature_nid() and friends.Joel Sing
This adds functionality for SSL_get_signature_nid(), SSL_get_peer_signature_nid(), SSL_get_signature_type_nid() and SSL_get_peer_signature_type_nid(). This is not currently publicly visible and will be exposed at a later date. ok inoguchi@ tb@
2021-06-30Move some structs from public to private headers.Joel Sing
Move struct ssl_cipher_st, struct ssl_method_st, struct ssl_session_st and struct ssl3_state_st from public to private headers. These are already under #ifdef LIBRESSL_INTERNAL and are no longer publicly visible. ok inoguchi@ tb@
2021-06-30document and deprecate the macros X509_extract_key(3)Ingo Schwarze
and X509_REQ_extract_key(3), using feedback from tb@ and jsing@
2021-06-30Correct sigalg hash usage when signing content for client verify.Joel Sing
This was inadvertently broken during sigalgs refactoring.
2021-06-29Pull sigalg selection up into ssl3_send_client_verify().Joel Sing
This means that we do sigalg selection for all cases, including those where are are not sending sigalgs. This is needed in order to track our signature type in legacy cases. ok tb@
2021-06-29Track sigalg used by ourselves and our peer in the legacy stack.Joel Sing
This is needed for upcoming API additions.
2021-06-29Pull up and dedup the TLS version check in ssl_sigalg_pkey_ok().Joel Sing
Suggested by tb@
2021-06-29Simplify RSA PSS key size comment.Joel Sing
Wording provided by tb@
2021-06-29Use appropriate TLS version when building client sigalg extensions.Joel Sing
Only use the minimum TLS version to when building a signature algorithms extension for a ClientHello - in all other cases we should be using the negotiated TLS version. ok inoguchi@ tb@
2021-06-29Change ssl_sigalg_from_value() to take SSL * instead of a TLS version.Joel Sing
This simplifies callers, as only the negotiated TLS version needs to be used here. Requested by tb@
2021-06-29Make various sigalg functions static now that they're only used internally.Joel Sing
2021-06-29Convert legacy stack server to ssl_sigalg_for_peer().Joel Sing
ok inoguchi@ tb@
2021-06-29Convert legacy stack client to ssl_sigalg_for_peer().Joel Sing
ok inoguchi@ tb@
2021-06-29Provide a ssl_sigalg_for_peer() function and use in the TLSv1.3 code.Joel Sing
Provide an ssl_sigalg_for_peer() function that knows how to figure out which signature algorithm should be used for a peer provided signature, performing appropriate validation to ensure that the peer provided value is suitable for the protocol version and key in use. In the TLSv1.3 code, this replaces the need for separate calls to lookup the sigalg from the peer provided value, then perform validation. ok inoguchi@ tb@
2021-06-29Move the RSA-PSS check for TLSv1.3 to ssl_sigalg_pkey_ok().Joel Sing
Also, rather than passing in a check_curve flag, pass in the SSL * and handle version checks internally to ssl_sigalg_pkey_ok(), simplifying the callers. ok inoguchi@ tb@
2021-06-29Factor out handling of legacy default signature algorithms.Joel Sing
In the case of TLSv1.0 and TLSv1.1 there is no signature algorithms extension and default signature algorithms are used - similar applies to TLSv1.2 when the signature algorithms extension has been omitted. ok inoguchi@ tb@
2021-06-29Mop up now unused variables.Joel Sing
2021-06-29Require a ServerHello following a HelloRetryRequest to use the same cipher.Joel Sing
RFC 8446 section 4.1.4 requires that the client ensure the cipher suite in the TLSv1.3 HelloRetryRequest and subsequent ServerHello is the same. Reported via GitHub issue #675. ok inoguchi@ tb@
2021-06-29Reject zero-length non-application data fragments in the legacy stack.Joel Sing
Per RFC 5246 section 6.2.1, zero-length fragments are only permitted for application data - reject all others. Reported via GitHub issue #675. ok inoguchi@ tb@