summaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2022-07-20Drop some unnecessary parentheses.Theo Buehler
ok jsing
2022-07-20Copy alpn_selected using CBSTheo Buehler
ok jsing
2022-07-20Copy alpn_client_proto_list using CBS in SSL_new()Theo Buehler
This makes the code both shorter and safer since freeing, allocation, and copying are handled by CBS_stow() internally. ok jsing
2022-07-20Validate protocols in SSL{_CTX,}_set_alpn_protos()Theo Buehler
This wonderful API requires users to pass the protocol list in wire format. This list is then sent as part of the ClientHello. Validate it to be of the correct form. This reuses tlsext_alpn_check_format() that was split out of tlsext_alpn_server_parse(). Similar checks were introduced in OpenSSL 86a90dc7 ok jsing
2022-07-20Rewrite SSL{_CTX,}_set_alpn_protos() using CBSTheo Buehler
This simplifies the freeing, assigning and copying of the passed protocols by replacing all that code with a pair of CBS_init() and CBS_stow(). In addition, this aligns the behavior with OpenSSL, which no longer errors on NULL proto or 0 proto_len since 86a90dc7. ok jsing
2022-07-20Change various ALPN related internal struct membersTheo Buehler
Change alpn_client_proto_list and alpn_selected from unsigned char * to uint8_t and change alpn_client_proto_list_len to be a size_t instead of an unsigned int. ok jsing
2022-07-20Factor out ALPN extension format checkTheo Buehler
The ALPN extension must contain a non-empty list of protocol names. Split a check of this out of tlsext_alpn_server_parse() so that it can be reused elsewhere in the library. ok jsing
2022-07-20bump major due to struct size change on ILP32 architecturesTheo Buehler
2022-07-20Revert zlib.h r1.7Theo Buehler
The change from uLong to z_off_t was made due to a bug in gzip(1) which was fixed by gkoehler in gzopen.c r1.35. The trouble with the z_off_t change is that it is an ABI break and that it does not play well with various ffi interfaces. For example, Perl and Rust break on ILP32 arches with the system zlib. Run through an i386 bulk by sthen and an i386 regress by bluhm, thanks. ok bluhm
2022-07-20Remove tls_buffer_set_data() and remove/revise callers.Joel Sing
There is no way that tls_buffer_set_data() can currently work in conjunction with tls_buffer_expand(). This fact is currently hidden by the way that PHH works, which reads the same data from the record layer (which it needs to do anyway, since we may not have all of the handshake message in a single record). Since this is broken, mop it up and change the PHH callback to not provide the record data. ok beck@ tb@
2022-07-20Correct server-side handling of TLSv1.3 key updates.Joel Sing
The existing code updates the correct secret, however then sets it for the wrong direction. Fix this, while untangling the code and consistenly using 'read' and 'write' rather than 'local' and 'peer'. ok beck@ tb@
2022-07-19Objects are only set to ready if both their parent region and theirMartijn van Duren
(optional) indices are ready. However, indices in another region than the object can be made ready at a later time. These indices should then trigger the ready state in their related objects. This didn't happen for dynamic indices. OK sthen@
2022-07-19Disallow MD5 and SHA-1 HMACs depending on the security levelTheo Buehler
Ciphers using an MD5 HMAC are not allowed on security levels >= 1 and using a SHA-1 HMAC is disallowed on security levels >= 4. This disables RC4-MD5 by default. ok jsing
2022-07-19Avoid unnecessary loops in BN_generate_prime_ex()Theo Buehler
Since there is nothing randomized in bn_is_prime_bpsw(), the concept of rounds makes no sense. Apply a minimal change for now that avoids expensive loops that won't change the outcome in case we found a probable prime. ok jsing
2022-07-19Use sysctl CTL_NET.PF_INET6 to check if IPv6 is available or not.Claudio Jeker
With this sysconf(3) no longer needs the inet pledge. The kernel has been updated for this for a while now. OK sthen@ deraadt@
2022-07-18ypbinding should not be intrude to application namespace.Theo de Raadt
spotted by guenther
2022-07-18use same way of reporting error as yp_bind.cTheo de Raadt
Though really, should we be splatting to stdout/stderr? The mysteries of ancient code...
2022-07-17Handle X509_check_purpose(3) and EVP_get_digestbyobj(3)Klemens Nanni
OK tb
2022-07-17Add initial support for ESSCertIDv2 verificationKlemens Nanni
Based on OpenSSL commit f0ef20bf386b5c37ba5a4ce5c1de9a819bbeffb2 "Added support for ESSCertIDv2". This makes TS validation work in the new security/libdigidocpp port. Input OK tb
2022-07-17Disable TLSv1.3 middlebox compatibility mode for QUIC connections.Joel Sing
This is required by RFC 9001. ok tb@
2022-07-17Pass SSL pointer to tls13_ctx_new().Joel Sing
struct tls13_ctx already knows about SSL's and this way tls13_ctx_new() can set up various pointers, rather than duplicating this in tls13_legacy_accept() and tls13_legacy_connect(). ok tb@
2022-07-17Correct handling of QUIC transport parameters extension.Joel Sing
Remove duplicate U16 length prefix, since tlsext_build() already adds this for us. Condition on SSL_is_quic() rather than TLS version - RFC 9001 is clear that this extension is only permitted on QUIC transport and an fatal unsupported extension alert is required if used elsewhere. Additionally, at the point where extensions are parsed, we do not necessarily know what TLS version has been negotiated. ok beck@ tb@
2022-07-17Provide SSL_is_quic()Joel Sing
This function will allow code to know if the SSL connection is configured for use with QUIC or not. Also move existing SSL_.*quic.* functions under LIBRESSL_HAS_QUIC to prevent exposing them prematurely. ok beck@ tb@
2022-07-17Correct TLSEXT_TYPE_quic_transport_parameters message types.Joel Sing
Per RFC 9001, TLSEXT_TYPE_quic_transport_parameters may only appear in ClientHello and EncryptedExtensions (not ServerHello). ok beck@ tb@
2022-07-17Correct value for TLSEXT_TYPE_quic_transport_parametersJoel Sing
Use the correct value for TLSEXT_TYPE_quic_transport_parameters according to RFC 9001 section 8.2. Also move the define under LIBRESSL_HAS_QUIC to avoid things finding it prematurely. ok beck@ tb@
2022-07-17add section to mmap XrJonathan Gray
2022-07-17AESCGM -> AESGCMJonathan Gray
2022-07-17order sysctl(2) Xr by sectionJonathan Gray
missed when sysctl(3) references were changed to sysctl(2)
2022-07-17fix a macro, and "new sentence, new line";Jason McIntyre
2022-07-17Delete mention of the old /var/run/ypbind.lock hack.Theo de Raadt
2022-07-17since yp_bind() and yp_all() don't use open, fstat, read, socket, and otherTheo de Raadt
rich system calls to perform YP/LDAP lookups, there is no need to access() /var/run/ypbind.lock to "hint" to pledge that it should open up those system calls. ok jmatthew, miod
2022-07-17Rather than opening the binding file, checking for advisory lock, reading aTheo de Raadt
piece of it for the address, opening a socket, and providing the address to the RPC clnt layer.. do all these steps with the magic system call ypconnect(2) which performs these steps without other system calls, and provides a socket which is not readily abuseable for other purposes. ok jmatthew, miod
2022-07-17Add ypconnect(2) stub inside libc so that libc functions can use it,Theo de Raadt
but do not export it.
2022-07-17add ypconnect(2) manual pageTheo de Raadt
2022-07-16Add ESSCertIDv2 stack macrosKlemens Nanni
Copy existing ESSCertID macros and s/_ID/&_V2/g. Guard the new code under LIBRESSL_INTERNAL to defer visibility. OK tb
2022-07-16Add ESSCertIDv2 ASN.1 boilerplateKlemens Nanni
Guard the new code under LIBRESSL_INTERNAL to defer symbol addition and minor library bump (thanks tb). ts/ts.h bits from RFC 5035 Enhanced Security Services (ESS) Update: Adding CertID Algorithm Agility ts/ts_asn1.c bits expanded from ASN1_SEQUENCE(ESS_CERT_ID_V2) = { ASN1_OPT(ESS_CERT_ID_V2, hash_alg, X509_ALGOR), ASN1_SIMPLE(ESS_CERT_ID_V2, hash, ASN1_OCTET_STRING), ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL) } static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2) IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID_V2) IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2) ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = { ASN1_SEQUENCE_OF(ESS_SIGNING_CERT_V2, cert_ids, ESS_CERT_ID_V2), ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT_V2, policy_info, POLICYINFO) } static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT_V2) IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT_V2) IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2) Feedback OK tb
2022-07-16Add NID for signingCertificateV2Klemens Nanni
https://oidref.com/1.2.840.113549.1.9.16.2.47 OK tb
2022-07-16Avoid direct X509 structure accessKlemens Nanni
Cherry-picked from OpenSSL commit a8d8e06b0ac06c421fd11cc1772126dcb98f79ae. This reduces upcoming TS changes. OK jsing tb
2022-07-16Zap duplicate ERR_load_TS_strings() prototypeKlemens Nanni
It's defined again (more appropiately) further down above the error codes. OK jsing tb
2022-07-16Bump libsndio pkg-config version to 1.9.0Alexandre Ratchov
2022-07-15Add a new clnt*_control CLSET_CONNECTED, which says the socket has alreadyTheo de Raadt
been connected. In the udp case, this means to use send(), not sendto() ok jmatthew, claudio, miod
2022-07-15Expand the comment explaining the for loop with bn_lucas_step() a bit.Theo Buehler
2022-07-15Comment for factorization of n - 1 = k * 2^s in bn_miller_rabin_base_2()Theo Buehler
2022-07-15Rename is_perfect_square to out_perfect in prototype to matchTheo Buehler
the code in bn_isqrt.c.
2022-07-14Zap trailing whitespaceTheo Buehler
2022-07-13add .Xr links to SSL_CTX_set_security_level(3)Ingo Schwarze
2022-07-13add a few .Xr links to new manual pagesIngo Schwarze
2022-07-13In dsa.h rev. 1.34 (14 Jan 2022), tb@ provided DSA_bits(3).Ingo Schwarze
Document it from scratch. While here, merge a few details from the OpenSSL 1.1.1 branch, which is still under a free license, into the documentation of DSA_size(3).
2022-07-13In x509_vfy.h rev. 1.54, tb@ provided X509_VERIFY_PARAM_get_time(3)Ingo Schwarze
and X509_VERIFY_PARAM_set_auth_level(3). Document them. For the latter, i included a few sentences from the OpenSSL 1.1.1 branch, which is still under a free license.
2022-07-13link three new manual pages to the buildIngo Schwarze