| Age | Commit message (Collapse) | Author |
|---|
|
ok tb@
|
|
fix a stale comment.
Found by mortimer with clang 13's -Wunused-but-set-variable.
ok beck
|
|
In normal TLS, it is possible for record fragments to be sent that contain
one byte of alert or handshake message payload. In this case we have to
read and collate multiple message fragments before we can decide what to
do with the record.
However, in the case of DTLS, one record is effectively one packet and
while it is possible to send handshake messages across multiple
records/packets, the minimum payload is the DTLS handshake message header
(plus one byte of data if the handshake message has a payload) - without
this, there is insufficient information available to be able to reassemble
the handshake message. Likewise, splitting an alert across multiple DTLS
records simply does not work, as we have no way of knowing if we're
collating the same alert or two different alerts that we lost half of each
from (unfortunately, these details are not really specified in the DTLS
RFC).
This means that for DTLS we can expect to receive a full alert message
(a whole two bytes) or a handshake record with at least the handshake
message header (12 bytes). If we receive messages with less than these
lengths we discard them and carry on (which is what the DTLS code already
does).
Remove all of the pointless fragment handling code from DTLS, while also
fixing an issue where one case used rr->data instead of the handshake
fragment.
ok inoguchi@ tb@
|
|
ok inoguchi@ tb@ (as part of a larger diff)
|
|
|
|
non-hex digit in the last character.
Inspired by code in uuid_parse() from Ted Ts'o.
ok millert@
|
|
The info and msg callbacks result in duplication - both for code that
refers to the function pointers and for the call sites. Avoid this by
providing typedefs for the function pointers and pulling the calling
sequences into their own functions.
ok inoguchi@ tb@
|
|
ok inoguchi@ tb@
|
|
There is little to gain by mallocing and freeing the AEAD nonce for each
record - move to an AEAD nonce allocated for the record layer, which
matches what we do for TLSv1.3.
ok inoguchi@ tb@
|
|
in particular, this includes new text by Matt Caswell
from OpenSSL commit 721eb8f6 Nov 28 12:03:00 2019 +0000
and corrects a wrong argument type that i introduced into the SYNOPSIS;
requested by tb@
|
|
ok ingo
|
|
If a servername callback returns SSL_TLSEXT_ERR_ALERT_WARNING, this
results in a fatal error in TLSv1.3 since alert levels are implicit
in the alert type and neither close_notify nor user_canceled make
sense in this context. OpenSSL chose to ignore this, so we need to
follow suit.
Found via a broken servername callback in p5-IO-Socket-SSL which
returns a Boolean instead of SSL_TLSEXT_ERR_*. This happened to
have worked before TLSv1.3 since warning alerts are often ignored.
This "fixes" sni.t and sni-verify.t in p5-IO-Socket-SSL.
ok beck jsing
|
|
ecosystem experienced a very good cleanup. Time has arrived to switch (as
planned) to syslog + abort, which will result in a coredump thus identifying
the remaining culprits in a more visible fashion.
vfprintf(3) and vfwprintf(3) man pages still require documentation changes.
with jca
|
|
find leaf cert issuers. This breaks perl and ruby regress, as noticed
by tb that "we tried this before".
Jan's regress that cares about 21 vs 20 needs to change
ok tb@
|
|
then fix the only thing it still has complaints about which
is that we don't return the leaf version of the error code
when we can't verify the leaf (as opposed to the rest of the chain)
ok jan@ tb@
|
|
and an omission below HISTORY
|
|
This fixes a problem in the perl regress where it notices the
callback is called twice and complains.
ok tb@ bluhm@
|
|
snmpd(8).
OK jmatthew@
OK deraadt@ for bumping libutil now.
|
|
Due to the need to support by_dir, we use the get_issuer stuff when running
in x509_vfy compatibility mode amyway - so just use it any time we are
doing that. Removes a bunch of yukky stuff and a "Don't Look Ethel"
ok tb@ jsing@
|
|
ok inoguchi@ tb@
|
|
|
|
roots were not checked correctly before intermediates that has since been fixed
and is no longer necessary. It is regress checked by case 2c in
regress/lib/libcrypto/x509/verify.c
ok jsing@ tb@
|
|
This is from upstream where there is an assert() that EVP_MD_size(digest)
matches the length returned by HMAC(). We avoid asserts in our libraries.
From Martin Vahlensieck
|
|
not necessarily NUL terminated). Same as schwarze's fix in t_x509a.c r1.9.
From David Benjamin and Matt Caswell (part of the fixes in OpenSSL 1.1.1l)
ok inoguchi
|
|
to handly by_dir and fun things correctly. - fixes dlg@'s case and
by_dir regress in openssl-ruby
ok jsing@
|
|
This adds the SM2 algorithm defined in the Chinese standards
GB/T 32918.1-2016, GB/T 32918.2-2016, GB/T 32918.3-2016,
GB/T 32918.4-2016 and GB/T 32918.5-2017.
This is an ISC licensed implementation contributed by Ribose.inc, based
on the same code that was contributed to OpenSSL by Jack Lloyd. The port
to LibreSSL was done by Ronald Tse and Nickolay Olshevsky.
Github PR #105
I made quite a few cleanup passes on this, but more is needed, some
of which will happen in-tree before this is linked to the build.
ok deraadt inoguchi (a long time ago), jsing
|
|
the result in order to return the same errors as OpenSSL users expect to override
the generic "Untrusted cert" error.
This fixes the openssl-ruby timestamp test.
ok tb@
|
|
own function, in preparation for subesquent change. No functional change.
ok tb@
|
|
|
|
in the most concise way i managed to come up with;
suggested by martijn@ and OK millert@ martijn@
|
|
and garbage collect an automatic variable that is no longer needed
and a comment that was probably contributed by Capt. Obvious.
No functional change.
OK millert@ martijn@
|
|
If the calling program sets this flag, that is (1) either a bug
(or at least needless) (2) or clearing it in el_wgets(3) will break
other functionality of the calling program if it really requires it.
In both cases, treating EAGAIN as a fatal error in el_wgets(3) is
better than brushing the issue under the carpet: at least it tells
the program author that something is amiss.
Instead of attempting automatic repairs that will almost never do
the right thing, clearly state in the manual page that the editline(3)
library is not designed to work with non-blocking I/O.
The problem was found while investigating a bug report
from deraadt@ in sftp(1).
OK millert@ and "mostly OK" martijn@
|
|
errno == EINTR. There was a race here where read(2) can return with a
different errno, but the signal handler enters between the read return and
the switch, which could result in handling a signal, while we should be
handling the error.
This fix assumes that signal handlers don't clobber our errno, but doing
that would open a whole other can of worms.
OK schwarze@, millert@
|
|
the first signal received. No change for SIGCONT and SIGWINCH, but for
other signals, return to the application program and let that program
decide what to do, typically either exit or provide a fresh prompt.
Bug originally reported by deraadt@ regarding behaviour of Ctrl-C
in sftp(1). With this patch, sftp(1) no longer ignores Ctrl-C but
exists, and the same applies to a few other programs. Some others
that used to ignore Ctrl-C now provide a fresh prompt instead.
For several, behaviour is unchanged. At this point, i'm not aware
of a serious regression in any program.
OK deraadt@ martijn@ and no objection from millert@.
Patch also tested by claudio@ with bgplgsh(8).
|
|
Also, no need to clear O_NDELAY with fcntl(F_SETFL)
when ioctl(FIONBIO) is called right afterwards.
No functional change intended.
OK martijn@
|
|
forgotten in earlier commits
|
|
using input from tb@, and OK tb@ on an earlier version
|
|
as intentionally undocumented because it is trivial and unused in the wild;
OK tb@
|
|
Noted by tb@ during review of a larger change.
|
|
and X509_get_default_cert_file_env(3).
LibreSSL itself does not call getenv(3), but a few application programs
including epic5, fetchmail, fossil, slic3r call these functions, so in
case programmers find them in existing code, telling them what they do
seems useful.
|
|
Put it into this page because this is the code actually using it.
Despite its name and include file, it is unrelated to X.509
and unrelated to certificates: it is just the default directory
containing the library configuration file, openssl.cnf(5).
|
|
* document the X509_OBJECT output parameter
* more precision regarding return values
* clarify relationship with X509_LOOKUP_ctrl(3) for the dir lookup method
|
|
|
|
|
|
and add a new manual page X509_LOOKUP_new(3)
|
|
|
|
the lie that *ptree is set upon success - in some cases of success,
it is set to NULL, whereas in some cases of failure, a non-trivial
tree may be returned.
beck@ pointed out that statements related to *ptree were scattered
all over the place, and this patch works for him.
|
|
X509_policy_check(3) never returns 2.
If validation succeeds, it always returns 1.
|
|
OpenSSL 1.1.1 branch, which is still under a free license, tweaked
by me.
While here, garbage collect the weird BUGS section.
|
|
|
