summaryrefslogtreecommitdiffstats
path: root/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Fail early in legacy exporter if master secret is not availabletb2021-02-031-1/+6
| | | | | | | | | | | | The exporter depends on having a master secret. If the handshake is not completed, it is neither guaranteed that a shared ciphersuite was selected (in which case tls1_PRF() will currently NULL deref) or that a master secret was set up (in which case the exporter will succeed with a predictable value). Neither outcome is desirable, so error out early instead of entering the sausage factory unprepared. This aligns the legacy exporter with the TLSv1.3 exporter in that regard. with/ok jsing
* Adding a hard-trap instruction after the __threxit syscall instructionkurt2021-02-031-2/+1
| | | | broke pthreads on hppa. Reverting. Ok deraadt@
* Add OID for draft-ietf-opsawg-finding-geofeedsjob2021-02-032-0/+2
| | | | | | | | | https://tools.ietf.org/html/draft-ietf-opsawg-finding-geofeeds describes a mechanism to authenticate RFC 8805 Geofeed data files through the RPKI. OpenSSL counterpart https://github.com/openssl/openssl/pull/14050 OK tb@ jsing@
* Add a bunch of RPKI OIDsjob2021-02-022-1/+26
| | | | | | | | | | | | | RFC6482 - A Profile for Route Origin Authorizations (ROAs) RFC6484 - Certificate Policy (CP) for the RPKI RFC6493 - The RPKI Ghostbusters Record RFC8182 - The RPKI Repository Delta Protocol (RRDP) RFC8360 - RPKI Validation Reconsidered draft-ietf-sidrops-rpki-rta - A profile for RTAs Also in OpenSSL: https://github.com/openssl/openssl/commit/d3372c2f35495d0c61ab09daf7fba3ecbbb595aa OK sthen@ tb@ jsing@
* article fixes; from eddie yousephjmc2021-02-023-9/+9
|
* Use "EC/RSA key setup failure" to align error with otherstb2021-02-011-3/+3
| | | | ok eric jsing
* missing word in commenttb2021-01-301-3/+3
|
* Add '$' to ober_scanf_elements().martijn2021-01-282-4/+13
| | | | | | | | This allows us to enforce end of sequence/set without having to manually check be_next for NULL. No lib bump needed according to millert@ OK millert@ rob@
* Remove direct assignment of aead_ctx.jsing2021-01-281-13/+7
| | | | | | Now that AEAD is handled internally, we should no longer be assigning aead_ctx directly, as this will result in a leak. Missed during the previous change.
* Move AEAD handling into the new TLSv1.2 record layer.jsing2021-01-284-134/+102
| | | | ok tb@
* Link SSL_get_finished.3 to build.tb2021-01-271-1/+2
|
* Write SSL_get_finished() documentation from scratch.tb2021-01-271-0/+77
| | | | ok beck
* Merge SSL_set_hostflags documentation from OpenSSL 1.1.1i andtb2021-01-271-3/+20
| | | | | | add HISTORY section. This is currently ignored input next to SSL_get0_peername() and will be unignored once the symbols are made publicly visible in libssl.
* Rewrap a comment line to fit into 80 columns.tb2021-01-261-3/+3
|
* zap a tabtb2021-01-261-2/+2
|
* Prepare to provide SSL_set_hostflags()tb2021-01-262-2/+9
| | | | | | | | Yet another one of these X509_VERIFY_PARAM reacharounds into libcrypto. Recently found in imapfilter, also used elsewhere. Will be made publicly visible with the next minor bump. ok jsing
* Move sequence numbers into the new TLSv1.2 record layer.jsing2021-01-267-84/+38
| | | | | | | This allows for all of the DTLS sequence number save/restore code to be removed. ok inoguchi@ "whee!" tb@
* Move private key setup to a helper function with proper erroreric2021-01-261-10/+47
| | | | | | | checking. Only install the hash on the key if fake key is used, and do it for EC keys too. ok tb@ jsing@
* When checking for available address family for AI_ADDRCONFIG considerflorian2021-01-261-1/+16
| | | | | | | | the routing domain we are currently in. Otherwise we might end up with address families that are not available in the current rdomain but in others since getifaddrs(3) gives us all interface addresses in the system. Clue-bat & OK claudio, input & OK eric, OK kn
* Gracefully handle any erroneous closing bracket/brace trailers inrob2021-01-221-2/+2
| | | | | | ober_scanf_elements(). OK martijn@
* Valid integer and enumerated types always have non-zero length. Performrob2021-01-221-1/+5
| | | | | | | check to ensure we avoid a possible (undefined) negative shift. Found with clang static analyzer. Tweaked and OK martijn@
* when using fake keys, skip the private key checkeric2021-01-211-1/+2
| | | | ok tb@
* return -1 on error for consistencyeric2021-01-211-2/+2
| | | | ok tb@
* minor bump after symbol additioneric2021-01-211-1/+1
|
* Allow setting a keypair on a tls context without specifying the privateeric2021-01-214-26/+77
| | | | | | | | key, and fake it internally with the certificate public key instead. It makes it easier for privsep engines like relayd that don't have to use bogus keys anymore. ok beck@ tb@ jsing@
* Mop up unused dtls1_build_sequence_number() function.jsing2021-01-212-25/+2
|
* Missing return value; ok jmc@otto2021-01-201-2/+3
|
* typo; spotted by jmcsthen2021-01-201-3/+3
|
* Drop unneeded cast in seal_record_protected_ciphertb2021-01-201-2/+2
| | | | | | | eiv_len was changed from an int to a size_t in r1.10, so casting it to a size_t is now a noop. ok jsing
* Add code to handle change of cipher state in the new TLSv1.2 record layer.jsing2021-01-195-17/+137
| | | | | | | | | | This provides the basic framework for handling change of cipher state in the new TLSv1.2 record layer, creating new record protection. In the DTLS case we retain the previous write record protection and can switch back to it when retransmitting. This will allow the record layer to start owning sequence numbers and encryption/decryption state. ok inoguchi@ tb@
* Provide functions to determine if TLSv1.2 record protection is engaged.jsing2021-01-195-18/+37
| | | | | | | | | | Call these functions from code that needs to know if we've changed cipher state and enabled record protection, rather than inconsistently checking various pointers from other places in the code base. This also fixes a minor bug where the wrong pointers are checked if we're operating with AEAD. ok inoguchi@ tb@
* Provide record layer overhead for DTLS.jsing2021-01-193-17/+38
| | | | | | | | Rather than manually calculating the maximum record layer overhead in the DTLS code, have the record layer provide this information. This also makes it work correctly with AEAD ciphersuites. ok inoguchi@ tb@
* Factor out code for explicit IV length, block size and MAC length.jsing2021-01-191-21/+77
| | | | | | | | Pull this code up into the record protection struct, which means we only need the length checks in one place. This code will soon be used for additional purposes. ok inoguchi@ tb@
* Prevent an overflow in inet_net_pton(3) when the passed in buffer isflorian2021-01-191-11/+18
| | | | | | | | | | | | | | | | | too small in the AF_INET6 case. Spotted by Brad House (brad AT brad-house.com) with the c-ares regression test. The man page says Caution: The dst field should be zeroed before calling inet_net_pton() as the function will only fill the number of bytes necessary to encode the network number in network byte order. Which seems to suggest that the function should work if the passed in storage is big enough to hold the prefix, which might be smaller than sizeof(in6_addr). Input & OK tb
* support PCAP_NETMASK_UNKNOWN, adapted from an old commit in upstreamsthen2021-01-183-6/+20
| | | | | | | libpcap, ok dlg@ https://github.com/the-tcpdump-group/libpcap/commit/74b2de364f3443fc2414d0160b0b942f347c6fd4 https://github.com/the-tcpdump-group/libpcap/commit/117cb5eb2eb4fe212d3851f1205bb0b8f57873c6
* Move sessid definition to keynote-verify.c to avoid issues with -fno-commonmortimer2021-01-182-3/+5
| | | | ok deraadt@
* Clean up dtls1_reset_seq_numbers()jsing2021-01-131-10/+7
| | | | | | Inline/remove some variables and use sizeof with the correct variables. ok inoguchi@ tb@
* Clean up read sequence handling in DTLS.jsing2021-01-131-19/+21
| | | | | | | | | | Pass the explicit DTLS read sequence number to dtls1_record_bitmap_update() and dtls1_record_replay_check(), rather than expecting it to be in S3I(s)->read_sequence. Also, store the read sequence number into S3I(s)->rrec.seq_num when we're processing the record header, rather than having dtls1_record_replay_check() be responsible for copying it. ok inoguchi@ tb@
* Clean up sequence number handing in the new TLSv1.2 record layer.jsing2021-01-133-69/+89
| | | | | | | | | | | | Handle protocol specific (DTLS vs TLS) sequence number differences in the open/seal record functions and propagate the sequence number through to the called functions. This means that DTLS specific knowledge is limited to two functions and also avoids building sequence numbers multiple times over. As a result, the DTLS explicit sequence number is now extracted from the record header and passed through for processing, which makes the read epoch handling redundant. ok inoguchi@ tb@
* kernel, sysctl(8): remove dead variable: tickadjcheloha2021-01-131-5/+4
| | | | | | | | | | | | | | | | | | | | The global "tickadj" variable is a remnant of the old NTP adjustment code we used in the kernel before the current timecounter subsystem was imported from FreeBSD circa 2004 or 2005. Fifteen years hence it is completely vestigial and we can remove it. We probably should have removed it long ago but I guess it slipped through the cracks. FreeBSD removed it in 2002: https://cgit.freebsd.org/src/commit/?id=e1d970f1811e5e1e9c912c032acdcec6521b2a6d NetBSD and DragonflyBSD can probably remove it, too. We export tickadj via the kern.clockrate sysctl(2), so update sysctl.2 and sysctl(8) accordingly. Hypothetically this change could break someone's sysctl(8) parsing script. I don't think that's very likely. ok mvs@
* Make imsg.h a bit more self-contained by prototyping struct iovec.claudio2021-01-131-1/+2
| | | | OK martijn@ mvs@ deraadt@
* Split the record protection from the TLSv1.2 record layer.jsing2021-01-121-75/+101
| | | | | | | | | | | | | | | | | | | | When changing cipher state, DTLS requires that the previous write protection state remain available so that messages can be retransmitted. Currently, this is done by DTLS saving and restoring various pointers, along with special casing to not free the cipher and hash where it would normally be freed for TLS (and requiring DTLS to free things at the appropriate times). This can be handled in a much cleaner manner by splitting the record protection from the record layer. This allows for the previous write state to be retained and restored by swapping a single pointer. Additionally, it also results in more readable and manageable code. This diff simply splits the record protection from the record layer - future changes will add support for maintaining and switching between write states. ok inoguchi@ tb@
* Remove libc++ and libc++abi 8.0.0 now that we switched to version 10.0.1patrick2021-01-11497-222095/+0
| | | | in the gnu/ directory.
* Update SSL_get_shared_ciphers() documentation for ssl_lib.c r1.240tb2021-01-091-17/+47
| | | | | | | | | | | | | | | | | | | | | | | From schwarze, who explains: * Even though i wrote the original version of our documentation for this function, i now think the design of this function is so atrocious that it is better to call out the main limitations up front (server side only and silent truncation) rather than first giving the impression that it achieves something it actually doesn't and then later try to row back in a piece-meal manner. * Using a .Bl list for failure conditions in the RETURN VALUES section is no doubt unusual, but the conditions are so numerous and some of them are so surprising that i think it makes sense in this case. If a function is badly designed and has surprising properties, precision and clarity in the description are even more important than usual, and conciseness is better sacrificed. * Adding .Xr SSL_get_ciphers 3 seems helpful. ok beck inoguchi jsing tb
* Add support for SSL_get_shared_ciphers() in TLSv1.3tb2021-01-091-1/+5
| | | | | | | | | As reported by Steffen Ullrich and bluhm, since enabling TLSv1.3 server some tests fail in t/local/07_sslecho.c of security/p5-Net-SSLeay due to missing support for SSL_get_shared_ciphers(). This fixes the parts related to shared ciphers. ok beck inoguchi jsing
* Align SSL_get_shared_ciphers() with OpenSSLtb2021-01-091-10/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | SSL_get_shared_ciphers() has been quite broken forever (see BUGS). What's maybe even worse than those bugs is that it only ever returned the string representing the client's ciphers which happen to fit into buf. That's kind of odd, given its name. This commit brings it in line with OpenSSL's version which changed behavior almost three years ago. reviewed and stupid bug caught by schwarze ok beck inoguchi jsing commit a216df599a6076147c27acea6c976fb11f505b1a Author: Matt Caswell <matt@openssl.org> Date: Fri Apr 27 11:20:52 2018 +0100 Fix SSL_get_shared_ciphers() The function SSL_get_shared_ciphers() is supposed to return ciphers shared by the client and the server. However it only ever returned the client ciphers. Fixes #5317 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6113)
* Set chain on xsc on chain build failure.jsing2021-01-091-1/+3
| | | | | | | | Prior to calling the callback, ensure that the current (invalid and likely incomplete) chain is set on the xsc. Some things (like auto chain) depend on this functionality. ok beck@
* Bail out early after finding an single chain if we are have been called frombeck2021-01-091-1/+9
| | | | | | | | x509_vfy and have an xsc. There's no point in finding more chains since that API can not return them, and all we do is trigger buggy callbacks in calling software. ok jsing@
* Make fts_{alloc,safe_changed}() const correcttb2021-01-081-5/+5
| | | | | | | | | | | Previously, this code was passing string constants to functions that did not declare their parameters as const. After this patch, the functions now declare that they do not modify these arguments, making it safe to pass string constants. Fixes -Wincompatible-pointer-types-discards-qualifiers. From Adam Barth <abarth google com> ok millert
* search the intermediates only after searching the root certs, clarifybeck2021-01-081-11/+15
| | | | | | | this in the comments. helps avoid annoying situations with the legacy callback ok jsing@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.