IABSD.fr/src/lib/libssl/ssl_lib.c

Branch :


Log

Author Commit Date CI Message
1a6e1177 2019-11-17 19:07:07 Bring back the ssl_shutdown internal method pointer. For now ssl3_shutdown() is called in all cases, however TLSv1.3 will soon get its own version. ok beck@
e2d46324 2019-11-04 19:17:28 Allow ip addresses as argument to SSL_set1_host() but be careful to not poison the context. ok and help jsing@ tb@
370b9647 2019-05-15 09:13:16 s3 is never NULL since s2 (formerly used for SSLv2) does not exist, so there is no need to check for it. Fixes COV-165788, identified with help from Alex Bumstead. ok jsing@
89036584 2019-03-25 17:33:26 Strip out all of the pkey to sigalg and sigalg to pkey linkages. These are no longer used now that we defer signature algorithm selection. ok beck@
96b13b45 2019-03-25 17:21:18 Defer sigalgs selection until the certificate is known. Previously the signature algorithm was selected when the TLS extension was parsed (or the client received a certificate request), however the actual certificate to be used is not known at this stage. This leads to various problems, including the selection of a signature algorithm that cannot be used with the certificate key size (as found by jeremy@ via ruby regress). Instead, store the signature algorithms list and only select a signature algorithm when we're ready to do signature generation. Joint work with beck@.
d8072278 2019-03-25 16:37:52 Remove ssl_get_server_send_cert() which is now unused. ok beck@ tb@
bb553201 2019-01-22 01:15:37 Add a re-implementation of SSL_get1_supported_ciphers(). Part of OpenSSL 1.1 API (pre-licence-change). input schwarze ok jsing
6e429577 2019-01-22 01:12:18 Provide SSL_get_client_ciphers(). Part of OpenSSL 1.1 API, pre-licence change. ok jsing
5ceed53a 2019-01-21 14:12:13 Move ssl_cipher_list_to_bytes() and ssl_bytes_to_cipher_list() to a more appropriately licenced file. jsing and doug have rewritten these functions (including the comments) over the past years. ok jsing
3f07d274 2019-01-21 10:32:58 Use ssl_cipher_is_permitted() in ssl_cipher_list_to_bytes(). ok jsing
532dadf9 2019-01-21 00:31:29 Teach ssl_version_string() about TLS1_3_VERSION.
05677845 2018-11-19 15:07:29 Revert previous - DTLSv1 uses MD5+SHA1 for RSA signature verification. Discussed with beck@
e67a57f5 2018-11-17 11:22:43 Fix DTLS, because DTLS still remains a special flower, allows regress to pass
fe723397 2018-11-14 17:24:14 Fix wrong sizeof argument by using 'uint16_t *', with minor nit from tb@, instead of 'uint16_t' Found with llvm's static analyzer, noticed that it was also already reported in Coverity CID 155890 and to ensure this was correct also inspected OpenSSL's equivalent code. OK tb@ and jsing@
ca8dce7b 2018-11-11 06:58:14 Add SSL_set1_host(), a thin wrapper around X509_VERIFY_PARAM_set1_host(). Used by unbound's DNS over TLS implementation to do server name verification. ok jsing
fbe97c86 2018-11-10 01:19:09 Stop keeping track of sigalgs by guessing it from digest and pkey, just keep the sigalg around so we can remember what we actually decided to use. ok jsing@
ac64f7f4 2018-11-08 20:55:18 Stop pretending that a cert member in a SSL and SSL_CTX can be NULL. ok beck@ tb@
d3b2bb0d 2018-11-07 01:53:36 Add TLSv1.3 cipher suites (with appropriate guards). ok beck@ tb@
48053958 2018-09-05 16:58:59 Use the newer/more sensible names for EVP_MD_CTX_* functions. EVP_MD_CTX_create -> EVP_MD_CTX_new EVP_MD_CTX_destroy -> EVP_MD_CTX_free This should make the intent more obvious and reduce head scratching during code reviews. Raised by tb@
f1abf686 2018-09-05 16:48:11 Correctly clear the current cipher state, when changing cipher state. When a renegotiation results in a change of cipher suite, the renegotation would fail if it switched from AEAD to non-AEAD or vice versa. This is due to the fact that the previous EVP_AEAD or EVP_CIPHER state remained, resulting in incorrect logic that caused MAC failures. Rename ssl_clear_cipher_ctx() to ssl_clear_cipher_state() and split it into separate read/write components, then call these functions from the appropriate places when a ChangeCipherSpec message is being processed. Also, remove the separate ssl_clear_hash_ctx() calls and fold these into the ssl_clear_cipher_{read,write}_state() functions. Issue reported by Bernard Spil, who also tested this diff. ok tb@
364ba4a4 2018-08-30 16:56:16 Nuke ssl_pending/ssl_shutdown function pointers. ssl3_pending() is used for all protocols and dtls1_shutdown() just calls ssl3_shutdown(), so just call the appropriate function directly instead. ok beck@ inoguchi@ tb@
1e7a28f3 2018-08-24 20:30:21 Let SSL_copy_session_id() return an int for error checking. Accordingly, add some error checking to SSL_copy_session_id(), BIO_ssl_copy_session_id(), and SSL_dup(). Prompted by OpenSSL commit 17dd65e6e1f Tested in a bulk build by sthen ok jsing
0a4fabb9 2018-04-25 07:10:39 OpenSSL started adding const to functions all over the place. Make all our libssl functions match theirs wrt const, except for BIO_f_ssl(3) which will be fixed in a later step. this went through a i386 bulk by sthen ok jsing
341fd9e0 2018-04-14 07:09:21 make ENGINE_finish() succeed on NULL and simplify callers as in OpenSSL commit 7c96dbcdab9 by Rich Salz. This cleans up the caller side quite a bit and reduces the number of lines enclosed in #ifndef OPENSSL_NO_ENGINE. codesearch.debian.net shows that almost nothing checks the return value of ENGINE_finish(). While there, replace a few nearby 'if (!ptr)' with 'if (ptr == NULL)'. ok jsing, tested by & ok inoguchi
82524929 2018-04-07 17:02:34 Remove function pointers for ssl_{read,write,peek}. Now that everything goes through the same code path, we can remove a layer of indirection and just call ssl3_{read,write,peek} directly. ok beck@ inoguchi@
e68eaf89 2018-03-17 16:20:01 Bring in compatibility for OpenSSL 1.1 style init functions. This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well thread safety modifications for the existing LibreSSL init functions. The initialization routines are called automatically by the normal entry points into the library, as in newer OpenSSL ok jsing@, nits by tb@ and deraadt@
bc7da7f0 2018-03-17 15:48:31 Provide SSL_CTX_get_default_passwd_cb{,_userdata}() ok jsing
870628e8 2018-03-15 12:27:00 Provide SSL_CTX_get_min_proto_version and SSL_CTX_get_max_proto_version We already provided the setters, so also provide the getters like OpenSSL does. Addition prompted by the use of those functions in recent openvpn releases. manpage diff from schwarze@ (thanks!) with input from jsing@, ok tb@ jsing@
61a9c69b 2018-02-22 17:30:25 Provide SSL_is_server().
d17a9405 2018-02-22 17:29:24 Provide SSL_up_ref().
3730db37 2018-02-22 17:27:06 Provide SSL_CTX_get_ciphers().
d4fca8d7 2018-02-17 15:19:43 Provide SSL_get_client_random() and SSL_get_server_random()
99b96162 2018-02-17 15:13:12 Provide SSL_CTX_get0_certificate()
540ad3ef 2018-02-14 17:08:44 Provide SSL_CTX_up_ref().
59c79d9d 2018-02-14 16:16:10 Provide SSL_CTX_get0_param() and SSL_get0_param(). Some applications that use X509_VERIFY_PARAM expect these to exist, since they're also part of the OpenSSL 1.0.2 API.
f63b027d 2017-10-11 17:35:00 Convert ssl3_client_hello() to CBB. As part of this, change ssl_cipher_list_to_bytes() to take a CBB argument, rather than a pointer/length. Some additional clean up/renames while here. Based on a diff from doug@
eb97b740 2017-10-10 16:51:38 Make ssl_bytes_to_cipher_list() take a CBS, rather than a pointer and length, since the caller has already been converted to CBS. A small amount of additional clean up whilst here.
918a0d98 2017-08-30 16:24:21 Bring back the NPN related symbols. Several pieces of software make use of these based on a conditional around OPENSSL_NPN_NEGOTIATED, rather than using the presence of the symbols, the non-existence of a OPENSSL_NO_NEXTPROTONEG define or even the existence of the TLS extension type. Unfortunately we cannot remove OPENSSL_NPN_NEGOTIATED since the API for ALPN was effectively botched and reuses two parts from the NPN implementation, rather than providing ALPN specific or generic versions.
28251c7f 2017-08-28 17:36:58 Completely remove NPN remnants. Based on a diff from doug@, similar diff from inoguchi@
bd8c833e 2017-08-13 17:04:36 Make SSL{,_CTX}_set_alpn_protos() do atomic updates and handle NULL. Previously, the code would accept NULL and 0 length and try to malloc/memcpy it. On OpenBSD, malloc(0) does not return NULL. It could also fail in malloc and leave the old length. Also, add a note that this public API has backwards semantics of what you would expect where 0 is success and 1 is failure. input + ok jsing@ beck@
53b67670 2017-08-12 21:03:08 Remove NPN support. NPN was never standardised and the last draft expired in October 2012. ALPN was standardised in July 2014 and has been supported in LibreSSL since December 2014. NPN has also been removed from Chromium in May 2016. TLS clients and servers that try to use/enable NPN will fail gracefully and fallback to the default protocol, since it will essentially appear that the otherside does not support NPN. At some point in the future we will actually remove the NPN related symbols entirely. ok bcook@ beck@ doug@
4722f988 2017-08-12 02:55:22 Remove support for DSS/DSA, since we removed the cipher suites a while back. ok guenther@
c80119d0 2017-08-11 21:06:52 I don't think eay will ever fix this...
1b0c5004 2017-08-11 21:06:17 style(9) in ssl_set_cert_masks().
203d15d2 2017-08-10 17:18:38 Clean up the EC key/curve configuration handling. Over the years OpenSSL grew multiple ways of being able to specify EC keys (and/or curves) for use with ECDH and ECDHE key exchange. You could specify a static EC key (SSL{_CTX,}_set_tmp_ecdh()), use that as a curve and generate ephemeral keys (SSL_OP_SINGLE_ECDH_USE), provide the EC key via a callback that was provided with insufficient information (SSL{_CTX,}_set_tmp_ecdh_cb()) or enable automatic selection and generation of EC keys via SSL{_CTX,}_set_ecdh_auto(). This complexity leads to problems (like ECDHE not being enabled) and potential weird configuration (like being able to do ECDHE without the ephemeral part...). We no longer support ECDH and ECDHE can be disabled by removing ECDHE ciphers from the cipher list. As such, permanently enable automatic EC curve selection and generation, effectively disabling all of the configuration knobs. The only exception is the SSL{_CTX,}_set_tmp_ecdh() functions, which retain part of their previous behaviour by configuring the curve of the given EC key as the only curve being enabled. Everything else becomes a no-op. ok beck@ doug@
3aa55256 2017-08-09 22:24:25 Pull out the code that identifies if we have an ECC cipher in the cipher list or if we are negotiating an ECC cipher in the handshake. This dedups some of the existing code and will make the EC extension rewrites easier. ok doug@
440bed4f 2017-05-07 04:22:24 Move state from ssl->internal to the handshake structure. while we are at it, convert SSLerror to use a function internally, so that we may later allocate the handshake structure and check for it ok jsing@
4de66e6c 2017-05-06 22:24:57 Bring in an SSL_HANDSHAKE structure and commence the great shovelling ok jsing@, gcc@, regress@
43a30d3d 2017-05-06 20:37:24 Provide SSL{,_CTX}_set_{min,max}_proto_version() functions. Rides minor bump. ok beck@
2a9e9ef9 2017-02-28 14:08:49 Stop pretending that MD5 and SHA1 might not exist - rather than locating "ssl3-md5" and "ssl-sha1", call the EVP_md5() and EVP_sha1() functions directly. ok beck@ inoguchi@
bd3346f2 2017-02-15 14:56:42 Avoid dereferencing a pointer when reporting an error about the same pointer being NULL. Found by jsg@ with cppcheck; also detected by Coverity.
c9d7abb7 2017-02-07 02:08:38 Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
57ef7d8b 2017-01-26 12:16:13 Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly line wraps that resulted
c37c9edf 2017-01-26 10:40:21 Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
53f78dfd 2017-01-26 06:32:58 Remove most of SSL3_ENC_METHOD - we can just inline the function calls and defines since they are the same everywhere. ok beck@
2b939dc4 2017-01-26 06:01:44 Move relatively new version range code from ssl_lib.c into a separate ssl_versions.c file. ok beck@
83681c19 2017-01-26 00:42:44 Remove ssl3_undef_enc_method - if we have internal bugs we want to segfault so that we can debug it, rather than adding a "should not be called" error to the stack. Discussed with beck@
04955181 2017-01-25 10:54:23 Limit enabled version range by the versions configured on the SSL_CTX/SSL, provide an ssl_supported_versions_range() function which also limits the versions to those supported by the current method. ok beck@
cb2ed0d9 2017-01-24 15:11:55 BUF_MEM_free(), X509_STORE_free() and X509_VERIFY_PARAM_free() all check for NULL, as does lh_free() - do not do the same from the caller.
3a878bc4 2017-01-24 15:04:12 sk_free() checks for NULL so do not bother doing it from the callers.
2da53ce5 2017-01-24 14:57:31 sk_pop_free() checks for NULL so do not bother doing it from the callers.
e1f3d403 2017-01-24 13:34:26 Within libssl a SSL_CTX * is referred to as a ctx - fix this for SSL_CTX_free().
67f294b8 2017-01-24 09:03:21 Add support for setting the supported EC curves via SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names. This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself. Inspired by parts of BoringSSL and OpenSSL. ok beck@
aa64ff14 2017-01-24 01:47:22 ssl_cert_free() checks for NULL itself.
a5a4aafb 2017-01-24 01:46:12 Remove a "free up if allocated" comment that exists before code that frees things if they are allocated. ok captainobvious@
20238d65 2017-01-24 01:44:00 sk_SSL_CIPHER_free() checks for NULL so do not bother doing the same from the callers.
c420d358 2017-01-23 22:34:38 move default_passwd_cb and default_passwd_cb_userdata back into the ssl_ctx from internal - these are used directly by python and openvpn and a few other things - we have the set accessors but the get accessors were added in 1.1 and these roll their own caveat OPENSSL_VERSION chickenpluckery
1e495d31 2017-01-23 14:35:42 Move options and mode from SSL_CTX and SSL to internal, since these can be set and cleared via existing functions.
9eac7899 2017-01-23 13:36:12 Split most of SSL_METHOD out into an internal variant, which is opaque. Discussed with beck@
f642e1cb 2017-01-23 10:22:06 Remove ssl_ctrl, ssl_ctx_ctrl, ssl_callback_ctrl and ssl_ctx_callback_ctrl from SSL_METHOD, replacing usage with direct calls to the appropriate functions. ok beck@
8022bb07 2017-01-23 08:48:44 send state and rstate from ssl_st into internal. There are accessors so these should not be diddled with directly ok jsing@
d2a38c8a 2017-01-23 08:08:06 move back read_hash and enc_read_ctx into ssl_st. wpa_supplicant and other perversions touches them sickly and unnaturally.
b084913a 2017-01-23 06:45:30 Move a large part of ssl_st into internal, so we can see what squeals. ok jsing@
1d51f822 2017-01-23 05:13:02 Move most of the fields in SSL_CTX to internal - the ones that remain are known to be in use. ok beck@
ff236217 2017-01-23 04:55:26 move the callbacks from ssl_st to internal ok jsing@
b7f7365c 2017-01-23 04:15:28 Move callback function pointers and argument pointers from SSL_CTX to internal. ok beck@
bdad0337 2017-01-23 01:22:08 Move not_resumable and sess_cert from SSL_SESSION to internal. ok beck@
cb38afac 2017-01-23 00:12:54 Move the stats struct from SSL_CTX to internal. ok beck@
719c9263 2017-01-22 09:02:07 Move most of the SSL3_STATE fields to internal - the ones that remain are known to be used by ports. ok beck@
f7271532 2017-01-22 07:16:38 Move most of DTLS1_STATE to internal. ok jsing@
9fa78f4b 2017-01-22 06:36:49 Move ALPN and NPN fields from SSL/SSL_CTX to internal. ok beck@
8462f404 2017-01-22 03:50:45 Convert publically visible structs to translucent structs. This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary. This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified. ok beck@
52111e91 2017-01-21 04:16:49 Expand IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN macro. No change in generated assembly.
17e99b68 2017-01-03 16:57:15 Pull out, rework and dedup the code that determines the highest shared version. ok beck@ doug@
1ca47b80 2016-12-30 16:57:01 Pull out (and largely rewrite) the code that determines the enabled protocol version range. This also fixes a bug whereby if all protocols were disabled, the client would still use TLSv1.2 in the client hello, only to have if fail with unsupported version when it received and processed the server hello. ok doug@
6421c5d4 2016-12-04 14:32:30 Convert ssl_cipher_list_to_bytes() to CBB, changing the function to return the number of bytes written via an explicit *outlen argument and retaining the return value to indicate success or failure. ok doug@
1bbccf41 2016-11-02 11:21:05 Expand LHASH_OF, IMPLEMENT_LHASH_DOALL_ARG_FN and LHASH_DOALL_ARG_FN macros. Only change in generated assembly is due to line numbering.
18d012e4 2016-11-02 10:45:02 Expand IMPLEMENT_LHASH_COMP_FN/IMPLEMENT_LHASH_HASH_FN macros - the only change to generated assembly results from a difference in line numbers.
335114c3 2016-10-19 16:38:40 Remove support for fixed ECDH cipher suites - these is not widely supported and more importantly they do not provide PFS (if you want to use ECDH, use ECDHE instead). With input from guenther@. ok deraadt@ guenther@
3c29d729 2016-09-22 12:34:59 Improve on code from the previous commit. ok bcook@
03bd483b 2016-09-20 04:25:09 Avoid selecting weak digests for (EC)DH when using SNI. from OpenSSL: SSL_set_SSL_CTX is normally called for SNI after ClientHello has received and the digest to use for each certificate has been decided. The original ssl->cert contains the negotiated digests and is now copied to the new ssl->cert. noted by David Benjamin and Kinichiro Inoguchi
c684af8a 2015-10-25 15:52:49 Remove last vestige of SSL_OP_NO_SSLv3 support. No part of LibreSSL checks for this flag any longer. ok jsing@
15ca6030 2015-10-19 17:59:39 free rbio before wbio ok jsing@
7d987d1f 2015-10-16 14:23:22 Fix use of pointer value after BIO_free, and remove senseless NULL checks. ok bcook@
34b6114d 2015-10-03 06:47:32 SSL_new(): fix ref counting and memory leak in error path. Rather than a half-hearted attempt to free up resources and fix ref counting at the SSL_CTX level, let SSL_free() do its job. This diff got lost in the shuffle somewhere. It's from last year. Ref counting error reported by Parakleta in github ticket #51. Thanks! ok jsing@, beck@
18eebd54 2015-09-12 19:45:16 Unwrap a bunch of lines.
80564b92 2015-09-12 16:10:07 Remove most of the SSLv3 version checks and a few TLS v1.0. We can now assume >= TLS v1.0 since SSL2_VERSION, SSL3_VERSION and DTLS1_BAD_VER support was removed. "reads ok" miod@
ef4cc740 2015-09-11 17:35:36 Nuke ssl_bad_method(). ok "flensing knife"
16a7ec1d 2015-09-11 17:29:36 Nuke ssl_replace_hash(). ok "flensing knife"
7489cb3d 2015-09-10 17:57:50 Remove support for DTLS_BAD_VER. We do not support non-standard and incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years. ok bcook@ miod@