libtls: fix legacy protocol parsing

Redefining TLS_PROTOCOL_TLSv1_0 and TLS_PROTOCOL_TLSv1_1 to be the same
as TLS_PROTOCOL_TLSv1_2 had undesired side effects, as witnessed in the
accompanying regre

libtls: fix legacy protocol parsing

Redefining TLS_PROTOCOL_TLSv1_0 and TLS_PROTOCOL_TLSv1_1 to be the same
as TLS_PROTOCOL_TLSv1_2 had undesired side effects, as witnessed in the
accompanying regress tests. The protocol string all:tlsv1.0 would disable
TLSv1.2 (so only enable TLSv1.3) and tlsv1.2:!tlsv1.1 would disable all
protocols.

It makes more sense to ignore any setting of TLSv1.0 and TLSv1.1, so if
you request 'tlsv1.1' you get no protocol, but 'all:!tlsv1.1' will enable
the two supported protocols TLSv1.3 and TLSv1.2.

Restore the defines to their original values and adjust the parsing code
to set/unset them.

Issue reported by Kenjiro Nakayama
Fixes https://github.com/libressl/openbsd/issues/151

with/ok jsing

show more ...

Use TLS_ERROR_INVALID_ARGUMENT for "too large" and "too small" errors

ok beck tb

Add TLS_ERROR_INVALID_ARGUMENT error code to libtls

This is an initial pass, defining the error code and using it for
"too long"/length-related errors.

ok beck jsing

Add error code support to libtls

This adds tls_config_error_code() and tls_error_code(), which will become
public API at a later date.

Additional error codes will be added in follow-up commits.

ok

Add error code support to libtls

This adds tls_config_error_code() and tls_error_code(), which will become
public API at a later date.

Additional error codes will be added in follow-up commits.

ok jsing@ beck@

show more ...

Remove the ability to do tls 1.0 and 1.1 from libtls.

With this change any requests from configurations to request
versions of tls before tls 1.2 will use tls 1.2. This prepares
us to deprecate tls

Remove the ability to do tls 1.0 and 1.1 from libtls.

With this change any requests from configurations to request
versions of tls before tls 1.2 will use tls 1.2. This prepares
us to deprecate tls 1.0 and tls 1.1 support from libssl.

ok tb@

show more ...

add missing #include <string.h>; ok tb@

Introduce a signer interface intented to make TLS privsep simpler
to implement.

Add a tls_config_set_sign_cb() function that allows to register
a callback for the signing operation on a tls_config.

Introduce a signer interface intented to make TLS privsep simpler
to implement.

Add a tls_config_set_sign_cb() function that allows to register
a callback for the signing operation on a tls_config. When used,
the context installs fake pivate keys internally, and the callback
receives the hash of the public key.

Add a tls_signer_*() set of functions to manage tls_signer objects.
A tls_signer is an opaque structure on which keys are added.
It is used to compute signatures with private keys identified by
their associated public key hash.

Discussed with and ok jsing@ tb@

show more ...

Print uid with %u instead of %i.

Prompted by a diff by Jonas Termansen, discussed with deraadt, millert

ok jsing

when using fake keys, skip the private key check

ok tb@

Allow setting a keypair on a tls context without specifying the private
key, and fake it internally with the certificate public key instead.
It makes it easier for privsep engines like relayd that do

Allow setting a keypair on a tls context without specifying the private
key, and fake it internally with the certificate public key instead.
It makes it easier for privsep engines like relayd that don't have to
use bogus keys anymore.

ok beck@ tb@ jsing@

show more ...

Destroy the mutex in tls_config objects when tls_config_free is called.

Add a stub for pthread_mutex_destroy() for installers.

ok tb@

Revert call to pthread_mutex_destroy until installers have a stub.

noted by deraadt@

Destroy the mutex in a tls_config object when tls_config_free is called.

ok inoguchi@

Add support for TLSv1.3 as a protocol to libtls.

This makes tls_config_parse_protocols() recognise and handle "tlsv1.3".
If TLSv1.3 is enabled libtls will also request libssl to enable it.

ok beck@

Add support for TLSv1.3 as a protocol to libtls.

This makes tls_config_parse_protocols() recognise and handle "tlsv1.3".
If TLSv1.3 is enabled libtls will also request libssl to enable it.

ok beck@ tb@

show more ...

Allow portable to override the default CA bundle location
ok kinichiro@ jsing@

Switch to pthread_mutex_init().

While PTHREAD_MUTEX_INITIALIZER can be used on OpenBSD, some other
platforms do not like it.

Noted by bcook@

Add a mutex to guard reference counting for tls_config.

This makes libtls more friendly for multithreaded use - otherwise we can
end up with incorrect refcounts and end up freeing when we should not

Add a mutex to guard reference counting for tls_config.

This makes libtls more friendly for multithreaded use - otherwise we can
end up with incorrect refcounts and end up freeing when we should not be
(or not freeing when we should be).

ok beck@

show more ...

remove duplicate set key file call. from alf.
ok jsing

expose the default cert file as a function, not a define. it's really
an internal detail of the library, so the string should live inside it,
not in the application code.
ok jsing

Correct tls_config_clear_keys() behaviour.

Previously this incorrectly called tls_keypair_clear(), which results in
the private key being cleared, along with the certificate, OCSP staple and
pubkey

Correct tls_config_clear_keys() behaviour.

Previously this incorrectly called tls_keypair_clear(), which results in
the private key being cleared, along with the certificate, OCSP staple and
pubkey hash. This breaks OCSP stapling if tls_config_clear_keys() is called
following tls_configure(), as is done by httpd.

Fix this by calling tls_keypair_clear_key() so that only the private key is
cleared, leaving the other public data untouched. While here, remove
tls_keypair_clear() and fold the necessary parts into tls_keypair_free().

ok beck@

show more ...

Avoid potentially calling strchr() on a NULL pointer in
tls_config_set_ecdhecurve().

Spotted by Coverity.

Automatically handle library initialisation for libtls.

Now that we have tls_init() under pthread_once(), automatically initialise
libtls from the entry point functions (tls_config(), tls_client() a

Automatically handle library initialisation for libtls.

Now that we have tls_init() under pthread_once(), automatically initialise
libtls from the entry point functions (tls_config(), tls_client() and
tls_server()) - this makes an explicit tls_init() call no longer a
requirement.

ok bcook@ beck@ inoguchi@

show more ...

Move the keypair pubkey hash handling code to during config.

The keypair pubkey hash was being generated and set in the keypair when the
TLS context was being configured. This code should not be mes

Move the keypair pubkey hash handling code to during config.

The keypair pubkey hash was being generated and set in the keypair when the
TLS context was being configured. This code should not be messing around
with the keypair contents, since it is part of the config (and not the
context).

Instead, generate the pubkey hash and store it in the keypair when the
certificate is configured. This means that we are guaranteed to have the
pubkey hash and as a side benefit, we identify bad certificate content
when it is provided, instead of during the context configuration.

ok beck@

show more ...

Add support to libtls for client-side TLS session resumption.

A libtls client can specify a session file descriptor (a regular file
with appropriate ownership and permissions) and libtls will manage

Add support to libtls for client-side TLS session resumption.

A libtls client can specify a session file descriptor (a regular file
with appropriate ownership and permissions) and libtls will manage reading
and writing of session data across TLS handshakes.

Discussed at length with deraadt@ and tedu@.

Rides previous minor bump.

ok beck@

show more ...

Split keypair handling out into its own file - it had already appeared
in multiple locations.

ok beck@