Be consistent with the goto label names used in libtls code.

No change to generated assembly.

Make tls_config_parse_protocols() work correctly when passed a NULL pointer
for a protocol string.

Issue found by semarie@, who also provided the diff.

If tls_config_parse_protocols() is called with a NULL pointer, return the
default protocols instead of crashing - this makes the behaviour more
useful and mirrors what we already do in tls_config_set

If tls_config_parse_protocols() is called with a NULL pointer, return the
default protocols instead of crashing - this makes the behaviour more
useful and mirrors what we already do in tls_config_set_ciphers() et al.

show more ...

Add a tls_config_set_ecdhecurves() function to libtls, which allows the
names of the elliptic curves that may be used during client and server
key exchange to be specified.

This deprecates tls_confi

Add a tls_config_set_ecdhecurves() function to libtls, which allows the
names of the elliptic curves that may be used during client and server
key exchange to be specified.

This deprecates tls_config_set_ecdhecurve(), which could only be used to
specify a single supported curve.

ok beck@

show more ...

Don't use tls_cert_hash for the hashing used by the engine offloading magic
for the TLS privsep code. Instead use X509_pubkey_digest() because only the
key should be used as identifier. Relayd is rew

Don't use tls_cert_hash for the hashing used by the engine offloading magic
for the TLS privsep code. Instead use X509_pubkey_digest() because only the
key should be used as identifier. Relayd is rewriting certificates and then
the hash would change. Rename the hash is struct tls_keypair to pubkey_hash
to make clear what this hash is about.
With input and OK jsing@

show more ...

Add support for providing CRLs to libtls - once a CRL is provided we
enable CRL checking for the full certificate chain.

Based on a diff from Jack Burton <jack at saosce dot com dot au>, thanks!

Di

Add support for providing CRLs to libtls - once a CRL is provided we
enable CRL checking for the full certificate chain.

Based on a diff from Jack Burton <jack at saosce dot com dot au>, thanks!

Discussed with beck@

show more ...

Perform reference counting for tls_config. This allows tls_config_free() to
be called as soon as it has been passed to the final tls_configure() call,
simplifying lifetime tracking for the applicatio

Perform reference counting for tls_config. This allows tls_config_free() to
be called as soon as it has been passed to the final tls_configure() call,
simplifying lifetime tracking for the application.

Requested some time ago by tedu@.

ok beck@

show more ...

use freezero() instead of memset/explicit_bzero + free. Substantially
reduces conditional logic (-218, +82).

MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH cache alignment calculation bn/bn_exp.c
wasn'tt quite

use freezero() instead of memset/explicit_bzero + free. Substantially
reduces conditional logic (-218, +82).

MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH cache alignment calculation bn/bn_exp.c
wasn'tt quite right. Two other tricky bits with ASN1_STRING_FLAG_NDEF and
BN_FLG_STATIC_DATA where the condition cannot be collapsed completely.

Passes regress. ok beck

show more ...

Add a tls_keypair_clear_key() function that uses freezero() to make key
material inaccessible, then call it from the appropriate places.

ok beck@

Internal changes to allow for relayd engine privsep. sends the hash of the
public key as an identifier to RSA, and adds an function for relayd to
use to disable private key checking when doing engine

Internal changes to allow for relayd engine privsep. sends the hash of the
public key as an identifier to RSA, and adds an function for relayd to
use to disable private key checking when doing engine privsep.
ok jsing@

show more ...

Add tls_config_[add|set]keypair_ocsp functions so that ocsp staples may be
added associated to a keypair used for SNI, and are usable for more than
just the "main" certificate. Modify httpd to use th

Add tls_config_[add|set]keypair_ocsp functions so that ocsp staples may be
added associated to a keypair used for SNI, and are usable for more than
just the "main" certificate. Modify httpd to use this.
Bump libtls minor.

ok jsing@

show more ...

Move the ocsp staple to being part of the keypair structure internally,
so that it does not send back bogus staples when SNI is in use.
(Further change is required to be able to use staples on all ke

Move the ocsp staple to being part of the keypair structure internally,
so that it does not send back bogus staples when SNI is in use.
(Further change is required to be able to use staples on all keypairs
and not just the main one)
ok jsing@

show more ...

Introduce ticket support. To enable them it is enough to set a positive
lifetime with tls_config_set_session_lifetime(). This enables tickets
and uses an internal automatic rekeying mode for the tick

Introduce ticket support. To enable them it is enough to set a positive
lifetime with tls_config_set_session_lifetime(). This enables tickets
and uses an internal automatic rekeying mode for the ticket keys.

If multiple processes are involved the following functions can be used to make
tickets work accross all instances:
- tls_config_set_session_id() sets the session identifier
- tls_config_add_ticket_key() adds an encryption and authentication key

For now only the last 4 keys added will be used (unless they are too old).
If tls_config_add_ticket_key() is used the caller must ensure to add new keys
regularly. It is best to do this 4 times per session lifetime (which is also
the ticket key lifetime).

Since tickets break PFS it is best to minimize the session lifetime according
to needs.

With a lot of help, input and OK beck@, jsing@

show more ...

Change the return value of tls_config_set_protocols() and
tls_config_set_verify_depth() from void to int. This makes them consistent
with all other tls_config_set_* functions and will allow for call

Change the return value of tls_config_set_protocols() and
tls_config_set_verify_depth() from void to int. This makes them consistent
with all other tls_config_set_* functions and will allow for call time
validation to be implemented.

Rides libtls major bump.

ok beck@

show more ...

Add support for server side OCSP stapling to libtls.
Add support for server side OCSP stapling to netcat.

Make the tls_keypair_new() function a valid prototype.

Avoid another signed vs unsigned comparison.

ok miod@

Add ocsp_require_stapling config option for tls - allows a connection
to indicate that it requires the peer to provide a stapled OCSP response
with the handshake. Provide a "-T muststaple" for nc th

Add ocsp_require_stapling config option for tls - allows a connection
to indicate that it requires the peer to provide a stapled OCSP response
with the handshake. Provide a "-T muststaple" for nc that uses it.
ok jsing@, guenther@

show more ...

Provide an API that enables server side SNI support - add the ability to
provide additional keypairs (via tls_config_add_keypair_{file,mem}()) and
allow the server to determine what servername the cl

Provide an API that enables server side SNI support - add the ability to
provide additional keypairs (via tls_config_add_keypair_{file,mem}()) and
allow the server to determine what servername the client requested (via
tls_conn_servername()).

ok beck@

show more ...

Avoid leaking memory if tls_config_set_alpn() is called multiple times
(this was in the original commit, but got reverted in the recommit).

Load CA, certificate and key files into memory when the appropriate
tls_config_set_*_file() function is called. This allows us to immediately
propagate useful error messages, play more nicely with pr

Load CA, certificate and key files into memory when the appropriate
tls_config_set_*_file() function is called. This allows us to immediately
propagate useful error messages, play more nicely with privsep/pledge and
have a single code path. Instead of always loading the default CA when
tls_config_new() is called, defer and only load the default CA when
tls_configure() is invoked, if a CA has not already been specified.

ok beck@ bluhm@

show more ...

Add ALPN support to libtls.

ok beck@ doug@

Revert previous since it adds new symbols.

Requested by deraadt@

Add ALPN support to libtls.

ok beck@ doug@

Split the existing TLS cipher suite groups into four:

"secure" (TLSv1.2+AEAD+PFS)
"compat" (HIGH:!aNULL)
"legacy" (HIGH:MEDIUM:!aNULL)
"insecure" (ALL:!aNULL:!eNULL)

This allows for flexibility and

Split the existing TLS cipher suite groups into four:

"secure" (TLSv1.2+AEAD+PFS)
"compat" (HIGH:!aNULL)
"legacy" (HIGH:MEDIUM:!aNULL)
"insecure" (ALL:!aNULL:!eNULL)

This allows for flexibility and finer grained control, rather than having
two extremes (an issue raised by Marko Kreen some time ago).

ok beck@ tedu@

show more ...