openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	Remove redundant comments	tb	2022-06-30	1	-30/+30
\| \| \| \|	discussed with jsing
*	Check security level for supported groups.	tb	2022-06-30	4	-35/+179
\| \| \| \|	ok jsing
*	Rename variable from tls_version to version since it could also be	tb	2022-06-30	1	-3/+3
\| \| \| \|	a DTLS version at this point.
*	Check whether the security level allows session tickets.	tb	2022-06-30	1	-2/+6
\| \| \| \|	ok beck jsing
*	Add checks to ensure we do not initiate or negotiate handshakes with	tb	2022-06-30	5	-7/+34
\| \| \| \| \| \|	versions below the minimum required by the security level. input & ok jsing
*	Replace obj_mac.h with object.h	tb	2022-06-30	6	-15/+17
\| \| \| \|	Pointed out by and ok jsing
*	Add valid time test from ruby regress, and check ASN1_time_to_tm	beck	2022-06-30	1	-1/+27
\| \| \| \|	against recorded time value.
*	Rename use_* to ssl_use_* for consistency.	tb	2022-06-30	1	-9/+10
\| \| \| \|	discussed with jsing
*	add valid utc time that should fail to parse as generalized	beck	2022-06-30	1	-2/+6
\|
*	Add tests for times missing seconds, and to be able to test	beck	2022-06-30	1	-3/+43
\| \| \| \|	invalid generalized times specifically
*	whitespace nit	tb	2022-06-30	1	-2/+2
\|
*	Remove obj_mac.h include. Requested by jsing	tb	2022-06-30	1	-2/+1
\|
*	Don't check the signature if a cert is self signed.	tb	2022-06-29	1	-2/+7
\| \| \| \|	ok beck jsing
*	Make ssl_cert_add{0,1}_chain_cert() take ssl/ctx	tb	2022-06-29	4	-22/+30
\| \| \| \|	ok beck jsing
*	ssl_cert_set{0,1}_chain() take ssl/ctx	tb	2022-06-29	4	-19/+36
\| \| \| \|	ok beck jsing
*	Add a security check to ssl_set_cert()	tb	2022-06-29	1	-1/+7
\| \| \| \|	ok beck jsing
*	Make ssl_set_{cert,pkey} take an ssl/ctx	tb	2022-06-29	1	-12/+20
\| \| \| \|	ok beck jsing
*	Refactor use_certificate_chain_* to take ssl/ctx instead of a cert	tb	2022-06-29	3	-21/+45
\| \| \| \|	ok beck jsing
*	Add functions that check security level in certs and cert chains.	tb	2022-06-29	2	-2/+147
\| \| \| \|	ok beck jsing
*	Make sure the verifier checks the security level in cert chains	tb	2022-06-29	1	-2/+9
\| \| \| \|	ok beck jsing
*	Remove a confusing comment	tb	2022-06-29	1	-7/+2
\| \| \| \|	discussed with jsing
*	Parse the @SECLEVEL=n annotation in cipher strings	tb	2022-06-29	3	-15/+28
\| \| \| \| \| \| \|	To this end, hand the SSL_CERT through about 5 levels of indirection to set an integer on it. ok beck jsing
*	Add support for sending QUIC transport parameters	beck	2022-06-29	8	-8/+466
\| \| \| \| \| \| \| \| \| \|	This is the start of adding the boringssl API for QUIC support, and the TLS extensions necessary to send and receive QUIC transport data. Inspired by boringssl's https://boringssl-review.googlesource.com/24464 ok jsing@ tb@
*	Use relative paths so beck can run regress in his git tree and have	tb	2022-06-29	4	-8/+12
\| \| \| \|	the correct ssl_local.h etc be picked up.
*	whitespace nit	tb	2022-06-29	1	-2/+2
\|
*	missing blank line	tb	2022-06-29	1	-1/+2
\|
*	Refactor asn1 time parsing to use CBS - enforce valid times in ASN.1 parsing.	beck	2022-06-29	3	-68/+155
\| \| \| \| \| \| \| \|	While we're here enforce valid days for months and leap years. Inspired by same in boringssl. ok jsing@
*	Also check the security level in SSL_get1_supported_ciphers	tb	2022-06-29	1	-2/+5
\| \| \| \|	ok beck jsing
*	Check security level when convertin a cipher list to bytes	tb	2022-06-29	1	-1/+4
\| \| \| \|	ok beck jsing
*	Also check the security level when choosing a shared cipher	tb	2022-06-29	1	-1/+5
\| \| \| \|	ok beck jsing
*	There's tentacles, tentacles everywhere	tb	2022-06-29	1	-1/+7
\| \| \| \|	ok beck jsing
*	Also check the security level of the 'tmp dh'	tb	2022-06-29	3	-3/+24
\| \| \| \|	ok beck jsing
*	Check the security of DH key shares	tb	2022-06-29	6	-6/+42
\| \| \| \|	ok beck, looks good to jsing
*	Rename one s to ssl for consistency	tb	2022-06-29	1	-2/+2
\|
*	Check sigalg security level when selecting them.	tb	2022-06-29	1	-1/+4
\| \| \| \|	ok beck jsing
*	Check the security bits of the sigalgs' pkey	tb	2022-06-29	1	-1/+7
\| \| \| \|	ok beck jsing
*	Check the security level when building sigalgs	tb	2022-06-29	4	-12/+20
\| \| \| \|	ok beck jsing
*	Annotate sigalgs with their security level.	tb	2022-06-29	2	-2/+23
\| \| \| \|	ok beck jsing
*	Add prototypes for ssl{_ctx,}_security()	tb	2022-06-28	1	-1/+5
\| \| \| \|	ok beck jsing sthen
*	Add error code defins	tb	2022-06-28	1	-1/+6
\| \| \| \|	ok beck jsing sthen
*	Add a period to a comment	tb	2022-06-28	1	-2/+2
\| \| \| \|	Pointed out by jsing
*	Security level >= 3 requires a ciphersuite with PFS	tb	2022-06-28	1	-3/+4
\| \| \| \|	ok beck jsing sthen
*	Add a secop handler for tmp_dh	tb	2022-06-28	1	-1/+19
\| \| \| \| \| \| \|	This disallows DHE keys weaker than 1024 bits at level 0 to match OpenSSL behavior. ok beck jsing sthen
*	Add security level related error codes.	tb	2022-06-28	1	-1/+6
\| \| \| \|	ok beck jsing sthen
*	Sort error strings	tb	2022-06-28	1	-3/+3
\| \| \| \|	ok beck jsing sthen
*	Implement ssl{,_ctx}_security()	tb	2022-06-28	1	-1/+15
\| \| \| \|	ok beck jsing sthen
*	Copy the security level stuff in ssl_cert_dup()	tb	2022-06-28	1	-1/+5
\| \| \| \|	ok beck jsing sthen
*	Set up the default callback in SSL_CERT	tb	2022-06-28	1	-1/+8
\| \| \| \|	ok beck jsing sthen
*	Implement the default security level callback	tb	2022-06-28	3	-2/+202
\| \| \| \| \| \|	And here is where the fun starts. The tentacles will grow everywhere. ok beck jsing sthen
*	Provide OPENSSL_TLS_SECURITY_LEVEL define	tb	2022-06-28	1	-1/+7
\| \| \| \|	ok beck jsing sthen