| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Simplify tls1_ec_nid2group_id() | tb | 2022-07-03 | 1 | -98/+10 |
| | | | | | | | | Replace long switch statement duplicating data from nid_list[] with a linear scan. requested by and ok jsing | ||||
| * | Simplify tls1_ec_group_id2{bits,nid}() | tb | 2022-07-03 | 1 | -9/+9 |
| | | | | | | | | Instead of a nonsensical NULL check, check nid_list[group_id].{bits,nid} is not 0. This way we can drop the group_id < 1 check. ok jsing | ||||
| * | Call certificate variables cert and certs, rather than x and sk | jsing | 2022-07-02 | 1 | -6/+6 |
| | | | | | ok tb@ | ||||
| * | Use ASN1_INTEGER to parse/build (Z)LONG_it | jsing | 2022-07-02 | 1 | -69/+67 |
| | | | | | | | | Rather than having yet another (broken) ASN.1 INTEGER content builder and parser, use {c2i,i2c}_ASN1_INTEGER(). ok beck@ | ||||
| * | Remove references to openssl/obj_mac.h | jsing | 2022-07-02 | 3 | -12/+11 |
| | | | | | Consumers should include openssl/objects.h instead. | ||||
| * | Stop using ssl{_ctx,}_security() outside of ssl_seclevel.c | tb | 2022-07-02 | 7 | -23/+60 |
| | | | | | | | | | | The API is ugly and we can easily abstract it away. The SSL_SECOP_* stuff is now confined into ssl_seclevel.c and the rest of the library can make use of the more straightforward wrappers, which makes it a lot easier on the eyes. ok beck jsing | ||||
| * | Adjust to new tls1_ec_nid2group_id API. | tb | 2022-07-02 | 1 | -7/+13 |
| | | |||||
| * | Rename uses 'curve' to 'group' and rework tls1 group API. | tb | 2022-07-02 | 12 | -162/+204 |
| | | | | | | | | | | | This reworks various tls1_ curve APIs to indicate success via a boolean return value and move the output to an out parameter. This makes the caller code easier and more consistent. Based on a suggestion by jsing ok jsing | ||||
| * | Fix off-by-one in length check. | tb | 2022-07-02 | 1 | -3/+3 |
| | | | | | Spotted by jsing | ||||
| * | Make tls1_ec_curve_id2nid() return explicit NID_undef instead of 0 on error | tb | 2022-07-02 | 2 | -5/+5 |
| | | | | | | | and adjust the only caller that didn't check for NID_undef already. ok beck jsing | ||||
| * | To figure our whether a large allocation can be grown into the | guenther | 2022-06-30 | 1 | -12/+2 |
| | | | | | | | | | | | | following page(s) we've been first mquery()ing for it, mmapp()ing w/o MAP_FIXED if available, and then munmap()ing if there was a race. Instead, just try it directly with mmap(MAP_FIXED | __MAP_NOREPLACE) tested in snaps for weeks ok deraadt@ | ||||
| * | Remove redundant comments | tb | 2022-06-30 | 1 | -30/+30 |
| | | | | | discussed with jsing | ||||
| * | Check security level for supported groups. | tb | 2022-06-30 | 4 | -35/+179 |
| | | | | | ok jsing | ||||
| * | Rename variable from tls_version to version since it could also be | tb | 2022-06-30 | 1 | -3/+3 |
| | | | | | a DTLS version at this point. | ||||
| * | Check whether the security level allows session tickets. | tb | 2022-06-30 | 1 | -2/+6 |
| | | | | | ok beck jsing | ||||
| * | Add checks to ensure we do not initiate or negotiate handshakes with | tb | 2022-06-30 | 5 | -7/+34 |
| | | | | | | | versions below the minimum required by the security level. input & ok jsing | ||||
| * | Replace obj_mac.h with object.h | tb | 2022-06-30 | 6 | -15/+17 |
| | | | | | Pointed out by and ok jsing | ||||
| * | Add valid time test from ruby regress, and check ASN1_time_to_tm | beck | 2022-06-30 | 1 | -1/+27 |
| | | | | | against recorded time value. | ||||
| * | Rename use_* to ssl_use_* for consistency. | tb | 2022-06-30 | 1 | -9/+10 |
| | | | | | discussed with jsing | ||||
| * | add valid utc time that should fail to parse as generalized | beck | 2022-06-30 | 1 | -2/+6 |
| | | |||||
| * | Add tests for times missing seconds, and to be able to test | beck | 2022-06-30 | 1 | -3/+43 |
| | | | | | invalid generalized times specifically | ||||
| * | whitespace nit | tb | 2022-06-30 | 1 | -2/+2 |
| | | |||||
| * | Remove obj_mac.h include. Requested by jsing | tb | 2022-06-30 | 1 | -2/+1 |
| | | |||||
| * | Don't check the signature if a cert is self signed. | tb | 2022-06-29 | 1 | -2/+7 |
| | | | | | ok beck jsing | ||||
| * | Make ssl_cert_add{0,1}_chain_cert() take ssl/ctx | tb | 2022-06-29 | 4 | -22/+30 |
| | | | | | ok beck jsing | ||||
| * | ssl_cert_set{0,1}_chain() take ssl/ctx | tb | 2022-06-29 | 4 | -19/+36 |
| | | | | | ok beck jsing | ||||
| * | Add a security check to ssl_set_cert() | tb | 2022-06-29 | 1 | -1/+7 |
| | | | | | ok beck jsing | ||||
| * | Make ssl_set_{cert,pkey} take an ssl/ctx | tb | 2022-06-29 | 1 | -12/+20 |
| | | | | | ok beck jsing | ||||
| * | Refactor use_certificate_chain_* to take ssl/ctx instead of a cert | tb | 2022-06-29 | 3 | -21/+45 |
| | | | | | ok beck jsing | ||||
| * | Add functions that check security level in certs and cert chains. | tb | 2022-06-29 | 2 | -2/+147 |
| | | | | | ok beck jsing | ||||
| * | Make sure the verifier checks the security level in cert chains | tb | 2022-06-29 | 1 | -2/+9 |
| | | | | | ok beck jsing | ||||
| * | Remove a confusing comment | tb | 2022-06-29 | 1 | -7/+2 |
| | | | | | discussed with jsing | ||||
| * | Parse the @SECLEVEL=n annotation in cipher strings | tb | 2022-06-29 | 3 | -15/+28 |
| | | | | | | | | To this end, hand the SSL_CERT through about 5 levels of indirection to set an integer on it. ok beck jsing | ||||
| * | Add support for sending QUIC transport parameters | beck | 2022-06-29 | 8 | -8/+466 |
| | | | | | | | | | | | This is the start of adding the boringssl API for QUIC support, and the TLS extensions necessary to send and receive QUIC transport data. Inspired by boringssl's https://boringssl-review.googlesource.com/24464 ok jsing@ tb@ | ||||
| * | Use relative paths so beck can run regress in his git tree and have | tb | 2022-06-29 | 4 | -8/+12 |
| | | | | | the correct ssl_local.h etc be picked up. | ||||
| * | whitespace nit | tb | 2022-06-29 | 1 | -2/+2 |
| | | |||||
| * | missing blank line | tb | 2022-06-29 | 1 | -1/+2 |
| | | |||||
| * | Refactor asn1 time parsing to use CBS - enforce valid times in ASN.1 parsing. | beck | 2022-06-29 | 3 | -68/+155 |
| | | | | | | | | | While we're here enforce valid days for months and leap years. Inspired by same in boringssl. ok jsing@ | ||||
| * | Also check the security level in SSL_get1_supported_ciphers | tb | 2022-06-29 | 1 | -2/+5 |
| | | | | | ok beck jsing | ||||
| * | Check security level when convertin a cipher list to bytes | tb | 2022-06-29 | 1 | -1/+4 |
| | | | | | ok beck jsing | ||||
| * | Also check the security level when choosing a shared cipher | tb | 2022-06-29 | 1 | -1/+5 |
| | | | | | ok beck jsing | ||||
| * | There's tentacles, tentacles everywhere | tb | 2022-06-29 | 1 | -1/+7 |
| | | | | | ok beck jsing | ||||
| * | Also check the security level of the 'tmp dh' | tb | 2022-06-29 | 3 | -3/+24 |
| | | | | | ok beck jsing | ||||
| * | Check the security of DH key shares | tb | 2022-06-29 | 6 | -6/+42 |
| | | | | | ok beck, looks good to jsing | ||||
| * | Rename one s to ssl for consistency | tb | 2022-06-29 | 1 | -2/+2 |
| | | |||||
| * | Check sigalg security level when selecting them. | tb | 2022-06-29 | 1 | -1/+4 |
| | | | | | ok beck jsing | ||||
| * | Check the security bits of the sigalgs' pkey | tb | 2022-06-29 | 1 | -1/+7 |
| | | | | | ok beck jsing | ||||
| * | Check the security level when building sigalgs | tb | 2022-06-29 | 4 | -12/+20 |
| | | | | | ok beck jsing | ||||
| * | Annotate sigalgs with their security level. | tb | 2022-06-29 | 2 | -2/+23 |
| | | | | | ok beck jsing | ||||
| * | Add prototypes for ssl{_ctx,}_security() | tb | 2022-06-28 | 1 | -1/+5 |
| | | | | | ok beck jsing sthen | ||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |