| Commit message (Collapse) | Author | Files | Lines | ||
|---|---|---|---|---|---|
| 2018-11-09 | In verbose mode netcat reports to stderr when the listen system | bluhm | 1 | -16/+29 | |
| call has finished. This allows to write race free scripts as they can check that the server is up and running. OK sthen@ tb@ | |||||
| 2018-11-09 | Add const to the data argument of ASN1_set{,_int}_octetstring(). | tb | 2 | -6/+6 | |
| From Ben L bobsayshilol () live ! co ! uk ok jsing | |||||
| 2018-11-09 | Add header guards and hidden declarations. | jsing | 2 | -2/+19 | |
| 2018-11-09 | Add header guards and hidden declarations. | jsing | 1 | -1/+10 | |
| 2018-11-09 | Reimplement the sigalgs processing code into a new implementation | beck | 9 | -253/+340 | |
| that will be usable with TLS 1.3 with less eye bleed. ok jsing@ tb@ | |||||
| 2018-11-08 | First skeleton of the TLS 1.3 state machine. Based on RFC 8446 and | tb | 3 | -4/+607 | |
| inspired by s2n's state machine. Lots of help and input from jsing. ok beck, jsing | |||||
| 2018-11-08 | KNF | beck | 1 | -3/+4 | |
| 2018-11-08 | Clean up and simplify the handshake transcript code. | jsing | 10 | -166/+144 | |
| This provides a cleaner, simpler and more readable API, with code that uses a BUF_MEM instead of a BIO. ok beck@ ("hurry up") and tb@. | |||||
| 2018-11-08 | Add missing NULL checks on allocation, style(9) and consistently use | jsing | 1 | -35/+34 | |
| goto err instead of handrolling. | |||||
| 2018-11-08 | Add missing BN_free() calls. | jsing | 1 | -1/+3 | |
| From Ben L <bobsayshilol at live dot co dot uk>. | |||||
| 2018-11-08 | Use ASN1_TYPE_new()/ASN1_TYPE_free() to avoid leaking memory. | jsing | 1 | -12/+17 | |
| From Ben L <bobsayshilol at live dot co dot uk>. | |||||
| 2018-11-08 | Stop pretending that a cert member in a SSL and SSL_CTX can be NULL. | jsing | 8 | -121/+18 | |
| ok beck@ tb@ | |||||
| 2018-11-08 | Move #include <openssl/evp.h> to the header. | tb | 2 | -3/+4 | |
| discussed with beck and jsing | |||||
| 2018-11-08 | Ensure the handshake transcript is cleaned up. | jsing | 2 | -3/+20 | |
| Add a check at the completion of the client/server handshake to ensure that the handshake transcript has been freed. Fix the case where a server asks the client for a certificate, but it does not have one, resulting in the handshake transcript being left around post-handshake. ok bcook@ tb@ | |||||
| 2018-11-08 | Remove some function prototypes that should have been removed in the | jsing | 1 | -10/+2 | |
| previous clean up. Spotted by bcook@ | |||||
| 2018-11-08 | LibreSSL 2.9.0 | bcook | 1 | -3/+3 | |
| 2018-11-08 | zap last remains of malloc.conf; prompted by and ok jmc@ | otto | 1 | -6/+6 | |
| 2018-11-07 | Use in-place (un)wrapping in the keywrap tests. | tb | 1 | -5/+8 | |
| 2018-11-07 | Add in key_schedule regress tests to regress build | beck | 1 | -1/+2 | |
| 2018-11-07 | Add a self test for each SSL library by connecting client with | bluhm | 5 | -23/+88 | |
| server. Check that the highest available TLS version is selected. LibreSSL TLS 1.3 check is disabled until the feature becomes available. | |||||
| 2018-11-07 | Add initial TLS 1.3 key schedule support with basic regress tests | beck | 5 | -2/+685 | |
| ok jsing@ tb@ | |||||
| 2018-11-07 | Add interop test with OpenSSL 1.1. TLS 1.3 should be used automatically | bluhm | 5 | -10/+55 | |
| when it becomes available in LibreSSL. thanks to sthen@ for the new OpenSSL port | |||||
| 2018-11-07 | Use memmove() instead of memcpy() to get rid of the need for | tb | 1 | -3/+3 | |
| non-overlapping *in and *out buffers as we're already implementing the "in place (un)wrapping" algorithms as given in RFC 3394. This removes a gratuitous API difference to OpenSSLin these undocumented functions. Found while working on wycheproof regress tests. ok beck jsing | |||||
| 2018-11-07 | Print SSLeay, OpenSSL, and LibreSSL version strings. Make client | bluhm | 7 | -12/+71 | |
| and server compile with OpenSSL 1.1. Check runtime version string of SSL library. | |||||
| 2018-11-07 | Add TLSv1.3 cipher suites (with appropriate guards). | jsing | 6 | -9/+100 | |
| ok beck@ tb@ | |||||
| 2018-11-07 | +interop | bluhm | 1 | -1/+2 | |
| 2018-11-07 | Test TLS interoperability between LibreSSL and OpenSSL. | bluhm | 10 | -0/+549 | |
| Implement simple SSL client and server in C. Create four binaries by linking them with LibreSSL or OpenSSL. This way API compatibility is tested. Connect and accept with netcat to test protocol compatibility with libtls. Currently OpenSSL 1.0.2p from ports is used. Plan is to move to OpenSSL 1.1 and and test TLS 1.3. idea from beck@; help from jsing@ | |||||
| 2018-11-06 | Add TLS extension type values for TLSv1.3 (under guards). | jsing | 1 | -2/+16 | |
| ok tb@ | |||||
| 2018-11-06 | Use TLS_CA_CERT_FILE instead of a separate define. | jsing | 2 | -7/+4 | |
| ok beck@ bluhm@ tb@ | |||||
| 2018-11-06 | Define TLS_CA_CERT_FILE rather than having every application create their | jsing | 3 | -6/+6 | |
| own define for /etc/ssl/cert.pem. ok beck@ bluhm@ tb@ | |||||
| 2018-11-06 | better failure printing, add more checks | tb | 1 | -9/+35 | |
| 2018-11-06 | rm FILES section; prompted by Janne Johansson | otto | 1 | -7/+2 | |
| 2018-11-06 | Use the new vm.malloc_conf sysctl; ok millert@ deraadt@ | otto | 1 | -6/+11 | |
| 2018-11-06 | unrevert the use of bn_rand_interval(). | tb | 6 | -35/+26 | |
| ok beck jsing | |||||
| 2018-11-06 | Unset Z_is_zero after applying coordinate blinding and | tb | 1 | -3/+4 | |
| re-enable coordinate blinding. ok jsing | |||||
| 2018-11-06 | link rand/ to build | tb | 1 | -2/+4 | |
| 2018-11-06 | add a regression test for bn_rand_interval() | tb | 2 | -0/+98 | |
| 2018-11-06 | Flip reversed test in bn_rand_interval(). | tb | 1 | -2/+2 | |
| ok jsing | |||||
| 2018-11-06 | Unbreak following elliptic curves to supported groups rename. | jsing | 1 | -3/+3 | |
| Reported by Katherine <luigi30 at gmail dot com> on tech@ | |||||
| 2018-11-06 | disable EC_POINT coordinate blinding due to failures in ECDHE and TLS | tb | 1 | -1/+3 | |
| 2018-11-06 | revert use of bn_rand_interval due to failures with ECDHE and TLS | tb | 5 | -24/+33 | |
| 2018-11-06 | Add TLSv1.3 to version regress tests. | jsing | 1 | -4/+80 | |
| 2018-11-06 | Include TLSv1.3 in version handling code. | jsing | 1 | -3/+9 | |
| This is effectively a no-op, since most of the code clamps to the maximum version supported by the TLS method (which are still at TLSv1.2). ok beck@ bluhm@ tb@ | |||||
| 2018-11-06 | Add TLS1_3_VERSION and SSL_OP_NO_TLSv1_3 defines under guards. | jsing | 2 | -2/+13 | |
| ok beck@ bluhm@ tb@ | |||||
| 2018-11-06 | Start working towards adding feature flags (rather than anti-feature flags) | jsing | 1 | -1/+10 | |
| for LibreSSL. Add a (commented out) feature flag for TLSv1.3 and define the OPENSSL_NO_TLS1_3 anti-feature flag based on the feature flag. ok beck@ bluhm@ tb@ | |||||
| 2018-11-06 | Unbreak regress following Supported Elliptic Curve extension rename. | jsing | 1 | -49/+49 | |
| 2018-11-05 | Make use of bn_rand_interval() where appropriate. | tb | 5 | -33/+24 | |
| ok beck jsing | |||||
| 2018-11-05 | Introduce bn_rand_interval() that allows specifying an interval [a, b) | tb | 2 | -2/+30 | |
| from which a a BIGNUM is chosen uniformly at random. ok beck jsing | |||||
| 2018-11-05 | Eliminate a few "} else" branches, a few unneeded NULL checks before | tb | 3 | -43/+33 | |
| freeing and indent nearby labels. ok beck jsing | |||||
| 2018-11-05 | Remove two unnecessary BN_FLG_CONSTTIME dances: BN_mod_exp_ct() already | tb | 2 | -21/+7 | |
| takes care of this internally. ok beck jsing | |||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |