summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_seclevel.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* ssl_seclevel: remove comment pertaining to DSA certstb2025-01-181-6/+1
| | | | ok jsing
* libssl: rework cert signature security leveltb2024-10-171-24/+28
| | | | | | | | | | | | | | This switches to using the X509_get_signature_info() API instead of hand rolling a part of it. This is slightly tangly since the security level API is strange. In particular, some failures are passed to the security level callback so that applications can override them. This makes the security level API handle RSA-PSS and EdDSA certificates correctly and the handshake with such can progress a bit further. Of note, we check that the certs are actually suitable for use in TLS per RFC 8446 contrary to what OpenSSL does. ok beck jsing
* Plug a "leak" in ssl_security_group()tb2024-05-091-6/+13
| | | | | | | | The way the CBB API is used, CBB_add_u16() and CBB_finish() can't actually fail here, but if they could, cbb->base would leak. Rewrite this code with the proper idioms to make it look right. ok jsing
* Make internal header file names consistenttb2022-11-261-2/+2
| | | | | | | | | | | | | | | | Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
* Get rid of SSL_CTX_INTERNAL and SSL_INTERNAL.jsing2022-10-021-3/+3
| | | | | | | | These are no longer necessary due to SSL_CTX and SSL now being fully opaque. Merge SSL_CTX_INTERNAL back into SSL_CTX and SSL_INTERNAL back into SSL. Prompted by tb@
* Provide ssl_security_shared_group()tb2022-08-171-4/+16
| | | | | | | | | Refactor ssl_security_supported_group() into a wrapper of a new internal ssl_security_group() which takes a secop as an argument. This allows adding ssl_security_shared_group() which will be needed in upcoming commits. ok jsing
* update copyright yearstb2022-07-301-2/+2
|
* Disallow MD5 and SHA-1 HMACs depending on the security leveltb2022-07-191-2/+11
| | | | | | | | Ciphers using an MD5 HMAC are not allowed on security levels >= 1 and using a SHA-1 HMAC is disallowed on security levels >= 4. This disables RC4-MD5 by default. ok jsing
* Use a local bits variable to avoid ugly line break due to nested functiontb2022-07-071-6/+16
| | | | | | calls. ok jsing
* Unifdef LIBRESSL_HAS_SECURITY_LEVEL and remove some workaroundstb2022-07-071-25/+2
| | | | | | | that are no longer needed now that libcrypto exposes the necessary security-bits API. ok jsing
* Use secop instead of op everywheretb2022-07-051-15/+15
|
* Pull setting of is_ee out of the function calls to appease scan-buildtb2022-07-051-3/+5
|
* Reword a commenttb2022-07-031-2/+2
|
* Unwrap a linetb2022-07-031-3/+2
|
* Stop using ssl{_ctx,}_security() outside of ssl_seclevel.ctb2022-07-021-2/+43
| | | | | | | | | The API is ugly and we can easily abstract it away. The SSL_SECOP_* stuff is now confined into ssl_seclevel.c and the rest of the library can make use of the more straightforward wrappers, which makes it a lot easier on the eyes. ok beck jsing
* Rename uses 'curve' to 'group' and rework tls1 group API.tb2022-07-021-8/+8
| | | | | | | | | | This reworks various tls1_ curve APIs to indicate success via a boolean return value and move the output to an out parameter. This makes the caller code easier and more consistent. Based on a suggestion by jsing ok jsing
* Check security level for supported groups.tb2022-06-301-1/+24
| | | | ok jsing
* Rename variable from tls_version to version since it could also betb2022-06-301-3/+3
| | | | a DTLS version at this point.
* Add checks to ensure we do not initiate or negotiate handshakes withtb2022-06-301-1/+7
| | | | | | versions below the minimum required by the security level. input & ok jsing
* Remove obj_mac.h include. Requested by jsingtb2022-06-301-2/+1
|
* Don't check the signature if a cert is self signed.tb2022-06-291-2/+7
| | | | ok beck jsing
* Add functions that check security level in certs and cert chains.tb2022-06-291-1/+142
| | | | ok beck jsing
* missing blank linetb2022-06-291-1/+2
|
* Also check the security level of the 'tmp dh'tb2022-06-291-1/+11
| | | | ok beck jsing
* Check the security of DH key sharestb2022-06-291-1/+12
| | | | ok beck, looks good to jsing
* Add a period to a commenttb2022-06-281-2/+2
| | | | Pointed out by jsing
* Security level >= 3 requires a ciphersuite with PFStb2022-06-281-3/+4
| | | | ok beck jsing sthen
* Add a secop handler for tmp_dhtb2022-06-281-1/+19
| | | | | | | This disallows DHE keys weaker than 1024 bits at level 0 to match OpenSSL behavior. ok beck jsing sthen
* Implement ssl{,_ctx}_security()tb2022-06-281-1/+15
| | | | ok beck jsing sthen
* Implement the default security level callbacktb2022-06-281-0/+194
And here is where the fun starts. The tentacles will grow everywhere. ok beck jsing sthen