openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Age	Files	Lines
...
*	Check whether the security level allows session tickets.	tb	2022-06-30	1	-2/+6
\| \| \| \|	ok beck jsing
*	Add checks to ensure we do not initiate or negotiate handshakes with	tb	2022-06-30	5	-7/+34
\| \| \| \| \| \|	versions below the minimum required by the security level. input & ok jsing
*	Rename use_* to ssl_use_* for consistency.	tb	2022-06-30	1	-9/+10
\| \| \| \|	discussed with jsing
*	Remove obj_mac.h include. Requested by jsing	tb	2022-06-30	1	-2/+1
\|
*	Don't check the signature if a cert is self signed.	tb	2022-06-29	1	-2/+7
\| \| \| \|	ok beck jsing
*	Make ssl_cert_add{0,1}_chain_cert() take ssl/ctx	tb	2022-06-29	4	-22/+30
\| \| \| \|	ok beck jsing
*	ssl_cert_set{0,1}_chain() take ssl/ctx	tb	2022-06-29	4	-19/+36
\| \| \| \|	ok beck jsing
*	Add a security check to ssl_set_cert()	tb	2022-06-29	1	-1/+7
\| \| \| \|	ok beck jsing
*	Make ssl_set_{cert,pkey} take an ssl/ctx	tb	2022-06-29	1	-12/+20
\| \| \| \|	ok beck jsing
*	Refactor use_certificate_chain_* to take ssl/ctx instead of a cert	tb	2022-06-29	3	-21/+45
\| \| \| \|	ok beck jsing
*	Add functions that check security level in certs and cert chains.	tb	2022-06-29	2	-2/+147
\| \| \| \|	ok beck jsing
*	Make sure the verifier checks the security level in cert chains	tb	2022-06-29	1	-2/+9
\| \| \| \|	ok beck jsing
*	Remove a confusing comment	tb	2022-06-29	1	-7/+2
\| \| \| \|	discussed with jsing
*	Parse the @SECLEVEL=n annotation in cipher strings	tb	2022-06-29	3	-15/+28
\| \| \| \| \| \| \|	To this end, hand the SSL_CERT through about 5 levels of indirection to set an integer on it. ok beck jsing
*	Add support for sending QUIC transport parameters	beck	2022-06-29	7	-7/+209
\| \| \| \| \| \| \| \| \| \|	This is the start of adding the boringssl API for QUIC support, and the TLS extensions necessary to send and receive QUIC transport data. Inspired by boringssl's https://boringssl-review.googlesource.com/24464 ok jsing@ tb@
*	whitespace nit	tb	2022-06-29	1	-2/+2
\|
*	missing blank line	tb	2022-06-29	1	-1/+2
\|
*	Also check the security level in SSL_get1_supported_ciphers	tb	2022-06-29	1	-2/+5
\| \| \| \|	ok beck jsing
*	Check security level when convertin a cipher list to bytes	tb	2022-06-29	1	-1/+4
\| \| \| \|	ok beck jsing
*	Also check the security level when choosing a shared cipher	tb	2022-06-29	1	-1/+5
\| \| \| \|	ok beck jsing
*	There's tentacles, tentacles everywhere	tb	2022-06-29	1	-1/+7
\| \| \| \|	ok beck jsing
*	Also check the security level of the 'tmp dh'	tb	2022-06-29	3	-3/+24
\| \| \| \|	ok beck jsing
*	Check the security of DH key shares	tb	2022-06-29	6	-6/+42
\| \| \| \|	ok beck, looks good to jsing
*	Rename one s to ssl for consistency	tb	2022-06-29	1	-2/+2
\|
*	Check sigalg security level when selecting them.	tb	2022-06-29	1	-1/+4
\| \| \| \|	ok beck jsing
*	Check the security bits of the sigalgs' pkey	tb	2022-06-29	1	-1/+7
\| \| \| \|	ok beck jsing
*	Check the security level when building sigalgs	tb	2022-06-29	4	-12/+20
\| \| \| \|	ok beck jsing
*	Annotate sigalgs with their security level.	tb	2022-06-29	2	-2/+23
\| \| \| \|	ok beck jsing
*	Add prototypes for ssl{_ctx,}_security()	tb	2022-06-28	1	-1/+5
\| \| \| \|	ok beck jsing sthen
*	Add error code defins	tb	2022-06-28	1	-1/+6
\| \| \| \|	ok beck jsing sthen
*	Add a period to a comment	tb	2022-06-28	1	-2/+2
\| \| \| \|	Pointed out by jsing
*	Security level >= 3 requires a ciphersuite with PFS	tb	2022-06-28	1	-3/+4
\| \| \| \|	ok beck jsing sthen
*	Add a secop handler for tmp_dh	tb	2022-06-28	1	-1/+19
\| \| \| \| \| \| \|	This disallows DHE keys weaker than 1024 bits at level 0 to match OpenSSL behavior. ok beck jsing sthen
*	Add security level related error codes.	tb	2022-06-28	1	-1/+6
\| \| \| \|	ok beck jsing sthen
*	Sort error strings	tb	2022-06-28	1	-3/+3
\| \| \| \|	ok beck jsing sthen
*	Implement ssl{,_ctx}_security()	tb	2022-06-28	1	-1/+15
\| \| \| \|	ok beck jsing sthen
*	Copy the security level stuff in ssl_cert_dup()	tb	2022-06-28	1	-1/+5
\| \| \| \|	ok beck jsing sthen
*	Set up the default callback in SSL_CERT	tb	2022-06-28	1	-1/+8
\| \| \| \|	ok beck jsing sthen
*	Implement the default security level callback	tb	2022-06-28	3	-2/+202
\| \| \| \| \| \|	And here is where the fun starts. The tentacles will grow everywhere. ok beck jsing sthen
*	Provide OPENSSL_TLS_SECURITY_LEVEL define	tb	2022-06-28	1	-1/+7
\| \| \| \|	ok beck jsing sthen
*	Implement SSL_{CTX_}_{g,s}et_security_level(3)	tb	2022-06-28	1	-1/+25
\| \| \| \|	ok beck jsing sthen
*	Add security callback, level and ex_data fields to SSL_CERT	tb	2022-06-28	1	-1/+6
\| \| \| \|	ok beck jsing sthen
*	Add #defines and prototypes for security level API	tb	2022-06-28	1	-1/+72
\| \| \| \| \| \| \|	This marks the start of one of the worst API additions in the history of this library. And as everybody knows the bar is high. Very high. ok beck jsing sthen
*	Free ciphers before assigning to them	tb	2022-06-28	1	-6/+6
\| \| \| \| \| \| \| \|	While this is not a leak currently, it definitely looks like one. Pointed out by jsing on review of a diff that touched the vicinity a while ago. ok jsing
*	Change the loop index from an unsigned int to size_t now that all	tb	2022-06-07	1	-2/+2
\| \| \| \| \| \|	upper bounds are known to be size_t. ok jsing
*	Simplify another CBS_write_bytes() call in d2i_SSL_SESSION()	tb	2022-06-07	1	-5/+2
\| \| \| \|	ok jsing
*	Switch sid_ctx_length in SSL, SSL_CTX and SSL_SESSION to a size_t	tb	2022-06-07	1	-4/+4
\| \| \| \|	ok jsing
*	Use CBS_write_bytes() instead of manual unpacking of a CBS and assigning	tb	2022-06-07	1	-3/+5
\| \| \| \| \| \| \|	length and using memcpy(). This also provides a missing overflow check (which is done by the only caller, however). ok jsing
*	Simplify various CBS_write_bytes() calls	tb	2022-06-07	3	-13/+7
\| \| \| \| \| \| \|	Now that session_id_length is a size_t, we can pass it directly to CBS_write_bytes() instead of using a temporary variable. ok jsing
*	Switch SSL_SESSION's session_id_length to a size_t	tb	2022-06-07	1	-2/+2
\| \| \| \|	ok jsing