| Commit message (Collapse) | Author | Age | Files | Lines | ||
|---|---|---|---|---|---|---|
| ... | ||||||
| * | Check the security of DH key shares | tb | 2022-06-29 | 6 | -6/+42 | |
| | | | | | ok beck, looks good to jsing | |||||
| * | Rename one s to ssl for consistency | tb | 2022-06-29 | 1 | -2/+2 | |
| | | ||||||
| * | Check sigalg security level when selecting them. | tb | 2022-06-29 | 1 | -1/+4 | |
| | | | | | ok beck jsing | |||||
| * | Check the security bits of the sigalgs' pkey | tb | 2022-06-29 | 1 | -1/+7 | |
| | | | | | ok beck jsing | |||||
| * | Check the security level when building sigalgs | tb | 2022-06-29 | 4 | -12/+20 | |
| | | | | | ok beck jsing | |||||
| * | Annotate sigalgs with their security level. | tb | 2022-06-29 | 2 | -2/+23 | |
| | | | | | ok beck jsing | |||||
| * | Add prototypes for ssl{_ctx,}_security() | tb | 2022-06-28 | 1 | -1/+5 | |
| | | | | | ok beck jsing sthen | |||||
| * | Add error code defins | tb | 2022-06-28 | 1 | -1/+6 | |
| | | | | | ok beck jsing sthen | |||||
| * | Add a period to a comment | tb | 2022-06-28 | 1 | -2/+2 | |
| | | | | | Pointed out by jsing | |||||
| * | Security level >= 3 requires a ciphersuite with PFS | tb | 2022-06-28 | 1 | -3/+4 | |
| | | | | | ok beck jsing sthen | |||||
| * | Add a secop handler for tmp_dh | tb | 2022-06-28 | 1 | -1/+19 | |
| | | | | | | | | This disallows DHE keys weaker than 1024 bits at level 0 to match OpenSSL behavior. ok beck jsing sthen | |||||
| * | Add security level related error codes. | tb | 2022-06-28 | 1 | -1/+6 | |
| | | | | | ok beck jsing sthen | |||||
| * | Sort error strings | tb | 2022-06-28 | 1 | -3/+3 | |
| | | | | | ok beck jsing sthen | |||||
| * | Implement ssl{,_ctx}_security() | tb | 2022-06-28 | 1 | -1/+15 | |
| | | | | | ok beck jsing sthen | |||||
| * | Copy the security level stuff in ssl_cert_dup() | tb | 2022-06-28 | 1 | -1/+5 | |
| | | | | | ok beck jsing sthen | |||||
| * | Set up the default callback in SSL_CERT | tb | 2022-06-28 | 1 | -1/+8 | |
| | | | | | ok beck jsing sthen | |||||
| * | Implement the default security level callback | tb | 2022-06-28 | 3 | -2/+202 | |
| | | | | | | | And here is where the fun starts. The tentacles will grow everywhere. ok beck jsing sthen | |||||
| * | Provide OPENSSL_TLS_SECURITY_LEVEL define | tb | 2022-06-28 | 1 | -1/+7 | |
| | | | | | ok beck jsing sthen | |||||
| * | Implement SSL_{CTX_}_{g,s}et_security_level(3) | tb | 2022-06-28 | 1 | -1/+25 | |
| | | | | | ok beck jsing sthen | |||||
| * | Add security callback, level and ex_data fields to SSL_CERT | tb | 2022-06-28 | 1 | -1/+6 | |
| | | | | | ok beck jsing sthen | |||||
| * | Add #defines and prototypes for security level API | tb | 2022-06-28 | 1 | -1/+72 | |
| | | | | | | | | This marks the start of one of the worst API additions in the history of this library. And as everybody knows the bar is high. Very high. ok beck jsing sthen | |||||
| * | Free ciphers before assigning to them | tb | 2022-06-28 | 1 | -6/+6 | |
| | | | | | | | | | While this is not a leak currently, it definitely looks like one. Pointed out by jsing on review of a diff that touched the vicinity a while ago. ok jsing | |||||
| * | Change the loop index from an unsigned int to size_t now that all | tb | 2022-06-07 | 1 | -2/+2 | |
| | | | | | | | upper bounds are known to be size_t. ok jsing | |||||
| * | Simplify another CBS_write_bytes() call in d2i_SSL_SESSION() | tb | 2022-06-07 | 1 | -5/+2 | |
| | | | | | ok jsing | |||||
| * | Switch sid_ctx_length in SSL, SSL_CTX and SSL_SESSION to a size_t | tb | 2022-06-07 | 1 | -4/+4 | |
| | | | | | ok jsing | |||||
| * | Use CBS_write_bytes() instead of manual unpacking of a CBS and assigning | tb | 2022-06-07 | 1 | -3/+5 | |
| | | | | | | | | length and using memcpy(). This also provides a missing overflow check (which is done by the only caller, however). ok jsing | |||||
| * | Simplify various CBS_write_bytes() calls | tb | 2022-06-07 | 3 | -13/+7 | |
| | | | | | | | | Now that session_id_length is a size_t, we can pass it directly to CBS_write_bytes() instead of using a temporary variable. ok jsing | |||||
| * | Switch SSL_SESSION's session_id_length to a size_t | tb | 2022-06-07 | 1 | -2/+2 | |
| | | | | | ok jsing | |||||
| * | Add missing error check call in ssl3_get_new_session_ticket() | tb | 2022-06-07 | 1 | -4/+9 | |
| | | | | | | | | EVP_Digest() can fail, so handle failure appropriately and prepare switch of session_id_length to a size_t. ok jsing | |||||
| * | Another small readability tweak: compare explicitly against 0 and NULL, | tb | 2022-06-07 | 1 | -4/+3 | |
| | | | | | | | respectively ok jsing | |||||
| * | Tweak readability of a test: compare tmp explicitly against 0 and drop | tb | 2022-06-07 | 1 | -2/+2 | |
| | | | | | | | redundant parentheses. ok jsing | |||||
| * | Add a cast to SSL_SESSION_get_id() to indicate that session_id_length | tb | 2022-06-07 | 1 | -2/+2 | |
| | | | | | | | | is deliberately reduced to an unsigned int. Since the session_id is at most 32 bytes, this is not a concern. ok jsing | |||||
| * | fix indent | tb | 2022-06-07 | 1 | -2/+2 | |
| | | ||||||
| * | Unindent and simplify remove_session_lock() | tb | 2022-06-07 | 1 | -21/+22 | |
| | | | | | ok jsing (who informs me he had the same diff in his jungle) | |||||
| * | Drop an unnecessary cast | tb | 2022-06-07 | 1 | -2/+2 | |
| | | | | | ok jsing | |||||
| * | Simplify CBS_write_bytes() invocation | tb | 2022-06-07 | 1 | -5/+2 | |
| | | | | | | | | Now that master_key_length is a size_t, we no longer have to fiddle with data_len. We can rather pass a pointer to it to CBS_write_bytes(). ok jsing | |||||
| * | The master_key_length can no longer be < 0 | tb | 2022-06-07 | 1 | -2/+2 | |
| | | | | | ok jsing | |||||
| * | Switch the SSL_SESSION's master_key_length to a size_t | tb | 2022-06-07 | 1 | -2/+2 | |
| | | | | | ok jsing | |||||
| * | Add error checking to tls_session_secret_cb() calls | tb | 2022-06-07 | 2 | -32/+49 | |
| | | | | | | | | | | | | Failure of this undocumented callback was previously silently ignored. Follow OpenSSL's behavior and throw an internal error (for lack of a better choice) if the callback failed or if it set the master_key_length to a negative number. Unindent the success path and clean up some strange idioms. ok jsing | |||||
| * | Use SSL3_CK_VALUE_MASK instead of hardcoded 0xffff and remove some | tb | 2022-06-06 | 2 | -12/+6 | |
| | | | | | | | SSLv2 remnants. ok jsing | |||||
| * | Tweak comment describing the SSL_SESSION ASN.1 | tb | 2022-06-06 | 1 | -4/+5 | |
| | | | | | ok jsing | |||||
| * | Minor style cleanup in ssl_txt.c | tb | 2022-06-06 | 1 | -23/+41 | |
| | | | | | | | | Wrap long lines and fix a bug where the wrong struct member was checked for NULL. ok jsing | |||||
| * | Fix comment + spacing. | tb | 2022-06-06 | 1 | -2/+2 | |
| | | | | | | Apparently 60 * 5 + 4 seconds is 5 minutes. Presumably this is the case with sufficiently potent crack, which would explain a few things in here. | |||||
| * | Remove incorrect and ungrammattical comment | tb | 2022-06-06 | 1 | -3/+2 | |
| | | | | | | The fallback to SHA-1 if SHA-256 is disabled fell victim to tedu many moons ago when this file was still called s3_clnt.c and had no RCS ID. | |||||
| * | Fix spaces before tabs | tb | 2022-06-06 | 1 | -12/+12 | |
| | | ||||||
| * | The parse stubs need to skip over the extension data. | tb | 2022-06-04 | 1 | -3/+3 | |
| | | | | | | | Found by anton with tlsfuzzer ok anton | |||||
| * | Tweak a comment using review feedback from jsing | tb | 2022-06-04 | 1 | -4/+4 | |
| | | ||||||
| * | Add stubbed out handlers for the pre_shared_key extension | tb | 2022-06-03 | 2 | -2/+65 | |
| | | | | | ok jsing | |||||
| * | Implement handlers for the psk_key_exchange_modes extensions. | tb | 2022-06-03 | 2 | -3/+96 | |
| | | | | | ok jsing | |||||
| * | Add a use_psk_dhe_ke flag to the TLSv1.3 handshake struct | tb | 2022-06-03 | 1 | -1/+4 | |
| | | | | | | | | This will be used to indicate client side support for DHE key establishment. ok jsing | |||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |