| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Hook up X25519MKLEM768 to the TLS 1.3 handshake | beck | 2025-12-04 | 1 | -27/+333 |
| | | | | | | | | | | | | | | | | | | | | | | | | | This does the following: 1) Adds a second key share prediction to the TLS 1.3 handshake. We only add one as we are unlikely to want to send more than one PQ one, and one classical one and are unlikely to waste bytes on a second PQ algorithm (anything that wants something else that we support can HRR to get it) 2) Adds X25519MLKEM768 (4588) to our list of supported groups. We add this to our preferred client and server key shares for TLS 1.3 and we now have a separate list for TLS 1.2 which does not do this, cleaning up the old "full list" from the comments. 3) Updates the golden magic numbers in the regression tests to allow for the above two things changing the handshake, so the regress tests pass. With this you can successfully hybrid PQ with servers and clients that support it. ok tb@ kenjiro@ | ||||
| * | Add a MLKEM768_X25519 hybrid key share. | beck | 2025-12-04 | 1 | -5/+5 |
| | | | | | | | | | | | | | This implements the currently in use MLKEM768_X25519 hybrid key share as outlined in https://datatracker.ietf.org/doc/draft-ietf-tls-ecdhe-mlkem/ This commit does not yet wire this up to anything, that is done in follow on changes. ok tb@ jsing@ kenjiro@ | ||||
| * | Add some regress coverage for SSL_SESSION_dup() | tb | 2025-10-24 | 1 | -2/+22 |
| | | | | | ok kenjiro | ||||
| * | The ssl_verify_param.c test can now link dynamically against libcrypto | tb | 2025-10-24 | 1 | -3/+1 |
| | | |||||
| * | Use X509_VERIFY_PARAM_get_hostflags() prototype from x509_vfy.h | tb | 2025-10-24 | 1 | -3/+2 |
| | | |||||
| * | const correct X509_VERIFY_PARAM_get_hostflags() | tb | 2025-10-10 | 1 | -2/+2 |
| | | | | | | | | This is currently an internal helper only used by a regress test. We'll have to expose in the public API for Python 3.14: https://github.com/libressl/portable/issues/1202 | ||||
| * | Retire interop tests with OpenSSL 3.3 and 3.4 | tb | 2025-07-25 | 9 | -141/+11 |
| | | |||||
| * | libcrypto regress: add interop harness for openssl/3.5 | tb | 2025-07-09 | 8 | -10/+75 |
| | | |||||
| * | openssl-ruby-tests: prepare for ruby default switch to 3.4 | tb | 2025-06-27 | 1 | -4/+4 |
| | | |||||
| * | sync anton's fix for OpenSSL 3.3 interop to 3.4 | tb | 2025-06-23 | 1 | -2/+2 |
| | | |||||
| * | OpenSSL is linked against pthread by now; ok tb@ | anton | 2025-06-23 | 1 | -2/+2 |
| | | |||||
| * | tlsfuzzer: adjust test filenames to upstream churn. | tb | 2025-06-15 | 1 | -154/+154 |
| | | | | | Requires py3-tlsfuzzer-20250516 to work | ||||
| * | openssl-ruby/Makefile: zap trailing whitespace added in previous | tb | 2025-05-31 | 1 | -2/+2 |
| | | |||||
| * | Add the ability to run individual ruby ssl test for figuring out | beck | 2025-05-23 | 1 | -1/+16 |
| | | | | | | | what is going on when these break ok tb@ | ||||
| * | Improve the pqueue test | tb | 2025-05-04 | 3 | -48/+57 |
| | | | | | | | | This simplifies the test in portable and makes the whole thing a bit less ugly overall. From Kenjiro Nakayama with minor tweaks by me | ||||
| * | Verify that the selected key share is indeed group 29 | tb | 2025-05-03 | 1 | -1/+6 |
| | | | | | From Kenjiro Nakayama | ||||
| * | tlsexttest: remove check that clients receive SNI before ALPN | tb | 2025-04-30 | 1 | -33/+3 |
| | | | | | | | The next commit will remove the kludge for compatibility of Apache with older libressl, so remove the corresponding regress coverage and only check that PSK is the last extension. | ||||
| * | Test SSL_OP_NO_RENEGOTIATION and SSL_OP_ALLOW_CLIENT_RENEGOTIATION. | jsing | 2025-03-12 | 1 | -1/+56 |
| | | | | | | Extend renegotiation tests to cover SSL_OP_NO_RENEGOTIATION and SSL_OP_ALLOW_CLIENT_RENEGOTIATION. | ||||
| * | Improve detection and handling of alerts in renegotiation regress. | jsing | 2025-02-01 | 1 | -23/+76 |
| | | |||||
| * | Hook renegotiation regress. | jsing | 2025-02-01 | 1 | -1/+2 |
| | | |||||
| * | Fix certificate paths. | jsing | 2025-02-01 | 1 | -4/+4 |
| | | |||||
| * | Add regress coverage for TLS renegotiation. | jsing | 2025-02-01 | 2 | -0/+560 |
| | | |||||
| * | Interop tests for openssl 3.3 and 3.4, retire 3.2, 1.1 (and 3.1 remnants) | tb | 2025-01-15 | 12 | -191/+130 |
| | | | | | | | OpenSSL 1.1 and 3.2 will be removed from the ports tree, so test the two remaining versions. Unfortunately, this requires a lot more manual massaging than there should be. | ||||
| * | Suppress warning noise from deprecated OpenSSL API | tb | 2024-10-22 | 1 | -1/+2 |
| | | |||||
| * | rust-openssl: set resolver="2" for workspace | tb | 2024-10-15 | 1 | -0/+1 |
| | | | | | silences an annoying warning | ||||
| * | Enable large number of extension tests and stop skippking QUIC transport | tb | 2024-09-18 | 1 | -8/+3 |
| | | | | | parameter extension which we now know about | ||||
| * | tlsfuzzer: add a start-server convenience target for interactive testing | tb | 2024-09-17 | 1 | -2/+6 |
| | | |||||
| * | tlsfuzzer: grammar fix missed in previous | tb | 2024-09-14 | 1 | -2/+2 |
| | | |||||
| * | typo: troups -> groups | tb | 2024-09-13 | 1 | -2/+2 |
| | | |||||
| * | parametes -> parameters | tb | 2024-09-11 | 1 | -2/+2 |
| | | |||||
| * | Futhermore -> Furthermore | tb | 2024-09-07 | 1 | -2/+2 |
| | | |||||
| * | Prepare for an upcoming tlsfuzzer test that expects decode_error | tb | 2024-09-06 | 1 | -2/+5 |
| | | | | | when we send illegal_parameter. Shrug. | ||||
| * | Update for OPENSSL_cpu_caps() now being machine independent. | jsing | 2024-08-31 | 3 | -17/+5 |
| | | |||||
| * | Undo workaround for EVP_PKEY_*check() removal | tb | 2024-08-31 | 1 | -3/+2 |
| | | |||||
| * | Disable hmac and pkey_ec tests until after the bump | tb | 2024-08-29 | 1 | -2/+3 |
| | | |||||
| * | Remove unwanted trailing newlines from err/warn format strings. | anton | 2024-08-23 | 1 | -2/+2 |
| | | |||||
| * | Drop OpenSSL 3.0 interop testing infrastructure | tb | 2024-08-18 | 8 | -75/+11 |
| | | | | | | The openssl 3.0 port was removed nearly a year ago shortly after the 7.4 release. | ||||
| * | Add support for openssl32 in interop test | tb | 2024-08-18 | 7 | -9/+70 |
| | | |||||
| * | Revise regress for ssl3_get_cipher() changes. | jsing | 2024-07-23 | 1 | -8/+3 |
| | | |||||
| * | Revise regress to match cipher suite values change. | jsing | 2024-07-22 | 2 | -17/+13 |
| | | |||||
| * | Fix golden numbers after beck broke it months ago | tb | 2024-07-20 | 2 | -23/+20 |
| | | | | | (why is it always me who gets to clean up this shit?) | ||||
| * | Add RCS id | tb | 2024-07-17 | 1 | -0/+1 |
| | | |||||
| * | Enable regress for SSL_CIPHER_get_handshake_digest() | jsing | 2024-07-17 | 1 | -4/+0 |
| | | | | | Turns out this is already linked statically. | ||||
| * | Rework cipher find test to also provide coverage for SSL_CIPHER_*() | jsing | 2024-07-17 | 1 | -8/+754 |
| | | |||||
| * | Update regress for removal of SSL_HANDSHAKE_MAC_DEFAULT. | jsing | 2024-07-16 | 1 | -25/+2 |
| | | |||||
| * | Adjust regress to match changes in SSL_select_next_proto() args | tb | 2024-07-11 | 1 | -123/+99 |
| | | |||||
| * | Add more regress coverage for SSL_select_next_proto() | tb | 2024-06-28 | 1 | -1/+291 |
| | | |||||
| * | rust-openssl: switch from deprecated config to config.toml | tb | 2024-06-23 | 2 | -2/+2 |
| | | |||||
| * | openssl-ruby: prepare test for default ruby switch | tb | 2024-06-15 | 1 | -1/+5 |
| | | |||||
| * | make test struct const | tb | 2024-06-05 | 1 | -3/+3 |
| | | |||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |