| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2022-06-30 | To figure our whether a large allocation can be grown into the | Philip Guenther | |
| following page(s) we've been first mquery()ing for it, mmapp()ing w/o MAP_FIXED if available, and then munmap()ing if there was a race. Instead, just try it directly with mmap(MAP_FIXED | __MAP_NOREPLACE) tested in snaps for weeks ok deraadt@ | |||
| 2022-06-30 | Remove redundant comments | Theo Buehler | |
| discussed with jsing | |||
| 2022-06-30 | Check security level for supported groups. | Theo Buehler | |
| ok jsing | |||
| 2022-06-30 | Rename variable from tls_version to version since it could also be | Theo Buehler | |
| a DTLS version at this point. | |||
| 2022-06-30 | Check whether the security level allows session tickets. | Theo Buehler | |
| ok beck jsing | |||
| 2022-06-30 | Add checks to ensure we do not initiate or negotiate handshakes with | Theo Buehler | |
| versions below the minimum required by the security level. input & ok jsing | |||
| 2022-06-30 | Replace obj_mac.h with object.h | Theo Buehler | |
| Pointed out by and ok jsing | |||
| 2022-06-30 | Rename use_* to ssl_use_* for consistency. | Theo Buehler | |
| discussed with jsing | |||
| 2022-06-30 | whitespace nit | Theo Buehler | |
| 2022-06-30 | Remove obj_mac.h include. Requested by jsing | Theo Buehler | |
| 2022-06-29 | Don't check the signature if a cert is self signed. | Theo Buehler | |
| ok beck jsing | |||
| 2022-06-29 | Make ssl_cert_add{0,1}_chain_cert() take ssl/ctx | Theo Buehler | |
| ok beck jsing | |||
| 2022-06-29 | ssl_cert_set{0,1}_chain() take ssl/ctx | Theo Buehler | |
| ok beck jsing | |||
| 2022-06-29 | Add a security check to ssl_set_cert() | Theo Buehler | |
| ok beck jsing | |||
| 2022-06-29 | Make ssl_set_{cert,pkey} take an ssl/ctx | Theo Buehler | |
| ok beck jsing | |||
| 2022-06-29 | Refactor use_certificate_chain_* to take ssl/ctx instead of a cert | Theo Buehler | |
| ok beck jsing | |||
| 2022-06-29 | Add functions that check security level in certs and cert chains. | Theo Buehler | |
| ok beck jsing | |||
| 2022-06-29 | Make sure the verifier checks the security level in cert chains | Theo Buehler | |
| ok beck jsing | |||
| 2022-06-29 | Remove a confusing comment | Theo Buehler | |
| discussed with jsing | |||
| 2022-06-29 | Parse the @SECLEVEL=n annotation in cipher strings | Theo Buehler | |
| To this end, hand the SSL_CERT through about 5 levels of indirection to set an integer on it. ok beck jsing | |||
| 2022-06-29 | Add support for sending QUIC transport parameters | Bob Beck | |
| This is the start of adding the boringssl API for QUIC support, and the TLS extensions necessary to send and receive QUIC transport data. Inspired by boringssl's https://boringssl-review.googlesource.com/24464 ok jsing@ tb@ | |||
| 2022-06-29 | whitespace nit | Theo Buehler | |
| 2022-06-29 | missing blank line | Theo Buehler | |
| 2022-06-29 | Refactor asn1 time parsing to use CBS - enforce valid times in ASN.1 parsing. | Bob Beck | |
| While we're here enforce valid days for months and leap years. Inspired by same in boringssl. ok jsing@ | |||
| 2022-06-29 | Also check the security level in SSL_get1_supported_ciphers | Theo Buehler | |
| ok beck jsing | |||
| 2022-06-29 | Check security level when convertin a cipher list to bytes | Theo Buehler | |
| ok beck jsing | |||
| 2022-06-29 | Also check the security level when choosing a shared cipher | Theo Buehler | |
| ok beck jsing | |||
| 2022-06-29 | There's tentacles, tentacles everywhere | Theo Buehler | |
| ok beck jsing | |||
| 2022-06-29 | Also check the security level of the 'tmp dh' | Theo Buehler | |
| ok beck jsing | |||
| 2022-06-29 | Check the security of DH key shares | Theo Buehler | |
| ok beck, looks good to jsing | |||
| 2022-06-29 | Rename one s to ssl for consistency | Theo Buehler | |
| 2022-06-29 | Check sigalg security level when selecting them. | Theo Buehler | |
| ok beck jsing | |||
| 2022-06-29 | Check the security bits of the sigalgs' pkey | Theo Buehler | |
| ok beck jsing | |||
| 2022-06-29 | Check the security level when building sigalgs | Theo Buehler | |
| ok beck jsing | |||
| 2022-06-29 | Annotate sigalgs with their security level. | Theo Buehler | |
| ok beck jsing | |||
| 2022-06-28 | Add prototypes for ssl{_ctx,}_security() | Theo Buehler | |
| ok beck jsing sthen | |||
| 2022-06-28 | Add error code defins | Theo Buehler | |
| ok beck jsing sthen | |||
| 2022-06-28 | Add a period to a comment | Theo Buehler | |
| Pointed out by jsing | |||
| 2022-06-28 | Security level >= 3 requires a ciphersuite with PFS | Theo Buehler | |
| ok beck jsing sthen | |||
| 2022-06-28 | Add a secop handler for tmp_dh | Theo Buehler | |
| This disallows DHE keys weaker than 1024 bits at level 0 to match OpenSSL behavior. ok beck jsing sthen | |||
| 2022-06-28 | Add security level related error codes. | Theo Buehler | |
| ok beck jsing sthen | |||
| 2022-06-28 | Sort error strings | Theo Buehler | |
| ok beck jsing sthen | |||
| 2022-06-28 | Implement ssl{,_ctx}_security() | Theo Buehler | |
| ok beck jsing sthen | |||
| 2022-06-28 | Copy the security level stuff in ssl_cert_dup() | Theo Buehler | |
| ok beck jsing sthen | |||
| 2022-06-28 | Set up the default callback in SSL_CERT | Theo Buehler | |
| ok beck jsing sthen | |||
| 2022-06-28 | Implement the default security level callback | Theo Buehler | |
| And here is where the fun starts. The tentacles will grow everywhere. ok beck jsing sthen | |||
| 2022-06-28 | Provide OPENSSL_TLS_SECURITY_LEVEL define | Theo Buehler | |
| ok beck jsing sthen | |||
| 2022-06-28 | Implement SSL_{CTX_}_{g,s}et_security_level(3) | Theo Buehler | |
| ok beck jsing sthen | |||
| 2022-06-28 | Add security callback, level and ex_data fields to SSL_CERT | Theo Buehler | |
| ok beck jsing sthen | |||
| 2022-06-28 | Add #defines and prototypes for security level API | Theo Buehler | |
| This marks the start of one of the worst API additions in the history of this library. And as everybody knows the bar is high. Very high. ok beck jsing sthen | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |