Up to [local] / src / lib / libssl
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.28 / (download) - annotate - [select for diffs], Thu May 9 07:12:03 2024 UTC (4 weeks, 5 days ago) by tb
Branch: MAIN
CVS Tags: HEAD
Changes since 1.27: +13 -6 lines
Diff to previous 1.27 (colored)
Plug a "leak" in ssl_security_group() The way the CBB API is used, CBB_add_u16() and CBB_finish() can't actually fail here, but if they could, cbb->base would leak. Rewrite this code with the proper idioms to make it look right. ok jsing
Revision 1.27 / (download) - annotate - [select for diffs], Sat Nov 26 16:08:56 2022 UTC (18 months, 2 weeks ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.26: +2 -2 lines
Diff to previous 1.26 (colored)
Make internal header file names consistent Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
Revision 1.26 / (download) - annotate - [select for diffs], Sun Oct 2 16:36:41 2022 UTC (20 months, 1 week ago) by jsing
Branch: MAIN
Changes since 1.25: +3 -3 lines
Diff to previous 1.25 (colored)
Get rid of SSL_CTX_INTERNAL and SSL_INTERNAL. These are no longer necessary due to SSL_CTX and SSL now being fully opaque. Merge SSL_CTX_INTERNAL back into SSL_CTX and SSL_INTERNAL back into SSL. Prompted by tb@
Revision 1.25 / (download) - annotate - [select for diffs], Wed Aug 17 18:41:17 2022 UTC (21 months, 3 weeks ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.24: +16 -4 lines
Diff to previous 1.24 (colored)
Provide ssl_security_shared_group() Refactor ssl_security_supported_group() into a wrapper of a new internal ssl_security_group() which takes a secop as an argument. This allows adding ssl_security_shared_group() which will be needed in upcoming commits. ok jsing
Revision 1.24 / (download) - annotate - [select for diffs], Sat Jul 30 17:26:01 2022 UTC (22 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.23: +2 -2 lines
Diff to previous 1.23 (colored)
update copyright years
Revision 1.23 / (download) - annotate - [select for diffs], Tue Jul 19 18:55:12 2022 UTC (22 months, 3 weeks ago) by tb
Branch: MAIN
Changes since 1.22: +11 -2 lines
Diff to previous 1.22 (colored)
Disallow MD5 and SHA-1 HMACs depending on the security level Ciphers using an MD5 HMAC are not allowed on security levels >= 1 and using a SHA-1 HMAC is disallowed on security levels >= 4. This disables RC4-MD5 by default. ok jsing
Revision 1.22 / (download) - annotate - [select for diffs], Thu Jul 7 17:08:28 2022 UTC (23 months ago) by tb
Branch: MAIN
Changes since 1.21: +16 -6 lines
Diff to previous 1.21 (colored)
Use a local bits variable to avoid ugly line break due to nested function calls. ok jsing
Revision 1.21 / (download) - annotate - [select for diffs], Thu Jul 7 13:04:39 2022 UTC (23 months ago) by tb
Branch: MAIN
Changes since 1.20: +2 -25 lines
Diff to previous 1.20 (colored)
Unifdef LIBRESSL_HAS_SECURITY_LEVEL and remove some workarounds that are no longer needed now that libcrypto exposes the necessary security-bits API. ok jsing
Revision 1.20 / (download) - annotate - [select for diffs], Tue Jul 5 16:14:18 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.19: +15 -15 lines
Diff to previous 1.19 (colored)
Use secop instead of op everywhere
Revision 1.19 / (download) - annotate - [select for diffs], Tue Jul 5 16:05:18 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.18: +5 -3 lines
Diff to previous 1.18 (colored)
Pull setting of is_ee out of the function calls to appease scan-build
Revision 1.18 / (download) - annotate - [select for diffs], Sun Jul 3 22:10:25 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.17: +2 -2 lines
Diff to previous 1.17 (colored)
Reword a comment
Revision 1.17 / (download) - annotate - [select for diffs], Sun Jul 3 22:07:12 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.16: +2 -3 lines
Diff to previous 1.16 (colored)
Unwrap a line
Revision 1.16 / (download) - annotate - [select for diffs], Sat Jul 2 16:31:04 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.15: +43 -2 lines
Diff to previous 1.15 (colored)
Stop using ssl{_ctx,}_security() outside of ssl_seclevel.c The API is ugly and we can easily abstract it away. The SSL_SECOP_* stuff is now confined into ssl_seclevel.c and the rest of the library can make use of the more straightforward wrappers, which makes it a lot easier on the eyes. ok beck jsing
Revision 1.15 / (download) - annotate - [select for diffs], Sat Jul 2 16:00:12 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.14: +8 -8 lines
Diff to previous 1.14 (colored)
Rename uses 'curve' to 'group' and rework tls1 group API. This reworks various tls1_ curve APIs to indicate success via a boolean return value and move the output to an out parameter. This makes the caller code easier and more consistent. Based on a suggestion by jsing ok jsing
Revision 1.14 / (download) - annotate - [select for diffs], Thu Jun 30 16:05:07 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.13: +24 -1 lines
Diff to previous 1.13 (colored)
Check security level for supported groups. ok jsing
Revision 1.13 / (download) - annotate - [select for diffs], Thu Jun 30 11:25:52 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.12: +3 -3 lines
Diff to previous 1.12 (colored)
Rename variable from tls_version to version since it could also be a DTLS version at this point.
Revision 1.12 / (download) - annotate - [select for diffs], Thu Jun 30 11:17:49 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.11: +7 -1 lines
Diff to previous 1.11 (colored)
Add checks to ensure we do not initiate or negotiate handshakes with versions below the minimum required by the security level. input & ok jsing
Revision 1.11 / (download) - annotate - [select for diffs], Thu Jun 30 07:09:45 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.10: +1 -2 lines
Diff to previous 1.10 (colored)
Remove obj_mac.h include. Requested by jsing
Revision 1.10 / (download) - annotate - [select for diffs], Wed Jun 29 21:19:21 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.9: +7 -2 lines
Diff to previous 1.9 (colored)
Don't check the signature if a cert is self signed. ok beck jsing
Revision 1.9 / (download) - annotate - [select for diffs], Wed Jun 29 21:10:20 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.8: +142 -1 lines
Diff to previous 1.8 (colored)
Add functions that check security level in certs and cert chains. ok beck jsing
Revision 1.8 / (download) - annotate - [select for diffs], Wed Jun 29 11:59:23 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.7: +2 -1 lines
Diff to previous 1.7 (colored)
missing blank line
Revision 1.7 / (download) - annotate - [select for diffs], Wed Jun 29 08:30:04 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.6: +11 -1 lines
Diff to previous 1.6 (colored)
Also check the security level of the 'tmp dh' ok beck jsing
Revision 1.6 / (download) - annotate - [select for diffs], Wed Jun 29 08:27:51 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.5: +12 -1 lines
Diff to previous 1.5 (colored)
Check the security of DH key shares ok beck, looks good to jsing
Revision 1.5 / (download) - annotate - [select for diffs], Tue Jun 28 20:54:16 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.4: +2 -2 lines
Diff to previous 1.4 (colored)
Add a period to a comment Pointed out by jsing
Revision 1.4 / (download) - annotate - [select for diffs], Tue Jun 28 20:53:32 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.3: +4 -3 lines
Diff to previous 1.3 (colored)
Security level >= 3 requires a ciphersuite with PFS ok beck jsing sthen
Revision 1.3 / (download) - annotate - [select for diffs], Tue Jun 28 20:49:16 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.2: +19 -1 lines
Diff to previous 1.2 (colored)
Add a secop handler for tmp_dh This disallows DHE keys weaker than 1024 bits at level 0 to match OpenSSL behavior. ok beck jsing sthen
Revision 1.2 / (download) - annotate - [select for diffs], Tue Jun 28 20:44:49 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.1: +15 -1 lines
Diff to previous 1.1 (colored)
Implement ssl{,_ctx}_security() ok beck jsing sthen
Revision 1.1 / (download) - annotate - [select for diffs], Tue Jun 28 20:40:24 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Implement the default security level callback And here is where the fun starts. The tentacles will grow everywhere. ok beck jsing sthen