openbsd/src/lib/libssl, branch libressl-v2.3.9

MFC: In ssl3_read_bytes(), do not process more than three consecutive TLS

2016-11-03T16:27:16+00:00

records, otherwise a peer can potentially cause us to loop indefinately. Return with an SSL_ERROR_WANT_READ instead, so that the caller can choose when they want to handle further processing for this connection. ok beck@ miod@

bump to 2.3.9

2016-10-02T23:24:56+00:00

MFC: Avoid falling back to a weak digest for (EC)DH when using SNI with

2016-09-22T18:34:16+00:00

libssl.

MFC: Avoid unbounded memory growth in libssl, which can be triggered by a

2016-09-22T18:32:58+00:00

TLS client repeatedly renegotiating and sending OCSP Status Request TLS extensions.

bump version for 2.3.8

2016-09-22T05:06:58+00:00

bump for 2.3.7

2016-06-30T11:19:03+00:00

Fix several issues in the OCSP code that could result in the incorrect

2016-06-25T16:43:03+00:00

generation and parsing of OCSP requests. This remediates a lack of error checking on time parsing in these functions, and ensures that only GENERALIZEDTIME formats are accepted for OCSP, as per RFC 6960 Issues reported, and fixes provided by Kazuki Yamaguchi and Kinichiro Inoguchi

Set BN_FLG_CONSTTIME on the correct variable. beck committed wrong fix.

2016-06-06T23:39:24+00:00

Mistake noted by Billy Brumley. Many thanks.

Correct a problem that prevents the DSA signing algorithm from running

2016-06-06T10:01:18+00:00

in constant time even if the flag BN_FLG_CONSTTIME is set. This issue was reported by Cesar Pereida (Aalto University), Billy Brumley (Tampere University of Technology), and Yuval Yarom (The University of Adelaide and NICTA). The fix was developed by Cesar Pereida

LibreSSL 2.3.6

2016-06-06T09:51:46+00:00