openbsd/src/lib/libssl, branch libressl-v4.2.1A mirror of https://github.com/libressl/openbsd.git
https://git.lua4.win/openbsd/atom?h=libressl-v4.2.12025-10-23T15:26:57+00:00Ensure that we specify the correct group when creating a HelloRetryRequest.2025-10-23T15:26:57+00:00tb2025-10-23T15:26:57+00:00urn:sha1:a0dca9ee89cde95a556cd215202b7542ee5f598f
When processing the client supported groups and key shares extensions,
the group selection is currently based on client preference. However,
when building a HRR the preferred group is identified by calling
tls1_get_supported_group(). If SSL_OP_CIPHER_SERVER_PREFERENCE is enabled,
group selection will be based on server instead of client preference. This
in turn can result in the server sending a HRR for a group that the client
has already provided a key share for, violating the RFC.
Avoid this issue by storing the client preferred group when processing
the key share extension, then using this group when creating the HRR.
Thanks to dzwdz for identifying and reporting the issue.
ok beck@ tb@
from jsing@
This is errata/7.8/003_libssl.patch.sig
same crank for libssl and libtls as for libcrypto2025-08-19T19:30:48+00:00tb2025-08-19T19:30:48+00:00urn:sha1:ad0cded0ebd0a033077854cf6d330209fd396fe2sync with crypto_namespace.h: avoid asm("") for MSVC2025-08-18T16:00:53+00:00tb2025-08-18T16:00:53+00:00urn:sha1:2e7e54d39b2c2daad577d5ebd98d8a826edc4703
Removes another patch in portable
revert accidental disabling of ssl_security_cert() in -r1.522025-08-14T15:55:54+00:00tb2025-08-14T15:55:54+00:00urn:sha1:b300612f52909e5760855ef8e5457cf317908022Add a reasonable ML-KEM API for public use.2025-08-14T15:48:48+00:00beck2025-08-14T15:48:48+00:00urn:sha1:6452fa9fc6f33dac80ee572764b9fe29a469f8ce
Adapt the tests to use this API.
This does not yet make the symbols public in Symbols.list
which will happen shortly with a bump.
This includes some partial rototilling of the non-public
interfaces which will be shortly continued when the internal
code is deduplicated to not have multiple copies for ML-KEM
768 and ML-KEM 1024 (which is just an artifact of unravelling
the boring C++ code).
ok jsing@, tb@
bump major for libssl and libtls to match libcrypto2025-07-16T16:01:40+00:00tb2025-07-16T16:01:40+00:00urn:sha1:36dcff8deef52b4bc04e78eeec7197ef029fd411The mdoc(7) .Ft macro does not need quoting of its arguments, but about2025-06-13T18:34:00+00:00schwarze2025-06-13T18:34:00+00:00urn:sha1:d939c0f8976619330bcf368e12700a6ab1d14f99
10% of our manual pages using this macro employed useless quoting anyway.
Remove these quotes such that they do not incite fear, uncertainty,
and doubt in developers who happen to look at these pages.
jmc@ and tb@ agree with the direction.
SSL_shutdown(): remove pointless NULL check.2025-06-09T10:14:38+00:00tb2025-06-09T10:14:38+00:00urn:sha1:cce0557a3d1826b9dc413a714eaa4c844b74a497
reported by smatch via jsg
ok beck
.Lb libssl libcrypto ; OK tb@2025-06-08T22:52:00+00:00schwarze2025-06-08T22:52:00+00:00urn:sha1:4eb86431a58c45c4f9741bff9c71d833f08c83a9delete an "intentionally undocumented" comment regarding stuff2025-06-08T22:49:42+00:00schwarze2025-06-08T22:49:42+00:00urn:sha1:59265f973a947fcfac4b95050fd8bba53e0de0b6
that no longer exists, and add .Lb libssl libcrypto;
OK tb@