openbsd/src/lib, branch libressl-v2.3.8

MFC: Avoid falling back to a weak digest for (EC)DH when using SNI with

2016-09-22T18:34:16+00:00

libssl.

MFC: Avoid unbounded memory growth in libssl, which can be triggered by a

2016-09-22T18:32:58+00:00

TLS client repeatedly renegotiating and sending OCSP Status Request TLS extensions.

bump version for 2.3.8

2016-09-22T05:06:58+00:00

bump for 2.3.7

2016-06-30T11:19:03+00:00

Fix several issues in the OCSP code that could result in the incorrect

2016-06-25T16:43:03+00:00

generation and parsing of OCSP requests. This remediates a lack of error checking on time parsing in these functions, and ensures that only GENERALIZEDTIME formats are accepted for OCSP, as per RFC 6960 Issues reported, and fixes provided by Kazuki Yamaguchi and Kinichiro Inoguchi

Set BN_FLG_CONSTTIME on the correct variable. beck committed wrong fix.

2016-06-06T23:39:24+00:00

Mistake noted by Billy Brumley. Many thanks.

Correct a problem that prevents the DSA signing algorithm from running

2016-06-06T10:01:18+00:00

in constant time even if the flag BN_FLG_CONSTTIME is set. This issue was reported by Cesar Pereida (Aalto University), Billy Brumley (Tampere University of Technology), and Yuval Yarom (The University of Adelaide and NICTA). The fix was developed by Cesar Pereida

LibreSSL 2.3.6

2016-06-06T09:51:46+00:00

bump to 2.3.5

2016-05-29T20:53:29+00:00

Fix a short-read bug in the previous version of asn1_d2i_read_bio

2016-05-29T19:18:57+00:00

The outer while() loop is missing, so we only read up to chunk_max bytes. ok tedu