openbsd/src/lib, branch libressl-v2.4.5

openbsd/src/lib, branch libressl-v2.4.5 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v2.4.5 2017-01-07T11:25:49+00:00 Bump for LibreSSL 2.4.5 2017-01-07T11:25:49+00:00 bcook 2017-01-07T11:25:49+00:00 urn:sha1:f319f250a309eb73664f1042f428e97d05d6c19e MFC: Avoid a side-channel cache-timing attack that can leak the ECDSA 2017-01-05T13:28:48+00:00 jsing 2017-01-05T13:28:48+00:00 urn:sha1:a2d70b7b01cdc4662d8c565eab94f74fdf2c028a private keys when signing. This is due to BN_mod_inverse() being used without the constant time flag being set. This issue was reported by Cesar Pereida Garcia and Billy Brumley (Tampere University of Technology). The fix was developed by Cesar Pereida Garcia. MFC: In ssl3_read_bytes(), do not process more than three consecutive TLS 2016-11-03T16:28:36+00:00 jsing 2016-11-03T16:28:36+00:00 urn:sha1:748f6c09914720e5da2253a30e83a8147729ec22 records, otherwise a peer can potentially cause us to loop indefinately. Return with an SSL_ERROR_WANT_READ instead, so that the caller can choose when they want to handle further processing for this connection. ok beck@ miod@ Check for and handle failure of HMAC_{Update,Final} or EVP_DecryptUpdate() 2016-10-03T11:25:39+00:00 bcook 2016-10-03T11:25:39+00:00 urn:sha1:3c70d99e334563f66c5cf25bbee03ce6d378547d based on openssl commit a5184a6c89ff954261e73d1e8691ab73b9b4b2d4 ok bcook@ original patch by guenther@ Detect zero-length encrypted session data early, instead of when malloc(0) 2016-10-03T11:24:28+00:00 bcook 2016-10-03T11:24:28+00:00 urn:sha1:f712c5130e02a4e6cd31fbcc3ce70c6c4847cdcb fails or the HMAC check fails. Noted independently by jsing@ and Kurt Cancemi (kurt (at) x64architecture.com) ok bcook@ original patch by guenther@ Check for packet with truncated DTLS cookie. 2016-10-03T11:23:13+00:00 bcook 2016-10-03T11:23:13+00:00 urn:sha1:5ad8ea009ea6ef31c2a5336c8130f87e4c760aad Flip pointer comparison logic to avoid beyond-end-of-buffer pointers to make it less likely a compiler will decide to screw you. Based on parts of openssl commits 6f35f6deb5ca7daebe289f86477e061ce3ee5f46 and 89c2720298f875ac80777da2da88a64859775898 ok jsing@ original commit by @guenther Improve ticket validity checking when tlsext_ticket_key_cb() callback 2016-10-03T11:20:03+00:00 bcook 2016-10-03T11:20:03+00:00 urn:sha1:7c9fea17435f1f65894cd6629a5bfabcad08f767 chooses a different HMAC algorithm. Avert memory leaks if the callback preps the HMAC in some way. Based on openssl commit 1bbe48ab149893a78bf99c8eb8895c928900a16f but retaining a pre-callback length check to guarantee the callback is provided the buffer that the API claims. ok bcook@ jsing@ original commit by guenther@ In X509_cmp_time(), pass asn1_time_parse() the tag of the field being 2016-10-03T11:16:12+00:00 bcook 2016-10-03T11:16:12+00:00 urn:sha1:2850073beb6746d99de3d57523421bdd9b4e54d5 parsed so that a malformed GeneralizedTime field is recognized as an error instead of potentially being interpreted as if it was a valid UTCTime. Reported by Theofilos Petsios (theofilos (at) cs.columbia.edu) ok beck@ tedu@ jsing@ bump to 2.4.4 2016-10-02T23:22:52+00:00 bcook 2016-10-02T23:22:52+00:00 urn:sha1:d8d1eac1579b0cadef506f6c48271c02ebce7d39 MFC: Avoid falling back to a weak digest for (EC)DH when using SNI with 2016-09-22T18:37:36+00:00 jsing 2016-09-22T18:37:36+00:00 urn:sha1:f02c35bac5b3e3187f9d1d489d25f8d67c1b7fa4 libssl.