openbsd/src, branch OPENBSD_7_6

openbsd/src, branch OPENBSD_7_6_BASE A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_7_6_BASE 2024-09-22T14:59:48+00:00 Reinstate bounds check accidentally disabled when defining OPENSSL_NO_DTLS1 2024-09-22T14:59:48+00:00 tb 2024-09-22T14:59:48+00:00 urn:sha1:e58cba35ab15d6597f0c9cd8d6fba1928ade3acf From Kenjiro Nakayama Closes https://github.com/libressl/portable/issues/1097 remove unneeded semicolons; checked by millert@ 2024-09-20T02:00:46+00:00 jsg 2024-09-20T02:00:46+00:00 urn:sha1:bd425e27ad9c9e978ee7a877656733f4742e01cc Enable large number of extension tests and stop skippking QUIC transport 2024-09-18T19:12:37+00:00 tb 2024-09-18T19:12:37+00:00 urn:sha1:4eb33e8fd82392fb4a1bd0371751b715f59cb0fb parameter extension which we now know about tlsfuzzer: add a start-server convenience target for interactive testing 2024-09-17T08:47:37+00:00 tb 2024-09-17T08:47:37+00:00 urn:sha1:a3dfde83168aecbb6a98aa0743c0c69da4a7dcf0 Replace OpenSSL 3.1 (which no longer is in ports) with 3.3 2024-09-17T06:12:06+00:00 tb 2024-09-17T06:12:06+00:00 urn:sha1:6e34bd33930f39214ac1267b6475a5f09858ce17 tlsfuzzer: grammar fix missed in previous 2024-09-14T07:11:34+00:00 tb 2024-09-14T07:11:34+00:00 urn:sha1:66b93829fa7df600a9678c3990da889f04aadbac typo: troups -> groups 2024-09-13T05:58:17+00:00 tb 2024-09-13T05:58:17+00:00 urn:sha1:746015254469781a178d5e33a0389004f2e446f4 parametes -> parameters 2024-09-11T15:04:16+00:00 tb 2024-09-11T15:04:16+00:00 urn:sha1:09903e44fed5f689c935935b95c447ccb1465128 Make error 235 resolve to "no application protocol" 2024-09-09T07:40:03+00:00 tb 2024-09-09T07:40:03+00:00 urn:sha1:ff309a8343aabbb4675e666bacf197d8838061b4 We accidentally have two errors 235 since we didn't notice that OpenSSL removed the unused SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER and later that becamse SSL_R_NO_APPLICATION_PROTOCOL. Getting an "unsupported cipher" error when fiddling with ALPN is confusing, so fix that. ok jsing Fix alert callback in the QUIC layer 2024-09-09T03:55:55+00:00 tb 2024-09-09T03:55:55+00:00 urn:sha1:47902b1741d383c06ea246859858115749b1c9b6 Only close_notify and user_cancelled are warning alerts. All others should be fatal. In order for the lower layers to behave correctly, the return code for fatal alerts needs to be TLS13_IO_ALERT instead of TLS13_IO_SUCCESS. Failure to signal handshake failure in the public API led to a crash in HAProxy when forcing the tls cipher to TLS_AES_128_CCM_SHA256 as found by haproxyfred while investigating https://github.com/haproxy/haproxy/issues/2569 Kenjiro Nakayama found misbehavior of ngtcp2-based servers, wrote a similar patch and tested this version. Fixes https://github.com/libressl/portable/issues/1093 ok jsing