openbsd/src, branch libressl-v2.6.5

MFC: Reject excessively large primes in DH key generation. Problem reported

2018-06-13T15:12:39+00:00

by Guido Vranken to OpenSSL (https://github.com/openssl/openssl/pull/6457) and based on his diff. suggestions from tb@, ok tb@ jsing@ Original commit by sthen@

MFC: Avoid a timing side-channel leak when generating DSA and ECDSA

2018-06-13T15:07:19+00:00

signatures. This is caused by an attempt to do fast modular arithmetic, which introduces branches that leak information regarding secret values. Issue identified and reported by Keegan Ryan of NCC Group. ok beck@ tb@

Bump to LibreSSL 2.6.5

2018-06-13T14:55:24+00:00

bump to 2.6.4

2017-12-11T10:50:37+00:00

MFC: Make tls_config_parse_protocols() work correctly when passed a NULL

2017-12-09T16:49:17+00:00

pointer for a protocol string. Issue found by semarie@, who also provided the diff.

MFC: Correct TLS extensions handling when no extensions are present.

2017-12-09T13:43:25+00:00

If no TLS extensions are present in a client hello or server hello, omit the entire extensions block, rather than including it with a length of zero. ok beck@ inoguchi@ Thanks to Eric Elena for providing packet captures and testing the fix.

bump version in advance of final release

2017-09-26T14:23:20+00:00

bump wo 2.6.2

2017-09-26T00:55:13+00:00

If tls_config_parse_protocols() is called with a NULL pointer, return the

2017-09-25T18:07:03+00:00

default protocols instead of crashing - this makes the behaviour more useful and mirrors what we already do in tls_config_set_ciphers() et al.

Annotate some API-side memory leaks for future resolution.

2017-09-25T18:04:08+00:00