A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v2.7.4 2018-06-13T15:13:30+00:00 2018-06-13T15:13:30+00:00 jsing 2018-06-13T15:13:30+00:00 urn:sha1:d579103b8da90de816647e4df81e92ed59fcff8f by Guido Vranken to OpenSSL (https://github.com/openssl/openssl/pull/6457) and based on his diff. suggestions from tb@, ok tb@ jsing@ Original commit by sthen@ 2018-06-13T15:08:08+00:00 jsing 2018-06-13T15:08:08+00:00 urn:sha1:752cb6f550d07071e7ee95a9266cb5f555f57ee6 signatures. This is caused by an attempt to do fast modular arithmetic, which introduces branches that leak information regarding secret values. Issue identified and reported by Keegan Ryan of NCC Group. ok beck@ tb@ 2018-06-13T14:54:17+00:00 bcook 2018-06-13T14:54:17+00:00 urn:sha1:2bf011a1634104f61568c0877ed47984c8491aba 2018-05-03T00:44:28+00:00 bcook 2018-05-03T00:44:28+00:00 urn:sha1:7667f84f591ba140a67e4cb703ea59e03439bd00 2018-05-02T16:57:35+00:00 tb 2018-05-02T16:57:35+00:00 urn:sha1:e21964afb1b9e46ccf5ec0a5429736d3aabf7139 Remove incorrect NULL checks in DH_set0_key(). Reported by Ondrej Sury, LibreSSL-portable issue #92. ok inoguchi, jsing 2018-04-18T16:29:11+00:00 jsing 2018-04-18T16:29:11+00:00 urn:sha1:1f2eb700ae7e3c6771d21629af14f1956a6238a3 This was inadvertently clearing the keypair, which includes the OCSP staple and pubkey hash - if an application called tls_configure() followed by tls_config_clear_keys(), this would prevent OCSP staples from working. ok beck@ 2018-03-24T13:51:27+00:00 bcook 2018-03-24T13:51:27+00:00 urn:sha1:dbbebc813952783d12ec824f1bfc0e00fb5204ad 2018-03-24T00:55:37+00:00 schwarze 2018-03-24T00:55:37+00:00 urn:sha1:a95e7538b577769f3b602ae79b73f31681e9d234 2018-03-24T00:11:37+00:00 schwarze 2018-03-24T00:11:37+00:00 urn:sha1:fbbda34640f78fc2f7873480d42623e006487009 2018-03-23T23:59:06+00:00 schwarze 2018-03-23T23:59:06+00:00 urn:sha1:c699ebf6b457df98c42fee09b63d53627b15f6b8