openbsd/src, branch libressl-v2.9.2 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v2.9.2 2019-05-15T19:25:15+00:00 In DTLS, use_srtp is part of the extended server hello while in TLSv1.3, 2019-05-15T19:25:15+00:00 tb 2019-05-15T19:25:15+00:00 urn:sha1:f0d432029321083529b36d45280f5308ff8bf24f it is an encrypted extension. Include it in the server hello for now. This will have to be revisited once TLSv1.3 gets there. Fixes SRTP negotiation. Problem found by two rust-openssl regress failures reported by mikeb. with & ok beck OpenBSD 6.5 errata 002 LibreSSL 2.9.2 2019-05-13T12:05:04+00:00 bcook 2019-05-13T12:05:04+00:00 urn:sha1:39ea782f8d3743e9fc4a3caccf90f833d3dc65a1 Avoid an overread caused by d2i_PrivateKey(). 2019-04-10T16:23:55+00:00 jsing 2019-04-10T16:23:55+00:00 urn:sha1:8ab9e3c33c0dd587e42c1c871bbe154fd19af00f There are cases where the old_priv_decode() function can fail but consume bytes. This will result in the pp pointer being advanced, which causes d2i_PKCS8_PRIV_KEY_INFO() to be called with an advanced pointer and incorrect length. Fixes oss-fuzz #13803 and #14142. ok deraadt@ tb@ Recommend SSL_CTX_add1_chain_cert(3) rather than 2019-04-09T22:01:50+00:00 schwarze 2019-04-09T22:01:50+00:00 urn:sha1:1e058bee4dd8093d5d6bebd88f82654927d1582c SSL_CTX_add_extra_chain_cert(3). From Dr. Stephen Henson <steve at openssl dot org> via OpenSSL commit a4339ea3 Jan 3 22:38:03 2014 +0000 which is still under a free license. Document SSL_CTX_clear_mode(3) and SSL_clear_mode(3). 2019-04-09T21:06:31+00:00 schwarze 2019-04-09T21:06:31+00:00 urn:sha1:58b03032ff8a03f5c8a1f05dc50a303855755822 From Kurt Roeckx <kurt at roeckx dot be> via OpenSSL commit 57fd5170 May 13 11:24:11 2018 +0200 which is still under a free license. While here, polish awkward wording and reduce duplication. exitting -> exiting 2019-04-07T16:41:16+00:00 tb 2019-04-07T16:41:16+00:00 urn:sha1:27cf13864a9022c226f613ef67a6ba10261a0b63 From Michael Scovetta, PR #108 Revert tasn_prn.c r1.18. 2019-04-07T16:35:50+00:00 jsing 2019-04-07T16:35:50+00:00 urn:sha1:a2af4c7dba7453f0994ce278075358a1d3a0e14f In this code, just because something is cast to a type doesn't mean it is necessarily that type - in this case we cannot check the length of the ASN1_STRING here, since it might be another data type and later handled as an int (for example, in the V_ASN1_BOOLEAN case). We will revisit this post release. ok tb@ whitespace consistency 2019-04-05T20:25:42+00:00 tb 2019-04-05T20:25:42+00:00 urn:sha1:ee8ec972cc5eb7e1ba590f332a6052e9bec80de2 Add SERVER_HELLO_RETRY state 2019-04-05T20:25:25+00:00 tb 2019-04-05T20:25:25+00:00 urn:sha1:8efd956c7d1c68fe8609b4c5804cd23ca0db0e77 By design, our state machine is a DAG contrary to the state machine in 2019-04-05T20:23:38+00:00 tb 2019-04-05T20:23:38+00:00 urn:sha1:c2876e8ba1959b3e0627d20de447c1449f8294da the spec. To avoid the obvious loop in the RFC's state machine, we added a CLIENT_HELLO_RETRY state which is a second ClientHello with special rules. There is, however, no state to react to this second client hello. This adds a matching SERVER_HELLO_RETRY state to the handshakes table. This means in particular that the WITH_HRR state cannot be set in tls13_server_hello_recv(), so remove this now dead check. ok jsing