diff options
| author | tb <> | 2020-08-10 18:59:47 +0000 |
|---|---|---|
| committer | tb <> | 2020-08-10 18:59:47 +0000 |
| commit | 5a715e5d56517275cd64092796fb2595209eb962 (patch) | |
| tree | e71b2891b8ce65ccefec5a7582a532ae6f33f7f4 /src/lib/libssl/ssl_locl.h | |
| parent | a91baa573ac5ab1cbde7a2761d1d1da9501f45ec (diff) | |
| download | openbsd-5a715e5d56517275cd64092796fb2595209eb962.tar.gz openbsd-5a715e5d56517275cd64092796fb2595209eb962.tar.bz2 openbsd-5a715e5d56517275cd64092796fb2595209eb962.zip | |
LibreSSL 3.1.4 - Interoperability and bug fixes for the TLSv1.3 client:
* Improve client certificate selection to allow EC certificates
instead of only RSA certificates.
* Do not error out if a TLSv1.3 server requests an OCSP response as
part of a certificate request.
* Fix SSL_shutdown behavior to match the legacy stack. The previous
behaviour could cause a hang.
* Fix a memory leak and add a missing error check in the handling of
the key update message.
* Fix a memory leak in tls13_record_layer_set_traffic_key.
* Avoid calling freezero with a negative size if a server sends a
malformed plaintext of all zeroes.
* Ensure that only PSS may be used with RSA in TLSv1.3 in order
to avoid using PKCS1-based signatures.
* Add the P-521 curve to the list of curves supported by default
in the client.
This is errata/6.7/019_libssl.patch.sig
Diffstat (limited to 'src/lib/libssl/ssl_locl.h')
| -rw-r--r-- | src/lib/libssl/ssl_locl.h | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 0212166678..8ebdab279f 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.272 2020/04/18 14:07:56 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.272.4.1 2020/08/10 18:59:47 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -433,6 +433,12 @@ typedef struct ssl_handshake_st { | |||
| 433 | uint8_t *sigalgs; | 433 | uint8_t *sigalgs; |
| 434 | } SSL_HANDSHAKE; | 434 | } SSL_HANDSHAKE; |
| 435 | 435 | ||
| 436 | typedef struct cert_pkey_st { | ||
| 437 | X509 *x509; | ||
| 438 | EVP_PKEY *privatekey; | ||
| 439 | STACK_OF(X509) *chain; | ||
| 440 | } CERT_PKEY; | ||
| 441 | |||
| 436 | typedef struct ssl_handshake_tls13_st { | 442 | typedef struct ssl_handshake_tls13_st { |
| 437 | uint16_t min_version; | 443 | uint16_t min_version; |
| 438 | uint16_t max_version; | 444 | uint16_t max_version; |
| @@ -441,6 +447,10 @@ typedef struct ssl_handshake_tls13_st { | |||
| 441 | int use_legacy; | 447 | int use_legacy; |
| 442 | int hrr; | 448 | int hrr; |
| 443 | 449 | ||
| 450 | /* Certificate and sigalg selected for use (static pointers) */ | ||
| 451 | const CERT_PKEY *cpk; | ||
| 452 | const struct ssl_sigalg *sigalg; | ||
| 453 | |||
| 444 | /* Version proposed by peer server. */ | 454 | /* Version proposed by peer server. */ |
| 445 | uint16_t server_version; | 455 | uint16_t server_version; |
| 446 | 456 | ||
| @@ -988,12 +998,6 @@ typedef struct dtls1_state_internal_st { | |||
| 988 | } DTLS1_STATE_INTERNAL; | 998 | } DTLS1_STATE_INTERNAL; |
| 989 | #define D1I(s) (s->d1->internal) | 999 | #define D1I(s) (s->d1->internal) |
| 990 | 1000 | ||
| 991 | typedef struct cert_pkey_st { | ||
| 992 | X509 *x509; | ||
| 993 | EVP_PKEY *privatekey; | ||
| 994 | STACK_OF(X509) *chain; | ||
| 995 | } CERT_PKEY; | ||
| 996 | |||
| 997 | typedef struct cert_st { | 1001 | typedef struct cert_st { |
| 998 | /* Current active set */ | 1002 | /* Current active set */ |
| 999 | CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array | 1003 | CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array |