This is errata/6.8/013_libressl.patch.siglibressl-v3.2.4

Various interoperability issues and memory leaks were discovered in
libcrypto and libssl.

The new verifier is not bug compatible with the old verifier and caused
many issues by failing to propagate errors correctly, returning different
error codes than some software was trained to expect and otherwise failing
when it shouldn't. While much of this is fixed in -current, it's still not
perfect, so switching back to the legacy verifier is preferable at this
point.

Other included fixes:

* Unbreak DTLS retransmissions for flights that include a CCS
* Only check BIO_should_read() on read and BIO_should_write() on write
* Implement autochain for the TLSv1.3 server
* Use the legacy verifier for AUTO_CHAIN
* Implement exporter for TLSv1.3
* Free alert_data and phh_data in tls13_record_layer_free()
* Plug leak in x509_verify_chain_dup()
* Free the policy tree in x509_vfy_check_policy()

Original commits by jsing and tb

ok inoguchi jsing

1 files changed, 15 insertions, 1 deletions

diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index 03a1a6b4b1..bdb554cbc2 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_internal.h,v 1.86 2020/07/30 16:23:17 tb Exp $ */
+/* $OpenBSD: tls13_internal.h,v 1.86.4.1 2021/02/03 07:06:14 tb Exp $ */
 /*
  * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
  * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -148,6 +148,16 @@ void tls13_secrets_destroy(struct tls13_secrets *secrets);
 int tls13_hkdf_expand_label(struct tls13_secret *out, const EVP_MD *digest,
     const struct tls13_secret *secret, const char *label,
     const struct tls13_secret *context);
+int tls13_hkdf_expand_label_with_length(struct tls13_secret *out,
+    const EVP_MD *digest, const struct tls13_secret *secret,
+    const uint8_t *label, size_t label_len, const struct tls13_secret *context);
+
+int tls13_derive_secret(struct tls13_secret *out, const EVP_MD *digest,
+    const struct tls13_secret *secret, const char *label,   
+    const struct tls13_secret *context);
+int tls13_derive_secret_with_label_length(struct tls13_secret *out,
+    const EVP_MD *digest, const struct tls13_secret *secret,
+    const uint8_t *label, size_t label_len, const struct tls13_secret *context);
 
 int tls13_derive_early_secrets(struct tls13_secrets *secrets, uint8_t *psk,
     size_t psk_len, const struct tls13_secret *context);
@@ -412,6 +422,10 @@ int tls13_error_setx(struct tls13_error *error, int code, int subcode,
         tls13_error_setx(&(ctx)->error, (code), (subcode), __FILE__, __LINE__, \
             (fmt), __VA_ARGS__)
 
+int tls13_exporter(struct tls13_ctx *ctx, const uint8_t *label, size_t label_len,
+    const uint8_t *context_value, size_t context_value_len, uint8_t *out,
+    size_t out_len);
+
 extern const uint8_t tls13_downgrade_12[8];
 extern const uint8_t tls13_downgrade_11[8];
 extern const uint8_t tls13_hello_retry_request_hash[32];