LibreSSL 3.1.4 - Interoperability and bug fixes for the TLSv1.3 client:

* Improve client certificate selection to allow EC certificates
  instead of only RSA certificates.

* Do not error out if a TLSv1.3 server requests an OCSP response as
  part of a certificate request.

* Fix SSL_shutdown behavior to match the legacy stack.  The previous
  behaviour could cause a hang.

* Fix a memory leak and add a missing error check in the handling of
  the key update message.

* Fix a memory leak in tls13_record_layer_set_traffic_key.

* Avoid calling freezero with a negative size if a server sends a
  malformed plaintext of all zeroes.

* Ensure that only PSS may be used with RSA in TLSv1.3 in order
  to avoid using PKCS1-based signatures.

* Add the P-521 curve to the list of curves supported by default
  in the client.

This is errata/6.7/019_libssl.patch.sig

1 files changed, 4 insertions, 3 deletions

diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index 199f43ca16..4373e769dc 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_lib.c,v 1.36 2020/04/28 20:30:41 jsing Exp $ */
+/*      $OpenBSD: tls13_lib.c,v 1.36.4.1 2020/08/10 18:59:47 tb Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -227,8 +227,9 @@ tls13_key_update_recv(struct tls13_ctx *ctx, CBS *cbs)
                 CBB cbb;
                 CBS cbs; /* XXX */
 
-                free(ctx->hs_msg);
-                ctx->hs_msg = tls13_handshake_msg_new();
+                tls13_handshake_msg_free(ctx->hs_msg);
+                if ((ctx->hs_msg = tls13_handshake_msg_new()) == NULL)
+                        goto err;
                 if (!tls13_handshake_msg_start(ctx->hs_msg, &cbb, TLS13_MT_KEY_UPDATE))
                         goto err;
                 if (!CBB_add_u8(&cbb, 0))