LibreSSL 3.1.4 - Interoperability and bug fixes for the TLSv1.3 client:

* Improve client certificate selection to allow EC certificates instead of only RSA certificates. * Do not error out if a TLSv1.3 server requests an OCSP response as part of a certificate request. * Fix SSL_shutdown behavior to match the legacy stack. The previous behaviour could cause a hang. * Fix a memory leak and add a missing error check in the handling of the key update message. * Fix a memory leak in tls13_record_layer_set_traffic_key. * Avoid calling freezero with a negative size if a server sends a malformed plaintext of all zeroes. * Ensure that only PSS may be used with RSA in TLSv1.3 in order to avoid using PKCS1-based signatures. * Add the P-521 curve to the list of curves supported by default in the client. This is errata/6.7/019_libssl.patch.sig
author: tb <> 2020-08-10 18:59:47 +0000
committer: tb <> 2020-08-10 18:59:47 +0000
commit: 5a715e5d56517275cd64092796fb2595209eb962 (patch)
tree: e71b2891b8ce65ccefec5a7582a532ae6f33f7f4 /src/regress/lib/libssl
parent: a91baa573ac5ab1cbde7a2761d1d1da9501f45ec (diff)
download: openbsd-5a715e5d56517275cd64092796fb2595209eb962.tar.gz
openbsd-5a715e5d56517275cd64092796fb2595209eb962.tar.bz2
openbsd-5a715e5d56517275cd64092796fb2595209eb962.zip
2 files changed, 32 insertions, 30 deletions
diff --git a/src/regress/lib/libssl/client/clienttest.c b/src/regress/lib/libssl/client/clienttest.c
index e81b83c45e..e8e20c2f8d 100644
--- a/src/regress/lib/libssl/client/clienttest.c
+++ b/src/regress/lib/libssl/client/clienttest.c
@@ -66,21 +66,21 @@ static unsigned char cipher_list_tls10[] = {
 };
 static unsigned char client_hello_tls10[] = {
-        0x16, 0x03, 0x01, 0x00, 0x71, 0x01, 0x00, 0x00,
+        0x16, 0x03, 0x01, 0x00, 0x73, 0x01, 0x00, 0x00,
-        0x6d, 0x03, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x6f, 0x03, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x2e, 0xc0, 0x14,
-        0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85, 0x00, 0x88,
+        0x00, 0x00, 0x00, 0x00, 0xff, 0x85, 0x00, 0x88,
        0x00, 0x81, 0x00, 0x35, 0x00, 0x84, 0xc0, 0x13,
        0xc0, 0x09, 0x00, 0x33, 0x00, 0x45, 0x00, 0x2f,
        0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05,
        0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
-        0x00, 0x0a, 0x00, 0xff, 0x01, 0x00, 0x00, 0x16,
+        0x00, 0x0a, 0x00, 0xff, 0x01, 0x00, 0x00, 0x18,
        0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a,
-        0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17,
+        0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00, 0x17,
-        0x00, 0x18, 0x00, 0x23, 0x00, 0x00,
+        0x00, 0x18, 0x00, 0x19, 0x00, 0x23, 0x00, 0x00,
 };
 static unsigned char cipher_list_tls11[] = {
@@ -93,8 +93,8 @@ static unsigned char cipher_list_tls11[] = {
 };
 static unsigned char client_hello_tls11[] = {
-        0x16, 0x03, 0x01, 0x00, 0x71, 0x01, 0x00, 0x00,
+        0x16, 0x03, 0x01, 0x00, 0x73, 0x01, 0x00, 0x00,
-        0x6d, 0x03, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x6f, 0x03, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -104,10 +104,10 @@ static unsigned char client_hello_tls11[] = {
        0xc0, 0x09, 0x00, 0x33, 0x00, 0x45, 0x00, 0x2f,
        0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05,
        0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
-        0x00, 0x0a, 0x00, 0xff, 0x01, 0x00, 0x00, 0x16,
+        0x00, 0x0a, 0x00, 0xff, 0x01, 0x00, 0x00, 0x18,
        0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a,
-        0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17,
+        0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00, 0x17,
-        0x00, 0x18, 0x00, 0x23, 0x00, 0x00,
+        0x00, 0x18, 0x00, 0x19, 0x00, 0x23, 0x00, 0x00,
 };
 static unsigned char cipher_list_tls12_aes[] = {
@@ -141,8 +141,8 @@ static unsigned char cipher_list_tls12_chacha[] = {
 };
 static unsigned char client_hello_tls12[] = {
-        0x16, 0x03, 0x01, 0x00, 0xbb, 0x01, 0x00, 0x00,
+        0x16, 0x03, 0x01, 0x00, 0xbd, 0x01, 0x00, 0x00,
-        0xb7, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0xb9, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -158,13 +158,14 @@ static unsigned char client_hello_tls12[] = {
        0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41,
        0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 0x00, 0x04,
        0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a,
-        0x00, 0xff, 0x01, 0x00, 0x00, 0x32, 0x00, 0x0b,
+        0x00, 0xff, 0x01, 0x00, 0x00, 0x34, 0x00, 0x0b,
-        0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08,
+        0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x0a,
-        0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
+        0x00, 0x08, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
-        0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x18,
+        0x00, 0x19, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d,
-        0x00, 0x16, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03,
+        0x00, 0x18, 0x00, 0x16, 0x08, 0x06, 0x06, 0x01,
-        0x08, 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04,
+        0x06, 0x03, 0x08, 0x05, 0x05, 0x01, 0x05, 0x03,
-        0x04, 0x01, 0x04, 0x03, 0x02, 0x01, 0x02, 0x03,
+        0x08, 0x04, 0x04, 0x01, 0x04, 0x03, 0x02, 0x01,
+        0x02, 0x03,
 };
 struct client_hello_test {
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c
index eb8cef7ef5..bfda66fe32 100644
--- a/src/regress/lib/libssl/tlsext/tlsexttest.c
+++ b/src/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tlsexttest.c,v 1.35 2020/04/17 17:24:03 jsing Exp $ */
+/* $OpenBSD: tlsexttest.c,v 1.35.2.1 2020/08/10 18:59:47 tb Exp $ */
 /*
 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -470,10 +470,11 @@ test_tlsext_alpn_server(void)
 */
 static uint8_t tlsext_supportedgroups_client_default[] = {
-        0x00, 0x06,
+        0x00, 0x08,
        0x00, 0x1d,  /* X25519 (29) */
        0x00, 0x17,  /* secp256r1 (23) */
-        0x00, 0x18   /* secp384r1 (24) */
+        0x00, 0x18,  /* secp384r1 (24) */
+        0x00, 0x19,  /* secp521r1 (25) */
 };
 static uint16_t tlsext_supportedgroups_client_secp384r1_val[] = {
@@ -2712,13 +2713,13 @@ test_tlsext_srtp_server(void)
 #endif /* OPENSSL_NO_SRTP */
 unsigned char tlsext_clienthello_default[] = {
-        0x00, 0x32, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00,
+        0x00, 0x34, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00,
-        0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d,
+        0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d,
-        0x00, 0x17, 0x00, 0x18, 0x00, 0x23, 0x00, 0x00,
+        0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 0x23,
-        0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 0x08, 0x06,
+        0x00, 0x00, 0x00, 0x0d, 0x00, 0x18, 0x00, 0x16,
-        0x06, 0x01, 0x06, 0x03, 0x08, 0x05, 0x05, 0x01,
+        0x08, 0x06, 0x06, 0x01, 0x06, 0x03, 0x08, 0x05,
-        0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 0x04, 0x03,
+        0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 0x01,
-        0x02, 0x01, 0x02, 0x03,
+        0x04, 0x03, 0x02, 0x01, 0x02, 0x03,
 };
 unsigned char tlsext_clienthello_disabled[] = {};
author	tb <>	2020-08-10 18:59:47 +0000
committer	tb <>	2020-08-10 18:59:47 +0000
commit	5a715e5d56517275cd64092796fb2595209eb962 (patch)
tree	e71b2891b8ce65ccefec5a7582a532ae6f33f7f4 /src/regress/lib/libssl
parent	a91baa573ac5ab1cbde7a2761d1d1da9501f45ec (diff)
download	openbsd-5a715e5d56517275cd64092796fb2595209eb962.tar.gz openbsd-5a715e5d56517275cd64092796fb2595209eb962.tar.bz2 openbsd-5a715e5d56517275cd64092796fb2595209eb962.zip