From 5a715e5d56517275cd64092796fb2595209eb962 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Mon, 10 Aug 2020 18:59:47 +0000
Subject: LibreSSL 3.1.4 - Interoperability and bug fixes for the TLSv1.3
 client:

* Improve client certificate selection to allow EC certificates
  instead of only RSA certificates.

* Do not error out if a TLSv1.3 server requests an OCSP response as
  part of a certificate request.

* Fix SSL_shutdown behavior to match the legacy stack.  The previous
  behaviour could cause a hang.

* Fix a memory leak and add a missing error check in the handling of
  the key update message.

* Fix a memory leak in tls13_record_layer_set_traffic_key.

* Avoid calling freezero with a negative size if a server sends a
  malformed plaintext of all zeroes.

* Ensure that only PSS may be used with RSA in TLSv1.3 in order
  to avoid using PKCS1-based signatures.

* Add the P-521 curve to the list of curves supported by default
  in the client.

This is errata/6.7/019_libssl.patch.sig
---
 src/lib/libssl/ssl_sigalgs.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'src/lib/libssl/ssl_sigalgs.c')

diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c
index 37fdcfa73f..374ba3cef2 100644
--- a/src/lib/libssl/ssl_sigalgs.c
+++ b/src/lib/libssl/ssl_sigalgs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sigalgs.c,v 1.20 2019/04/01 02:09:21 beck Exp $ */
+/* $OpenBSD: ssl_sigalgs.c,v 1.20.8.1 2020/08/10 18:59:47 tb Exp $ */
 /*
  * Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org>
  *
@@ -322,6 +322,12 @@ ssl_sigalg_select(SSL *s, EVP_PKEY *pkey)
 		    tls_sigalgs_len)) == NULL)
 			continue;
 
+		/* RSA cannot be used without PSS in TLSv1.3. */
+		if (TLS1_get_version(s) >= TLS1_3_VERSION &&
+		    sigalg->key_type == EVP_PKEY_RSA &&
+		    (sigalg->flags & SIGALG_FLAG_RSA_PSS) == 0)
+			continue;
+
 		if (ssl_sigalg_pkey_ok(sigalg, pkey, check_curve))
 			return sigalg;
 	}
-- 
cgit v1.2.3-55-g6feb