From 5a715e5d56517275cd64092796fb2595209eb962 Mon Sep 17 00:00:00 2001 From: tb <> Date: Mon, 10 Aug 2020 18:59:47 +0000 Subject: LibreSSL 3.1.4 - Interoperability and bug fixes for the TLSv1.3 client: * Improve client certificate selection to allow EC certificates instead of only RSA certificates. * Do not error out if a TLSv1.3 server requests an OCSP response as part of a certificate request. * Fix SSL_shutdown behavior to match the legacy stack. The previous behaviour could cause a hang. * Fix a memory leak and add a missing error check in the handling of the key update message. * Fix a memory leak in tls13_record_layer_set_traffic_key. * Avoid calling freezero with a negative size if a server sends a malformed plaintext of all zeroes. * Ensure that only PSS may be used with RSA in TLSv1.3 in order to avoid using PKCS1-based signatures. * Add the P-521 curve to the list of curves supported by default in the client. This is errata/6.7/019_libssl.patch.sig --- src/lib/libssl/tls13_lib.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'src/lib/libssl/tls13_lib.c') diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c index 199f43ca16..4373e769dc 100644 --- a/src/lib/libssl/tls13_lib.c +++ b/src/lib/libssl/tls13_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_lib.c,v 1.36 2020/04/28 20:30:41 jsing Exp $ */ +/* $OpenBSD: tls13_lib.c,v 1.36.4.1 2020/08/10 18:59:47 tb Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * Copyright (c) 2019 Bob Beck @@ -227,8 +227,9 @@ tls13_key_update_recv(struct tls13_ctx *ctx, CBS *cbs) CBB cbb; CBS cbs; /* XXX */ - free(ctx->hs_msg); - ctx->hs_msg = tls13_handshake_msg_new(); + tls13_handshake_msg_free(ctx->hs_msg); + if ((ctx->hs_msg = tls13_handshake_msg_new()) == NULL) + goto err; if (!tls13_handshake_msg_start(ctx->hs_msg, &cbb, TLS13_MT_KEY_UPDATE)) goto err; if (!CBB_add_u8(&cbb, 0)) -- cgit v1.2.3-55-g6feb