Hello community, here is the log from the commit of package libressl for openSUSE:Factory checked in at 2020-08-19 18:59:38 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libressl (Old) and /work/SRC/openSUSE:Factory/.libressl.new.3399 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libressl" Wed Aug 19 18:59:38 2020 rev:52 rq:827860 version:3.1.4 Changes: -------- --- /work/SRC/openSUSE:Factory/libressl/libressl.changes 2020-06-25 15:08:07.181495488 +0200 +++ /work/SRC/openSUSE:Factory/.libressl.new.3399/libressl.changes 2020-08-19 19:00:18.683956605 +0200 @@ -1,0 +2,21 @@ +Wed Aug 19 10:30:23 UTC 2020 - Jan Engelhardt <jeng...@inai.de> + +- Update to release 3.1.4 + * TLS 1.3 client improvements: + * Improve client certificate selection to allow EC certificates + instead of only RSA certificates. + * Do not error out if a TLSv1.3 server requests an OCSP + response as part of a certificate request. + * Fix SSL_shutdown behavior to match the legacy stack. The + previous behaviour could cause a hang. + * Fix a memory leak and add a missing error check in the + handling of the key update message. + * Fix a memory leak in tls13_record_layer_set_traffic_key. + * Avoid calling freezero with a negative size if a server sends + a malformed plaintext of all zeroes. + * Ensure that only PSS may be used with RSA in TLSv1.3 in order + to avoid using PKCS1-based signatures. + * Add the P-521 curve to the list of curves supported by + default in the client. + +------------------------------------------------------------------- Old: ---- libressl-3.1.3.tar.gz libressl-3.1.3.tar.gz.asc New: ---- libressl-3.1.4.tar.gz libressl-3.1.4.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libressl.spec ++++++ --- /var/tmp/diff_new_pack.NoP41d/_old 2020-08-19 19:00:22.619958585 +0200 +++ /var/tmp/diff_new_pack.NoP41d/_new 2020-08-19 19:00:22.623958587 +0200 @@ -17,7 +17,7 @@ Name: libressl -Version: 3.1.3 +Version: 3.1.4 Release: 0 Summary: An SSL/TLS protocol implementation License: OpenSSL ++++++ libressl-3.1.3.tar.gz -> libressl-3.1.4.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-3.1.3/ChangeLog new/libressl-3.1.4/ChangeLog --- old/libressl-3.1.3/ChangeLog 2020-06-12 16:40:03.000000000 +0200 +++ new/libressl-3.1.4/ChangeLog 2020-08-17 17:24:08.000000000 +0200 @@ -28,6 +28,31 @@ LibreSSL Portable Release Notes: +3.1.4 - Interoperability and bug fixes for the TLSv1.3 client: + + * Improve client certificate selection to allow EC certificates + instead of only RSA certificates. + + * Do not error out if a TLSv1.3 server requests an OCSP response as + part of a certificate request. + + * Fix SSL_shutdown behavior to match the legacy stack. The previous + behaviour could cause a hang. + + * Fix a memory leak and add a missing error check in the handling of + the key update message. + + * Fix a memory leak in tls13_record_layer_set_traffic_key. + + * Avoid calling freezero with a negative size if a server sends a + malformed plaintext of all zeroes. + + * Ensure that only PSS may be used with RSA in TLSv1.3 in order + to avoid using PKCS1-based signatures. + + * Add the P-521 curve to the list of curves supported by default + in the client. + 3.1.3 - Bug fix * libcrypto may fail to build a valid certificate chain due to diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-3.1.3/VERSION new/libressl-3.1.4/VERSION --- old/libressl-3.1.3/VERSION 2020-06-12 20:28:18.000000000 +0200 +++ new/libressl-3.1.4/VERSION 2020-08-17 17:24:23.000000000 +0200 @@ -1,2 +1,2 @@ -3.1.3 +3.1.4 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-3.1.3/configure new/libressl-3.1.4/configure --- old/libressl-3.1.3/configure 2020-06-12 20:29:08.000000000 +0200 +++ new/libressl-3.1.4/configure 2020-08-17 17:25:13.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for libressl 3.1.3. +# Generated by GNU Autoconf 2.69 for libressl 3.1.4. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -587,8 +587,8 @@ # Identity of this package. PACKAGE_NAME='libressl' PACKAGE_TARNAME='libressl' -PACKAGE_VERSION='3.1.3' -PACKAGE_STRING='libressl 3.1.3' +PACKAGE_VERSION='3.1.4' +PACKAGE_STRING='libressl 3.1.4' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1449,7 +1449,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures libressl 3.1.3 to adapt to many kinds of systems. +\`configure' configures libressl 3.1.4 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1520,7 +1520,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of libressl 3.1.3:";; + short | recursive ) echo "Configuration of libressl 3.1.4:";; esac cat <<\_ACEOF @@ -1637,7 +1637,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -libressl configure 3.1.3 +libressl configure 3.1.4 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2185,7 +2185,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by libressl $as_me 3.1.3, which was +It was created by libressl $as_me 3.1.4, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3126,7 +3126,7 @@ # Define the identity of the package. PACKAGE='libressl' - VERSION='3.1.3' + VERSION='3.1.4' cat >>confdefs.h <<_ACEOF @@ -14899,7 +14899,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by libressl $as_me 3.1.3, which was +This file was extended by libressl $as_me 3.1.4, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -14956,7 +14956,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -libressl config.status 3.1.3 +libressl config.status 3.1.4 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-3.1.3/include/openssl/opensslv.h new/libressl-3.1.4/include/openssl/opensslv.h --- old/libressl-3.1.3/include/openssl/opensslv.h 2020-06-12 17:42:59.000000000 +0200 +++ new/libressl-3.1.4/include/openssl/opensslv.h 2020-08-17 17:24:08.000000000 +0200 @@ -3,9 +3,9 @@ #define HEADER_OPENSSLV_H /* These will change with each release of LibreSSL-portable */ -#define LIBRESSL_VERSION_NUMBER 0x3010300fL +#define LIBRESSL_VERSION_NUMBER 0x3010400fL /* ^ Patch starts here */ -#define LIBRESSL_VERSION_TEXT "LibreSSL 3.1.3" +#define LIBRESSL_VERSION_TEXT "LibreSSL 3.1.4" /* These will never change */ #define OPENSSL_VERSION_NUMBER 0x20000000L diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-3.1.3/ssl/ssl_locl.h new/libressl-3.1.4/ssl/ssl_locl.h --- old/libressl-3.1.3/ssl/ssl_locl.h 2020-06-11 04:04:13.000000000 +0200 +++ new/libressl-3.1.4/ssl/ssl_locl.h 2020-08-17 17:24:15.000000000 +0200 @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.272 2020/04/18 14:07:56 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.272.4.1 2020/08/10 18:59:47 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (e...@cryptsoft.com) * All rights reserved. * @@ -433,6 +433,12 @@ uint8_t *sigalgs; } SSL_HANDSHAKE; +typedef struct cert_pkey_st { + X509 *x509; + EVP_PKEY *privatekey; + STACK_OF(X509) *chain; +} CERT_PKEY; + typedef struct ssl_handshake_tls13_st { uint16_t min_version; uint16_t max_version; @@ -441,6 +447,10 @@ int use_legacy; int hrr; + /* Certificate and sigalg selected for use (static pointers) */ + const CERT_PKEY *cpk; + const struct ssl_sigalg *sigalg; + /* Version proposed by peer server. */ uint16_t server_version; @@ -988,12 +998,6 @@ } DTLS1_STATE_INTERNAL; #define D1I(s) (s->d1->internal) -typedef struct cert_pkey_st { - X509 *x509; - EVP_PKEY *privatekey; - STACK_OF(X509) *chain; -} CERT_PKEY; - typedef struct cert_st { /* Current active set */ CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-3.1.3/ssl/ssl_sigalgs.c new/libressl-3.1.4/ssl/ssl_sigalgs.c --- old/libressl-3.1.3/ssl/ssl_sigalgs.c 2020-06-11 04:04:13.000000000 +0200 +++ new/libressl-3.1.4/ssl/ssl_sigalgs.c 2020-08-17 17:24:15.000000000 +0200 @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_sigalgs.c,v 1.20 2019/04/01 02:09:21 beck Exp $ */ +/* $OpenBSD: ssl_sigalgs.c,v 1.20.8.1 2020/08/10 18:59:47 tb Exp $ */ /* * Copyright (c) 2018-2019 Bob Beck <b...@openbsd.org> * @@ -322,6 +322,12 @@ tls_sigalgs_len)) == NULL) continue; + /* RSA cannot be used without PSS in TLSv1.3. */ + if (TLS1_get_version(s) >= TLS1_3_VERSION && + sigalg->key_type == EVP_PKEY_RSA && + (sigalg->flags & SIGALG_FLAG_RSA_PSS) == 0) + continue; + if (ssl_sigalg_pkey_ok(sigalg, pkey, check_curve)) return sigalg; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-3.1.3/ssl/ssl_tlsext.c new/libressl-3.1.4/ssl/ssl_tlsext.c --- old/libressl-3.1.3/ssl/ssl_tlsext.c 2020-06-11 04:04:13.000000000 +0200 +++ new/libressl-3.1.4/ssl/ssl_tlsext.c 2020-08-17 17:24:15.000000000 +0200 @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.c,v 1.63 2020/04/21 17:06:16 jsing Exp $ */ +/* $OpenBSD: ssl_tlsext.c,v 1.63.4.1 2020/08/10 18:59:47 tb Exp $ */ /* * Copyright (c) 2016, 2017, 2019 Joel Sing <js...@openbsd.org> * Copyright (c) 2017 Doug Hogan <d...@openbsd.org> @@ -896,12 +896,49 @@ int tlsext_ocsp_client_parse(SSL *s, CBS *cbs, int *alert) { - if (s->tlsext_status_type == -1) { - *alert = TLS1_AD_UNSUPPORTED_EXTENSION; - return 0; + CBS response; + size_t resp_len; + uint16_t version = TLS1_get_client_version(s); + uint8_t status_type; + + if (version >= TLS1_3_VERSION) { + /* + * RFC 8446, 4.4.2.1 - the server may request an OCSP + * response with an empty status_request. + */ + if (CBS_len(cbs) == 0) + return 1; + + if (!CBS_get_u8(cbs, &status_type)) { + SSLerror(s, SSL_R_LENGTH_MISMATCH); + return 0; + } + if (status_type != TLSEXT_STATUSTYPE_ocsp) { + SSLerror(s, SSL_R_UNSUPPORTED_STATUS_TYPE); + return 0; + } + if (!CBS_get_u24_length_prefixed(cbs, &response)) { + SSLerror(s, SSL_R_LENGTH_MISMATCH); + return 0; + } + if (CBS_len(&response) > 65536) { + SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG); + return 0; + } + if (!CBS_stow(&response, &s->internal->tlsext_ocsp_resp, + &resp_len)) { + *alert = SSL_AD_INTERNAL_ERROR; + return 0; + } + s->internal->tlsext_ocsp_resplen = (int)resp_len; + } else { + if (s->tlsext_status_type == -1) { + *alert = TLS1_AD_UNSUPPORTED_EXTENSION; + return 0; + } + /* Set flag to expect CertificateStatus message */ + s->internal->tlsext_status_expected = 1; } - /* Set flag to expect CertificateStatus message */ - s->internal->tlsext_status_expected = 1; return 1; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-3.1.3/ssl/t1_lib.c new/libressl-3.1.4/ssl/t1_lib.c --- old/libressl-3.1.3/ssl/t1_lib.c 2020-06-11 04:04:13.000000000 +0200 +++ new/libressl-3.1.4/ssl/t1_lib.c 2020-08-17 17:24:15.000000000 +0200 @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_lib.c,v 1.165 2020/03/10 17:02:21 jsing Exp $ */ +/* $OpenBSD: t1_lib.c,v 1.165.4.1 2020/08/10 18:59:47 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (e...@cryptsoft.com) * All rights reserved. * @@ -250,7 +250,14 @@ }; #endif -static const uint16_t eccurves_default[] = { +static const uint16_t eccurves_client_default[] = { + 29, /* X25519 (29) */ + 23, /* secp256r1 (23) */ + 24, /* secp384r1 (24) */ + 25, /* secp521r1 (25) */ +}; + +static const uint16_t eccurves_server_default[] = { 29, /* X25519 (29) */ 23, /* secp256r1 (23) */ 24, /* secp384r1 (24) */ @@ -374,9 +381,15 @@ *pgroups = s->internal->tlsext_supportedgroups; *pgroupslen = s->internal->tlsext_supportedgroups_length; - if (*pgroups == NULL) { - *pgroups = eccurves_default; - *pgroupslen = sizeof(eccurves_default) / 2; + if (*pgroups != NULL) + return; + + if (!s->server) { + *pgroups = eccurves_client_default; + *pgroupslen = sizeof(eccurves_client_default) / 2; + } else { + *pgroups = eccurves_server_default; + *pgroupslen = sizeof(eccurves_server_default) / 2; } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-3.1.3/ssl/tls13_client.c new/libressl-3.1.4/ssl/tls13_client.c --- old/libressl-3.1.3/ssl/tls13_client.c 2020-06-11 04:04:13.000000000 +0200 +++ new/libressl-3.1.4/ssl/tls13_client.c 2020-08-17 17:24:15.000000000 +0200 @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_client.c,v 1.54.4.1 2020/05/19 20:22:33 tb Exp $ */ +/* $OpenBSD: tls13_client.c,v 1.54.4.2 2020/08/10 18:59:47 tb Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing <js...@openbsd.org> * @@ -811,30 +811,92 @@ return ret; } +static int +tls13_client_check_certificate(struct tls13_ctx *ctx, CERT_PKEY *cpk, + int *ok, const struct ssl_sigalg **out_sigalg) +{ + const struct ssl_sigalg *sigalg; + SSL *s = ctx->ssl; + + *ok = 0; + *out_sigalg = NULL; + + if (cpk->x509 == NULL || cpk->privatekey == NULL) + goto done; + + if ((sigalg = ssl_sigalg_select(s, cpk->privatekey)) == NULL) + goto done; + + *ok = 1; + *out_sigalg = sigalg; + + done: + return 1; +} + +static int +tls13_client_select_certificate(struct tls13_ctx *ctx, CERT_PKEY **out_cpk, + const struct ssl_sigalg **out_sigalg) +{ + SSL *s = ctx->ssl; + const struct ssl_sigalg *sigalg; + CERT_PKEY *cpk; + int cert_ok; + + *out_cpk = NULL; + *out_sigalg = NULL; + + cpk = &s->cert->pkeys[SSL_PKEY_ECC]; + if (!tls13_client_check_certificate(ctx, cpk, &cert_ok, &sigalg)) + return 0; + if (cert_ok) + goto done; + + cpk = &s->cert->pkeys[SSL_PKEY_RSA_ENC]; + if (!tls13_client_check_certificate(ctx, cpk, &cert_ok, &sigalg)) + return 0; + if (cert_ok) + goto done; + + cpk = NULL; + sigalg = NULL; + + done: + *out_cpk = cpk; + *out_sigalg = sigalg; + + return 1; +} + int tls13_client_certificate_send(struct tls13_ctx *ctx, CBB *cbb) { SSL *s = ctx->ssl; CBB cert_request_context, cert_list; + const struct ssl_sigalg *sigalg; STACK_OF(X509) *chain; CERT_PKEY *cpk; X509 *cert; int i, ret = 0; - /* XXX - Need to revisit certificate selection. */ - cpk = &s->cert->pkeys[SSL_PKEY_RSA_ENC]; + if (!tls13_client_select_certificate(ctx, &cpk, &sigalg)) + goto err; - if ((chain = cpk->chain) == NULL) - chain = s->ctx->extra_certs; + ctx->hs->cpk = cpk; + ctx->hs->sigalg = sigalg; if (!CBB_add_u8_length_prefixed(cbb, &cert_request_context)) goto err; if (!CBB_add_u24_length_prefixed(cbb, &cert_list)) goto err; - if (cpk->x509 == NULL) + /* No certificate selected. */ + if (cpk == NULL) goto done; + if ((chain = cpk->chain) == NULL) + chain = s->ctx->extra_certs; + if (!tls13_cert_add(&cert_list, cpk->x509)) goto err; @@ -858,27 +920,23 @@ int tls13_client_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb) { - SSL *s = ctx->ssl; - const struct ssl_sigalg *sigalg = NULL; + const struct ssl_sigalg *sigalg; uint8_t *sig = NULL, *sig_content = NULL; size_t sig_len, sig_content_len; EVP_MD_CTX *mdctx = NULL; EVP_PKEY_CTX *pctx; EVP_PKEY *pkey; - CERT_PKEY *cpk; + const CERT_PKEY *cpk; CBB sig_cbb; int ret = 0; memset(&sig_cbb, 0, sizeof(sig_cbb)); - /* XXX - Need to revisit certificate selection. */ - cpk = &s->cert->pkeys[SSL_PKEY_RSA_ENC]; - pkey = cpk->privatekey; - - if ((sigalg = ssl_sigalg_select(s, pkey)) == NULL) { - /* XXX - SSL_R_SIGNATURE_ALGORITHMS_ERROR */ + if ((cpk = ctx->hs->cpk) == NULL) goto err; - } + if ((sigalg = ctx->hs->sigalg) == NULL) + goto err; + pkey = cpk->privatekey; if (!CBB_init(&sig_cbb, 0)) goto err; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-3.1.3/ssl/tls13_legacy.c new/libressl-3.1.4/ssl/tls13_legacy.c --- old/libressl-3.1.3/ssl/tls13_legacy.c 2020-06-11 04:04:13.000000000 +0200 +++ new/libressl-3.1.4/ssl/tls13_legacy.c 2020-08-17 17:24:15.000000000 +0200 @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_legacy.c,v 1.3.4.1 2020/05/19 20:22:33 tb Exp $ */ +/* $OpenBSD: tls13_legacy.c,v 1.3.4.3 2020/08/17 11:04:20 tb Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing <js...@openbsd.org> * @@ -486,29 +486,31 @@ return 1; } - /* Send close notify. */ if (!ctx->close_notify_sent) { - ctx->close_notify_sent = 1; - if ((ret = tls13_send_alert(ctx->rl, SSL_AD_CLOSE_NOTIFY)) < 0) + /* Enqueue and send close notify. */ + if (!(ssl->internal->shutdown & SSL_SENT_SHUTDOWN)) { + ssl->internal->shutdown |= SSL_SENT_SHUTDOWN; + if ((ret = tls13_send_alert(ctx->rl, + SSL_AD_CLOSE_NOTIFY)) < 0) + return tls13_legacy_return_code(ssl, ret); + } + if ((ret = tls13_record_layer_send_pending(ctx->rl)) != + TLS13_IO_SUCCESS) return tls13_legacy_return_code(ssl, ret); - } - - /* Ensure close notify has been sent. */ - if ((ret = tls13_record_layer_send_pending(ctx->rl)) != TLS13_IO_SUCCESS) - return tls13_legacy_return_code(ssl, ret); - - /* Receive close notify. */ - if (!ctx->close_notify_recv) { + ctx->close_notify_sent = 1; + } else if (!ctx->close_notify_recv) { /* - * If there is still application data pending then we have no - * option but to discard it here. The application should have - * continued to call SSL_read() instead of SSL_shutdown(). + * If there is no application data pending, attempt to read more + * data in order to receive a close notify. This should trigger + * a record to be read from the wire, which may be application + * handshake or alert data. Only one attempt is made to match + * previous semantics. */ - /* XXX - tls13_drain_application_data()? */ - if ((ret = tls13_read_application_data(ctx->rl, buf, sizeof(buf))) > 0) - ret = TLS13_IO_WANT_POLLIN; - if (ret != TLS13_IO_EOF) - return tls13_legacy_return_code(ssl, ret); + if (tls13_pending_application_data(ctx->rl) == 0) { + if ((ret = tls13_read_application_data(ctx->rl, buf, + sizeof(buf))) < 0) + return tls13_legacy_return_code(ssl, ret); + } } if (ctx->close_notify_recv) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-3.1.3/ssl/tls13_lib.c new/libressl-3.1.4/ssl/tls13_lib.c --- old/libressl-3.1.3/ssl/tls13_lib.c 2020-06-11 04:04:13.000000000 +0200 +++ new/libressl-3.1.4/ssl/tls13_lib.c 2020-08-17 17:24:15.000000000 +0200 @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_lib.c,v 1.36 2020/04/28 20:30:41 jsing Exp $ */ +/* $OpenBSD: tls13_lib.c,v 1.36.4.1 2020/08/10 18:59:47 tb Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing <js...@openbsd.org> * Copyright (c) 2019 Bob Beck <b...@openbsd.org> @@ -227,8 +227,9 @@ CBB cbb; CBS cbs; /* XXX */ - free(ctx->hs_msg); - ctx->hs_msg = tls13_handshake_msg_new(); + tls13_handshake_msg_free(ctx->hs_msg); + if ((ctx->hs_msg = tls13_handshake_msg_new()) == NULL) + goto err; if (!tls13_handshake_msg_start(ctx->hs_msg, &cbb, TLS13_MT_KEY_UPDATE)) goto err; if (!CBB_add_u8(&cbb, 0)) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-3.1.3/ssl/tls13_record_layer.c new/libressl-3.1.4/ssl/tls13_record_layer.c --- old/libressl-3.1.3/ssl/tls13_record_layer.c 2020-06-11 04:04:13.000000000 +0200 +++ new/libressl-3.1.4/ssl/tls13_record_layer.c 2020-08-17 17:24:15.000000000 +0200 @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_record_layer.c,v 1.33 2020/05/03 15:57:25 jsing Exp $ */ +/* $OpenBSD: tls13_record_layer.c,v 1.33.4.1 2020/08/10 18:59:47 tb Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing <js...@openbsd.org> * @@ -435,6 +435,8 @@ struct tls13_secret key = { .data = NULL, .len = 0 }; int ret = 0; + EVP_AEAD_CTX_cleanup(aead_ctx); + freezero(iv->data, iv->len); iv->data = NULL; iv->len = 0; @@ -523,8 +525,9 @@ tls13_record_layer_open_record_protected(struct tls13_record_layer *rl) { CBS header, enc_record; + ssize_t inner_len; uint8_t *content = NULL; - ssize_t content_len = 0; + size_t content_len = 0; uint8_t content_type; size_t out_len; @@ -560,18 +563,18 @@ * Time to hunt for that elusive content type! */ /* XXX - CBS from end? CBS_get_end_u8()? */ - content_len = out_len - 1; - while (content_len >= 0 && content[content_len] == 0) - content_len--; - if (content_len < 0) + inner_len = out_len - 1; + while (inner_len >= 0 && content[inner_len] == 0) + inner_len--; + if (inner_len < 0) goto err; - content_type = content[content_len]; + content_type = content[inner_len]; tls13_record_layer_rbuf_free(rl); rl->rbuf_content_type = content_type; rl->rbuf = content; - rl->rbuf_len = content_len; + rl->rbuf_len = inner_len; CBS_init(&rl->rbuf_cbs, rl->rbuf, rl->rbuf_len); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libressl-3.1.3/tests/tlsexttest.c new/libressl-3.1.4/tests/tlsexttest.c --- old/libressl-3.1.3/tests/tlsexttest.c 2020-06-12 20:28:50.000000000 +0200 +++ new/libressl-3.1.4/tests/tlsexttest.c 2020-08-17 17:24:55.000000000 +0200 @@ -1,4 +1,4 @@ -/* $OpenBSD: tlsexttest.c,v 1.35 2020/04/17 17:24:03 jsing Exp $ */ +/* $OpenBSD: tlsexttest.c,v 1.35.2.1 2020/08/10 18:59:47 tb Exp $ */ /* * Copyright (c) 2017 Joel Sing <js...@openbsd.org> * Copyright (c) 2017 Doug Hogan <d...@openbsd.org> @@ -470,10 +470,11 @@ */ static uint8_t tlsext_supportedgroups_client_default[] = { - 0x00, 0x06, + 0x00, 0x08, 0x00, 0x1d, /* X25519 (29) */ 0x00, 0x17, /* secp256r1 (23) */ - 0x00, 0x18 /* secp384r1 (24) */ + 0x00, 0x18, /* secp384r1 (24) */ + 0x00, 0x19, /* secp521r1 (25) */ }; static uint16_t tlsext_supportedgroups_client_secp384r1_val[] = { @@ -2714,13 +2715,13 @@ #endif /* OPENSSL_NO_SRTP */ unsigned char tlsext_clienthello_default[] = { - 0x00, 0x32, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, - 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, - 0x00, 0x17, 0x00, 0x18, 0x00, 0x23, 0x00, 0x00, - 0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 0x08, 0x06, - 0x06, 0x01, 0x06, 0x03, 0x08, 0x05, 0x05, 0x01, - 0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 0x04, 0x03, - 0x02, 0x01, 0x02, 0x03, + 0x00, 0x34, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, + 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d, + 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 0x23, + 0x00, 0x00, 0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, + 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, 0x08, 0x05, + 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 0x01, + 0x04, 0x03, 0x02, 0x01, 0x02, 0x03, }; unsigned char tlsext_clienthello_disabled[] = {