git: vendor/libressl: upgrade from 3.1.3 to 3.1.4

Daniel Fojt deef at crater.dragonflybsd.org
Sat Sep 12 02:03:17 PDT 2020


commit f015dc589551ad8356ba343b70d1889885249ae4
Author: Daniel Fojt <df at neosystem.org>
Date:   Fri Sep 11 16:58:25 2020 +0200

    vendor/libressl: upgrade from 3.1.3 to 3.1.4
    
    Interoperability and bug fixes for the TLSv1.3 client:
    
     * Improve client certificate selection to allow EC certificates
       instead of only RSA certificates.
    
     * Do not error out if a TLSv1.3 server requests an OCSP response as
       part of a certificate request.
    
     * Fix SSL_shutdown behavior to match the legacy stack.  The previous
       behaviour could cause a hang.
    
     * Fix a memory leak and add a missing error check in the handling of
       the key update message.
    
     * Fix a memory leak in tls13_record_layer_set_traffic_key.
    
     * Avoid calling freezero with a negative size if a server sends a
       malformed plaintext of all zeroes.
    
     * Ensure that only PSS may be used with RSA in TLSv1.3 in order
       to avoid using PKCS1-based signatures.
    
     * Add the P-521 curve to the list of curves supported by default
       in the client.

Summary of changes:
 crypto/libressl/ChangeLog                  | 25 +++++++++
 crypto/libressl/VERSION                    |  2 +-
 crypto/libressl/include/openssl/opensslv.h |  4 +-
 crypto/libressl/ssl/ssl_locl.h             | 18 +++---
 crypto/libressl/ssl/ssl_sigalgs.c          |  8 ++-
 crypto/libressl/ssl/ssl_tlsext.c           | 49 ++++++++++++++--
 crypto/libressl/ssl/t1_lib.c               | 23 ++++++--
 crypto/libressl/ssl/tls13_client.c         | 90 ++++++++++++++++++++++++------
 crypto/libressl/ssl/tls13_legacy.c         | 42 +++++++-------
 crypto/libressl/ssl/tls13_lib.c            |  7 ++-
 crypto/libressl/ssl/tls13_record_layer.c   | 19 ++++---
 11 files changed, 218 insertions(+), 69 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/f015dc589551ad8356ba343b70d1889885249ae4


-- 
DragonFly BSD source repository



More information about the Commits mailing list