Update LibreSSL from version 2.4.2 => 2.4.3
authorJohn Marino <draco@marino.st>
Mon, 3 Oct 2016 19:23:51 +0000 (14:23 -0500)
committerJohn Marino <draco@marino.st>
Mon, 3 Oct 2016 19:54:18 +0000 (14:54 -0500)
crypto/libressl/ChangeLog
crypto/libressl/VERSION
crypto/libressl/crypto/evp/evp_enc.c
crypto/libressl/include/openssl/opensslv.h
crypto/libressl/ssl/ssl_lib.c
crypto/libressl/ssl/t1_lib.c

index 6ec28e0..0c5a934 100644 (file)
@@ -28,6 +28,19 @@ history is also available from Git.
 
 LibreSSL Portable Release Notes:
 
+2.4.3 - Bug fixes and reliability improvements
+
+       * Reverted change that cleans up the EVP cipher context in
+         EVP_EncryptFinal() and EVP_DecryptFinal(). Some software relies on the
+         previous behaviour.
+
+       * Avoid unbounded memory growth in libssl, which can be triggered by a
+         TLS client repeatedly renegotiating and sending OCSP Status Request
+         TLS extensions.
+
+       * Avoid falling back to a weak digest for (EC)DH when using SNI with
+         libssl.
+
 2.4.2 - Bug fixes and improvements
 
        * Fixed loading default certificate locations with openssl s_client.
index 222d476..ea69474 100644 (file)
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_enc.c,v 1.30 2016/05/04 15:05:13 tedu Exp $ */
+/* $OpenBSD: evp_enc.c,v 1.31 2016/05/30 13:42:54 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -371,7 +371,6 @@ EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
        int ret;
 
        ret = EVP_EncryptFinal_ex(ctx, out, outl);
-       (void) EVP_CIPHER_CTX_cleanup(ctx);
        return ret;
 }
 
@@ -485,7 +484,6 @@ EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
        int ret;
 
        ret = EVP_DecryptFinal_ex(ctx, out, outl);
-       (void) EVP_CIPHER_CTX_cleanup(ctx);
        return ret;
 }
 
index 14239e0..bbefbd7 100644 (file)
@@ -1,10 +1,10 @@
-/* $OpenBSD: opensslv.h,v 1.35 2016/06/06 09:50:15 bcook Exp $ */
+/* $OpenBSD: opensslv.h,v 1.36 2016/06/30 11:10:29 bcook Exp $ */
 #ifndef HEADER_OPENSSLV_H
 #define HEADER_OPENSSLV_H
 
 /* These will change with each release of LibreSSL-portable */
-#define LIBRESSL_VERSION_NUMBER        0x2040200fL
-#define LIBRESSL_VERSION_TEXT  "LibreSSL 2.4.2"
+#define LIBRESSL_VERSION_NUMBER        0x2040300fL
+#define LIBRESSL_VERSION_TEXT  "LibreSSL 2.4.3"
 
 /* These will never change */
 #define OPENSSL_VERSION_NUMBER 0x20000000L
index 409fed4..1225f68 100644 (file)
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.115 2015/10/19 17:59:39 beck Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.116 2015/10/25 15:52:49 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2847,13 +2847,20 @@ SSL_get_SSL_CTX(const SSL *ssl)
 SSL_CTX *
 SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
 {
+       CERT *ocert = ssl->cert;
+
        if (ssl->ctx == ctx)
                return (ssl->ctx);
        if (ctx == NULL)
                ctx = ssl->initial_ctx;
-       if (ssl->cert != NULL)
-               ssl_cert_free(ssl->cert);
        ssl->cert = ssl_cert_dup(ctx->cert);
+       if (ocert != NULL) {
+               int i;
+               /* Copy negotiated digests from original certificate. */
+               for (i = 0; i < SSL_PKEY_NUM; i++)
+                       ssl->cert->pkeys[i].digest = ocert->pkeys[i].digest;
+               ssl_cert_free(ocert);
+       }
        CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
        SSL_CTX_free(ssl->ctx); /* decrement reference count */
        ssl->ctx = ctx;
index b225bb3..c1e5f54 100644 (file)
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.86 2016/03/10 23:21:46 mmcc Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.87 2016/05/30 13:42:54 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1438,10 +1438,28 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
                                /* Read in responder_id_list */
                                n2s(data, dsize);
                                size -= 2;
-                               if (dsize > size  ) {
+                               if (dsize > size) {
                                        *al = SSL_AD_DECODE_ERROR;
                                        return 0;
                                }
+
+                               /*
+                                * We remove any OCSP_RESPIDs from a
+                                * previous handshake to prevent
+                                * unbounded memory growth.
+                                */
+                               sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids,
+                                   OCSP_RESPID_free);
+                               s->tlsext_ocsp_ids = NULL;
+                               if (dsize > 0) {
+                                       s->tlsext_ocsp_ids =
+                                           sk_OCSP_RESPID_new_null();
+                                       if (s->tlsext_ocsp_ids == NULL) {
+                                               *al = SSL_AD_INTERNAL_ERROR;
+                                               return 0;
+                                       }
+                               }
+
                                while (dsize > 0) {
                                        OCSP_RESPID *id;
                                        int idsize;
@@ -1469,13 +1487,6 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
                                                *al = SSL_AD_DECODE_ERROR;
                                                return 0;
                                        }
-                                       if (!s->tlsext_ocsp_ids &&
-                                           !(s->tlsext_ocsp_ids =
-                                           sk_OCSP_RESPID_new_null())) {
-                                               OCSP_RESPID_free(id);
-                                               *al = SSL_AD_INTERNAL_ERROR;
-                                               return 0;
-                                       }
                                        if (!sk_OCSP_RESPID_push(
                                            s->tlsext_ocsp_ids, id)) {
                                                OCSP_RESPID_free(id);