From f398f615b6df385aec2b3553310cc237b29e068a Mon Sep 17 00:00:00 2001 From: Eduardo Chappa Date: Sat, 4 Jan 2020 20:08:32 -0700 Subject: * The feature that stopped alpine from saving passwords in the password file prevented users from actually saving their passwords in Windows and MAC OS. Fix the code so that passwords will be saved. Also, update the documentation of this feature. * Fix a buffer overflow bug in the XOAUTH2 code (off by one error). * Update PC-Alpine to work with Libressl version 3.0.2 instead of version 2.5.5 (update build.bat and lib files from the LibreSSL build). * Erase SSLXXXXXX file. * ssl_nt.c actually directs the code to ssl_libressl.c or ssl_win.c. The file ssl_libressl.c is the file ssl_unix.c from the unix osdep directory. The file ssl_win.c is the native SSL windows code. The Unix side provides S/MIME support for Alpine and the latest encryption protocols support for Alpine when connecting to a secure server, while the windows side provide TLSv1_3 support for Alpine, but not S/MIME support. In order to provide unix code for TLSv1_3 (once LibreSSL supports it) edit the file os_nt.c and remove the comments on the #ifdef section. This would provide both TLSv1_3 and S/MIME support with unix code. On the other hand, when we provide TLSv1_3 with the Windows code we need to undefine DF_ENCRYPTION_RANGE, and this is done in the file include/config.wnt.h. The way this is done as of this moment is by commenting an #else directive that preceedes this #undefine. * Update makefile.nt and friends in the windows side to account for the addition of XOAUTH2, and the use of only ssl_nt.c when dealing with Alpine. * Define SMIME_SSLCERTS as c:\libressl\ssl\certs, so that these certificates be considered while checking a digital S/MIME signature. * Improvements to the SMARTTIME24 token to account for changes in year. --- libressl/include/openssl/ssl3.h | 26 ++------------------------ 1 file changed, 2 insertions(+), 24 deletions(-) (limited to 'libressl/include/openssl/ssl3.h') diff --git a/libressl/include/openssl/ssl3.h b/libressl/include/openssl/ssl3.h index 91cbaf29..cadf7fd3 100644 --- a/libressl/include/openssl/ssl3.h +++ b/libressl/include/openssl/ssl3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl3.h,v 1.45 2017/01/22 09:02:07 jsing Exp $ */ +/* $OpenBSD: ssl3.h,v 1.49 2018/11/08 22:28:52 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -348,13 +348,9 @@ typedef struct ssl3_buffer_st { */ #define SSL3_CT_NUMBER 11 - #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 -#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 -#define SSL3_FLAGS_POP_BUFFER 0x0004 -#define TLS1_FLAGS_TLS_PADDING_BUG 0x0 #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 -#define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 +#define TLS1_FLAGS_FREEZE_TRANSCRIPT 0x0020 #define SSL3_FLAGS_CCS_OK 0x0080 #ifndef OPENSSL_NO_SSL_INTERN @@ -367,18 +363,6 @@ typedef struct ssl3_state_st { unsigned char server_random[SSL3_RANDOM_SIZE]; unsigned char client_random[SSL3_RANDOM_SIZE]; - SSL3_BUFFER rbuf; /* read IO goes into here */ - SSL3_BUFFER wbuf; /* write IO goes into here */ - - /* we allow one fatal and one warning alert to be outstanding, - * send close alert via the warning alert */ - int alert_dispatch; - unsigned char send_alert[2]; - - struct { - int new_mac_secret_size; - } tmp; - struct ssl3_state_internal_st *internal; } SSL3_STATE; @@ -415,8 +399,6 @@ typedef struct ssl3_state_st { #define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT) #define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT) #define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT) -#define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT) -#define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT) #define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) #define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) /* read from server */ @@ -462,8 +444,6 @@ typedef struct ssl3_state_st { #define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT) #define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT) #define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT) -#define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT) -#define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT) #define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT) #define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT) /* write to client */ @@ -489,8 +469,6 @@ typedef struct ssl3_state_st { #define SSL3_MT_FINISHED 20 #define SSL3_MT_CERTIFICATE_STATUS 22 -#define SSL3_MT_NEXT_PROTO 67 - #define DTLS1_MT_HELLO_VERIFY_REQUEST 3 #define SSL3_MT_CCS 1 -- cgit v1.2.3-70-g09d2