Brent Cook | 29 Jan 00:33 2016

LibreSSL 2.3.2, 2.2.6, and 2.1.10 released

We have released a number of LibreSSL updates, which will be arriving in
the LibreSSL directory of your local OpenBSD mirror soon.

LibreSSL 2.2.6 and 2.1.10 contain a single change to deprecate use of
the SSL_OP_SINGLE_DH_USE flag. It is now enabled unconditionally.
Thanks to Antonio Sanso for the report.

LibreSSL 2.3.2, a snapshot release, contains the latest developments
from the OpenBSD 5.9 branch. It also contains ABI/API changes, which
will stabilize once OpenBSD 5.9 is completed. At that time, LibreSSL
2.3.x and 2.2.x will become the stable release branches, and we will
drop support for the 2.1.x branch.

LibreSSL 2.3.2 also has the following notable changes:

    * Changed format of LIBRESSL_VERSION_NUMBER to match that of

    * Added EVP_aead_chacha20_poly1305_ietf() which matches the AEAD
      construction introduced in RFC 7539, which is different than that
      already used in TLS with EVP_aead_chacha20_poly1305()

    * Avoid a potential undefined C99+ behavior due to shift overflow in
      AES_decrypt, reported by Pascal Cuoq <cuoq at>

    * More man pages converted from pod to mdoc format

    * Added COMODO RSA Certification Authority and QuoVadis
      root certificates to cert.pem
(Continue reading)

Ted Unangst | 15 Jan 23:01 2016

ssh roaming

Qualys Security identified vulnerabilities in the ssh client roaming feature.
In the default configuration, this could potentially leak client keys to a
hostile server.

There are patches to disable the roaming feature, and it has been removed from
the source tree.

Brent Cook | 8 Dec 04:20 2015

LibreSSL 2.2.5 and 2.1.9 released

We have released LibreSSL 2.2.5 and 2.1.9, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.

This release is based on the stable OpenBSD 5.8 and 5.7 branches, which
include two fixes from the Dec 3, 2015 OpenSSL release:

  - CVE-2015-3194 - NULL pointer dereference in client side certificate
  - CVE-2015-3195 - Memory leak in PKCS7 - not reachable from TLS/SSL.

* The following OpenSSL CVEs did not apply to LibreSSL

  - CVE-2015-3193 - Carry propagating bug in the x86_64 Montgomery
                    squaring procedure.
  - CVE-2015-3196 - Double free race condition of the identify hint data.

We will release an update to the development 2.3.x branch later in a
separate announcement.

The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.

Bob Beck | 4 Dec 07:01 2015

OpenBSD errata, Dec 3, 2015

Four new OpenSSL CVE's were released today, which OpenSSL deemed to be
not of sufficient severity to warrant advance disclosure.

OpenBSD/LibreSSL is not vulnerable to two of these CVE's.

CVE-2015-1393: Recently introduced in OpenSSL only. We did not merge
this because it gave miod <at>  a bad feeling.

CVE-2015-1394: NULL pointer dereference in client side certificate
validation. It was reported to OpenSSL on Aug 27, 2015, and kept
secret from the community until Dec 3, 2015 by OpenSSL and the
reporter of the bug.

CVE-2015-1395: Memory leak in PKCS7 - not reachable from TLS/SSL

CVE-2015-1396: String handling bug in code we deleted long ago, using
a function that all uses of which were flensed from LibreSSL shortly
after it's creation.

Fixes have been commited for both CVE-2015-1394 and CVE-2015-1395.
CVE-2015-1394 warrants an errata.

The errata for CVE-2015-1394 is available for OpenBSD 5.8 and OpenBSD
5.7 from the master site as well as the mirrors:

(Continue reading)

Stefan Sperling | 9 Nov 20:13 2015

New erratas released today: 5.8 errata #8, 5.7 errata #20

There is a remotely triggerable panic in the wireless subsystem
involving WPA (a.k.a RSN).

RSN element parsing in the input path lacks validation of the group
cipher and group management cipher values. If a bad value is received
it is stored without validation, which will trigger a panic when the
value is used while sending a reply.

This can be used by malicious access points to crash OpenBSD clients,
or by malicious clients to crash OpenBSD access points.

Thanks to Franz Bettag for highlighting this problem.

Links to patches below. Please follow the instructions within.


Brent Cook | 3 Nov 02:51 2015

LibreSSL 2.3.1 released

We have released LibreSSL 2.3.1, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.

This release is the second snapshot based on the development OpenBSD 5.9
branch. It is still likely to change more compared to the 2.2.x and
2.1.x branches. The ABI/API for the LibreSSL 2.3.x series will be
declared stable around March 2016. See for more details.

LibreSSL 2.3.1 has the following notable changes:

  * ASN.1 cleanups and RFC5280 compliance fixes.

  * Time representations switched from 'unsigned long' to 'time_t'.
    LibreSSL now checks if the host OS supports 64-bit time_t.

  * Fixed a leak in SSL_new in the error path.

  * Support always extracting the peer cipher and version with libtls.

  * Added ability to check certificate validity times with libtls,
    tls_peer_cert_notbefore and tls_peer_cert_notafter.

  * Changed tls_connect_servername to use the first address that
    resolves with getaddrinfo().

  * Remove broken conditional EVP_CHECK_DES_KEY code (non-functional
    since initial commit in 2004).

  * Fixed a memory leak and out-of-bounds access in OBJ_obj2txt,
(Continue reading)

Theo de Raadt | 18 Oct 16:47 2015

OpenBSD 5.8 released

OpenBSD 5.8 arrives on the 20th birthday of the OpenBSD project.

October 18, 2015.

We are pleased to announce the official release of OpenBSD 5.8.
This is our 38th release on CD-ROM (and 39th via FTP/HTTP).  We remain
proud of OpenBSD's record of twenty years with only two remote holes in
the default install.

As in our previous releases, 5.8 provides significant improvements,
including new features, in nearly all areas of the system:

 - Improved hardware support, including:
    o New rtwn(4) driver for Realtek RTL8188CE wifi cards.
    o New hpb(4) driver for HyperTransport bridges as found in the IBM
    o The ugold(4) driver now supports TEMPerHUMV1.x temperature and
      humidity sensors.
    o Improved sensor support for the upd(4) driver for USB Power
      Devices (UPS).
    o Support for jumbo frames on re(4) devices using RTL8168C/D/E/F/G
      and RTL8411, including PC Engines APU.
    o re(4) now works with newer devices e.g. RTL8111GU.
    o Partial support has been added for full-speed isochronous devices
      in ehci(4), allowing USB 1.1 audio devices to be used on
      EHCI-only systems in some cases.
    o Improved macppc stability and G5 performances with MP kernels.
    o acpicpu(4) uses ACPI C-state information to reduce power
      consumption of idle CPUs.
    o Kernel supports x86 AVX instructions on CPUs that have them.
(Continue reading)

Theo de Raadt | 18 Oct 08:31 2015

It was twenty years ago you see...

OpenBSD's source tree just turned 20 years old.

I recall the import taking about 3 hours on an EISA-bus 486 with two
ESDI drives.  There was an import attempt a few days earlier, but it
failed due to insufficient space.  It took some time to repartition
the machine.

It wasn't terribly long before David Miller, Chuck Cranor and Niklas
Hallqvist were commiting... then more people showed up.

The first developments were improvements to 32-bit sparc.

Chuck and I also worked on setting up the first 'anoncvs' to make sure
noone was ever cut out from 'the language of diffs' again.  I guess
that was the precursor for the github concept these days :-).  People
forget, but even FSF was a walled garden at the time -- throwing tar
files with vague logs over the wall every couple months.

I was lucky to have one of the few 64Kbit ISDN links in town,
otherwise this would not have happened.  My desktop was a Sparcstation
10; the third machine I had was a very slow 386.

The project is now at:

~322,000 commits
~44 commits/day average
~356 hackers through the years


(Continue reading)

Ted Unangst | 16 Oct 02:30 2015

Oct 15 OpenBSD errata and LibreSSL releases

The OBJ_obj2txt function in libcrypto contains a one byte buffer overrun
and memory leak, as reported by Qualys Security. This can be abused by an
attacker to cause a denial of service in some cases.

Patches are now available for OpenBSD as well as new releases of LibreSSL
portable. 5.6, 5.7, and 5.8 are affected, as well as all releases of LibreSSL.

Note that in addition to the instructions to rebuild libcrypto in the patch,
some binaries may link statically with libcrypto (isakmpd, iked, ...) and need
rebuilding as well. And services restarted.

OpenBSD patches:

LibreSSL releases:

There will be a libressl-2.3.1 release coming, but as a reminder it's still a
development branch. (The OpenBSD patches should apply to 2.3.0 as well.)

With the release of OpenBSD 5.8 in a few days, 5.6 will be officially retired
from support, and along with it LibreSSL 2.0. Hopefully, this will be the last
release in that line.

Stuart Henderson | 14 Oct 20:42 2015

kevent errata for 5.6, 5.7 and 5.8

A problem with kevent(2) timers has been fixed. If triggered (which can
be done by a local unprivileged user), it would result in a kernel hang.
Patches for the kernel are available:




Todd C. Miller | 9 Oct 17:31 2015

mailing list server downtime

The machine room that will be undergoing maintenance
Saturday October 10th.  As a reasult, the list server will be taken
down at 5:30am MDT and brought back up in the early afternoon.

This also affects and
which are located in the same machine room.

 - todd