openbsd/src/lib/libssl, branch libressl-v2.5.4

MFC.

2017-04-29T23:41:32+00:00

Fix a bug caused by the return value being set early to signal successful DTLS cookie validation. This can mask a later failure and result in a positive return value being returned from ssl3_get_client_hello(), when it should return a negative value to propagate the error. ok beck@

tweak previous;

2017-03-29T00:24:42+00:00

Fix typo in function name;

2017-03-28T18:21:55+00:00

from Markus Triska via OpenSSL commit 1f164c6f.

After i wrote SSL_renegotiate(3) from scratch, OpenSSL also

2017-03-28T18:19:53+00:00

documented the function. Merge the more detailed descriptions and the additional documentation of SSL_renegotiate_abbreviated(3) and SSL_renegotiate_pending(3). From Matt Caswell, OpenSSL commit 39820637.

Update RFC reference for TLSEXT_TYPE_padding.

2017-03-25T14:15:11+00:00

Check tls1_PRF() return value in tls1_generate_master_secret().

2017-03-25T13:42:29+00:00

More cleanup for tls1_PRF()/tls1_P_hash() - change the argument order of

2017-03-25T13:36:56+00:00

tls1_PRF() so that it matches tls1_P_hash(), use more explicit argument names and change lengths to size_t. ok inoguchi@

Fewer magic numbers.

2017-03-18T13:04:30+00:00

t1_enc.c

2017-03-18T13:01:55+00:00

Currently tls1_PRF() requires that a temporary buffer be provided, that

2017-03-18T12:58:18+00:00

matches the size of the output buffer. This is used in the case where there are multiple hashes - tls_P_hash() is called with the temporary buffer and the result is then xored into the output buffer. Avoid this by simply using a local buffer in tls_P_hash() and then xoring the result into the output buffer. Overall this makes the code cleaner and simplifies all of the tls_PRF() callers. Similar to BoringSSL. ok inoguchi@