summaryrefslogtreecommitdiff
path: root/src/lib/libc/stdlib/reallocarray.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2021-02-08Update DTLS client hello due to ECC changes.jsing1-5/+8
2021-02-08Remove bogus DTLS checks to disable ECC and OCSP.jsing2-10/+3
ECC and OCSP can be used with DTLS, so remove bogus checks that currently prevent it. These are long lasting remnants from the original OpenSSL code. ok tb@
2021-02-08Enforce read ahead with DTLS.jsing1-5/+5
DTLS is largely broken/useless without read ahead being enabled, so enforce it for DTLS. This behaviour matches both our documentation and OpenSSL. ok tb@
2021-02-08Use dtls1_retrieve_buffered_record() to load buffered application data.jsing1-11/+3
Replace the current copy of dtls1_retrieve_buffered_record() with a call to it instead. ok tb@
2021-02-07Absorb ssl3_get_algorithm2() into ssl_get_handshake_evp_md().jsing4-22/+19
The mess that is ssl_get_algorithm2() only exists to upgrade the handshake MAC of a pre-TLSv1.2 cipher suite to SHA256 when used with TLSv1.2. We can readily do this in ssl_get_handshake_evp_md(), which is far more readable. ok tb@
2021-02-07Correct handshake MAC/PRF for various TLSv1.2 cipher suites.jsing1-8/+8
For some reason various TLSv1.2 cipher suites were added with the default handshake MAC and PRF, rather than the SHA256 handshake MAC and PRF. This gets patched up in ssl3_get_algorithm2(), hence goes unnoticed. ok tb@
2021-02-07Factor out the legacy stack version checks.jsing4-28/+24
Also check for explicit version numbers, rather than just the major version value. ok tb@
2021-02-07Enable auto DHE and disable session tickets for some tests.jsing1-12/+13
This allows us to drop the server messages that we intend on dropping.
2021-02-06Only hexdump packets/messages on higher debug levels.jsing1-3/+4
2021-02-06Test reads and writes between the client and server.jsing1-3/+49
2021-02-03Fail early in legacy exporter if master secret is not availabletb1-1/+6
The exporter depends on having a master secret. If the handshake is not completed, it is neither guaranteed that a shared ciphersuite was selected (in which case tls1_PRF() will currently NULL deref) or that a master secret was set up (in which case the exporter will succeed with a predictable value). Neither outcome is desirable, so error out early instead of entering the sausage factory unprepared. This aligns the legacy exporter with the TLSv1.3 exporter in that regard. with/ok jsing
2021-02-03Add OID for draft-ietf-opsawg-finding-geofeedsjob2-0/+2
https://tools.ietf.org/html/draft-ietf-opsawg-finding-geofeeds describes a mechanism to authenticate RFC 8805 Geofeed data files through the RPKI. OpenSSL counterpart https://github.com/openssl/openssl/pull/14050 OK tb@ jsing@
2021-02-02Add a bunch of RPKI OIDsjob2-1/+26
RFC6482 - A Profile for Route Origin Authorizations (ROAs) RFC6484 - Certificate Policy (CP) for the RPKI RFC6493 - The RPKI Ghostbusters Record RFC8182 - The RPKI Repository Delta Protocol (RRDP) RFC8360 - RPKI Validation Reconsidered draft-ietf-sidrops-rpki-rta - A profile for RTAs Also in OpenSSL: https://github.com/openssl/openssl/commit/d3372c2f35495d0c61ab09daf7fba3ecbbb595aa OK sthen@ tb@ jsing@
2021-02-01Use "EC/RSA key setup failure" to align error with otherstb1-3/+3
ok eric jsing
2021-01-30missing word in commenttb1-3/+3
2021-01-28Remove direct assignment of aead_ctx.jsing1-13/+7
Now that AEAD is handled internally, we should no longer be assigning aead_ctx directly, as this will result in a leak. Missed during the previous change.
2021-01-28Move AEAD handling into the new TLSv1.2 record layer.jsing4-134/+102
ok tb@
2021-01-27wrap an overlong linetb1-2/+3
2021-01-27Link SSL_get_finished.3 to build.tb1-1/+2