Make CLIENT_RENEG_LIMIT inclusive instead of exclusive, i.e. a limit of 2
means the peer can renegotiate twice, not just once.
Update pummel/test-tls-ci-reneg-attack accordingly and make it less timing
sensitive (and run faster) while we're at it.
DH_size returns number of bytes in a prime number, DH_compute_key returns number
of bytes in a remainder of exponent, which may have less bytes than a prime
number. Therefore add 0-padding to the allocated buffer.
Fixes#3372
It wasn't waiting for the child process' stderr to close, so not an
assertion was made *before* all the data that the child process sent
was received by node.
Instead of allocating a new 64KB buffer each time when checking if there is
something to transform, continue to use the same buffer. Once the buffer is
exhausted, allocate a new buffer. This solves the problem of huge allocations
when small fragments of data are processed, but will also continue to work
well with big pieces of data.
Throw, don't abort. `new Buffer(0x3fffffff + 1)` used to bring down the process
with the following error message:
FATAL ERROR: v8::Object::SetIndexedPropertiesToExternalArrayData() length
exceeds max acceptable value
Fixes#2280.
The TLS protocol allows (and sometimes requires) clients to renegotiate the
session. However, renegotiation requires a disproportional amount of server-side
resources, particularly CPU time, which makes it a potential vector for
denial-of-service attacks.
To mitigate this issue, we keep track of and limit the number of renegotiation
requests over time, emitting an error if the threshold is exceeded.