kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Fix TLS 1.3 seal logic. 

Check against the write encryption state, not the read state.

Change-Id: Ib3d8e02800e37bd089ef02c67a0b7e5dc009b1a5
Reviewed-on: https://boringssl-review.googlesource.com/8330
Reviewed-by: Nick Harper <nharper@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>
kris/onging/CECPQ3_patch15
David Benjamin 8 years ago
parent
2f02854c24
commit
34fce88961
1 changed files with 1 additions and 1 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -1
      ssl/tls_record.c

+ 1
- 1
ssl/tls_record.c View File

@@ -360,7 +360,7 @@ int tls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out,
/* TLS 1.3 hides the actual record type inside the encrypted data. */
if (ssl->s3->have_version &&
ssl3_protocol_version(ssl) >= TLS1_3_VERSION &&
ssl->s3->aead_read_ctx != NULL) {
ssl->s3->aead_write_ctx != NULL) {
size_t padding = SSL3_RT_HEADER_LENGTH + 1;

if (in_len > in_len + padding || max_out < in_len + padding) {


Write Preview
Loading…
Cancel
Save