kris
/
boringssl
1
0
Çatalla 0
Kod Konular 0 Değişiklik İstekleri 0 Sürümler 0 Wiki Aktivite
Kaynağa Gözat

Skip over early data in bogo. 

Change-Id: Idc93fdca2f1c5c23e4ba48c4efed2edbad1e857b
Reviewed-on: https://boringssl-review.googlesource.com/12521
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
kris/onging/CECPQ3_patch15
Nick Harper 8 yıl önce
committed by CQ bot account: commit-bot@chromium.org
ebeveyn
16315f7cc7
işleme
47383aadff
2 değiştirilmiş dosya ile 22 ekleme ve 0 silme
Görünümü Böl
Diff Seçenekleri
İstatistikleri Göster Yama Dosyasını İndir Diff Dosyasını İndir
  1. +16
    -0
      ssl/test/runner/conn.go
  2. +6
    -0
      ssl/test/runner/handshake_server.go

+ 16
- 0
ssl/test/runner/conn.go Dosyayı Görüntüle

@@ -38,6 +38,7 @@ type Conn struct {
haveVers bool // version has been negotiated
config *Config // configuration passed to constructor
handshakeComplete bool
skipEarlyData bool
didResume bool // whether this connection was a session resumption
extendedMasterSecret bool // whether this session used an extended master secret
cipherSuite *cipherSuite
@@ -726,6 +727,7 @@ func (hc *halfConn) splitBlock(b *block, n int) (*block, *block) {
}

func (c *Conn) doReadRecord(want recordType) (recordType, *block, error) {
RestartReadRecord:
if c.isDTLS {
return c.dtlsDoReadRecord(want)
}
@@ -829,10 +831,24 @@ func (c *Conn) doReadRecord(want recordType) (recordType, *block, error) {
// Process message.
b, c.rawInput = c.in.splitBlock(b, recordHeaderLen+n)
ok, off, encTyp, alertValue := c.in.decrypt(b)

// Handle skipping over early data.
if !ok && c.skipEarlyData {
goto RestartReadRecord
}

// If the server is expecting a second ClientHello (in response to
// a HelloRetryRequest) and the client sends early data, there
// won't be a decryption failure but it still needs to be skipped.
if c.in.cipher == nil && typ == recordTypeApplicationData && c.skipEarlyData {
goto RestartReadRecord
}

if !ok {
return 0, nil, c.in.setErrorLocked(c.sendAlert(alertValue))
}
b.off = off
c.skipEarlyData = false

if c.vers >= VersionTLS13 && c.in.cipher != nil {
if typ != recordTypeApplicationData {


+ 6
- 0
ssl/test/runner/handshake_server.go Dosyayı Görüntüle

@@ -509,6 +509,12 @@ Curves:
}
}

// Decide whether or not to accept early data.
if hs.clientHello.hasEarlyData {
// For now, we'll reject and skip early data.
c.skipEarlyData = true
}

// Resolve PSK and compute the early secret.
if hs.sessionState != nil {
hs.finishedHash.addEntropy(hs.sessionState.masterSecret)


Yaz Önizleme
Yükleniyor…
İptal
Kaydet