kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix server-side KeyUpdates.

Browse Source 
We sized the post-handshake message limit for the older zero-length
KeyUpdate and forgot to update it when it got larger.

Thanks to Matt Caswell for catching this.

Change-Id: I7d2189479e9516fbfb6c195dfa367794d383582c
Reviewed-on: https://boringssl-review.googlesource.com/13805
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
David Benjamin 2017-02-10 13:14:01 -05:00 committed by CQ bot account: commit-bot@chromium.org
parent bc6ef7a83f
commit 7ebe61a585
2 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ssl/s3_both.c
View File

@ -496,7 +496,7 @@ size_t ssl_max_handshake_message_len(const SSL *ssl) {
if (ssl->server) { if (ssl->server) {
/* The largest acceptable post-handshake message for a server is a /* The largest acceptable post-handshake message for a server is a
* KeyUpdate. We will never initiate post-handshake auth. */ * KeyUpdate. We will never initiate post-handshake auth. */
return 0; return 1;
} }
/* Clients must accept NewSessionTicket and CertificateRequest, so allow the /* Clients must accept NewSessionTicket and CertificateRequest, so allow the

11
ssl/test/runner/runner.go
View File

@ -2290,7 +2290,16 @@ func addBasicTests() {
expectedError: ":WRONG_VERSION_NUMBER:", expectedError: ":WRONG_VERSION_NUMBER:",
}, },
{ {
name: "KeyUpdate", name: "KeyUpdate-Client",
config: Config{
MaxVersion: VersionTLS13,
},
sendKeyUpdates: 1,
keyUpdateRequest: keyUpdateNotRequested,
},
{
testType: serverTest,
name: "KeyUpdate-Server",
config: Config{ config: Config{
MaxVersion: VersionTLS13, MaxVersion: VersionTLS13,
}, },