kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Remove |need_record_splitting| from |SSL3_STATE|. 

It is redundant given the other state in the connection.

Change-Id: I5dc71627132659ab4316a5ea360c9ca480fb7c6c
Reviewed-on: https://boringssl-review.googlesource.com/6646
Reviewed-by: Adam Langley <agl@google.com>
kris/onging/CECPQ3_patch15
David Benjamin 9 years ago
committed by Adam Langley
parent
cd480380fa
commit
d9f0671bbe
3 changed files with 13 additions and 20 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +0
    -3
      include/openssl/ssl.h
  2. +1
    -13
      ssl/t1_enc.c
  3. +12
    -4
      ssl/tls_record.c

+ 0
- 3
include/openssl/ssl.h View File

@@ -3918,9 +3918,6 @@ typedef struct ssl3_state_st {
uint8_t server_random[SSL3_RANDOM_SIZE];
uint8_t client_random[SSL3_RANDOM_SIZE];

/* flags for countermeasure against known-IV weakness */
int need_record_splitting;

/* have_version is true if the connection's final version is known. Otherwise
* the version has not been negotiated yet. */
char have_version;


+ 1
- 13
ssl/t1_enc.c View File

@@ -369,19 +369,7 @@ int tls1_change_cipher_state(SSL *s, int which) {
evp_aead_seal, ssl3_version_from_wire(s, s->version),
s->s3->tmp.new_cipher, key, key_len, mac_secret, mac_secret_len, iv,
iv_len);
if (s->aead_write_ctx == NULL) {
return 0;
}

s->s3->need_record_splitting = 0;
if (!SSL_USE_EXPLICIT_IV(s) &&
(s->mode & SSL_MODE_CBC_RECORD_SPLITTING) != 0 &&
SSL_CIPHER_is_block_cipher(s->s3->tmp.new_cipher)) {
/* Enable 1/n-1 record-splitting to randomize the IV. See
* https://www.openssl.org/~bodo/tls-cbc.txt and the BEAST attack. */
s->s3->need_record_splitting = 1;
}
return 1;
return s->aead_write_ctx != NULL;
}

int tls1_setup_key_block(SSL *s) {


+ 12
- 4
ssl/tls_record.c View File

@@ -122,6 +122,14 @@
* forever. */
static const uint8_t kMaxEmptyRecords = 32;

/* ssl_needs_record_splitting returns one if |ssl|'s current outgoing cipher
* state needs record-splitting and zero otherwise. */
static int ssl_needs_record_splitting(const SSL *ssl) {
return !SSL_USE_EXPLICIT_IV(ssl) && ssl->aead_write_ctx != NULL &&
(ssl->mode & SSL_MODE_CBC_RECORD_SPLITTING) != 0 &&
SSL_CIPHER_is_block_cipher(ssl->aead_write_ctx->cipher);
}

size_t ssl_record_prefix_len(const SSL *ssl) {
if (SSL_IS_DTLS(ssl)) {
return DTLS1_RT_HEADER_LENGTH +
@@ -139,7 +147,7 @@ size_t ssl_seal_prefix_len(const SSL *ssl) {
} else {
size_t ret = SSL3_RT_HEADER_LENGTH +
SSL_AEAD_CTX_explicit_nonce_len(ssl->aead_write_ctx);
if (ssl->s3->need_record_splitting) {
if (ssl_needs_record_splitting(ssl)) {
ret += SSL3_RT_HEADER_LENGTH;
ret += ssl_cipher_get_record_split_len(ssl->aead_write_ctx->cipher);
}
@@ -154,7 +162,7 @@ size_t ssl_max_seal_overhead(const SSL *ssl) {
} else {
size_t ret = SSL3_RT_HEADER_LENGTH +
SSL_AEAD_CTX_max_overhead(ssl->aead_write_ctx);
if (ssl->s3->need_record_splitting) {
if (ssl_needs_record_splitting(ssl)) {
ret *= 2;
}
return ret;
@@ -300,8 +308,8 @@ static int do_seal_record(SSL *ssl, uint8_t *out, size_t *out_len,
int tls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out,
uint8_t type, const uint8_t *in, size_t in_len) {
size_t frag_len = 0;
if (ssl->s3->need_record_splitting && type == SSL3_RT_APPLICATION_DATA &&
in_len > 1) {
if (type == SSL3_RT_APPLICATION_DATA && in_len > 1 &&
ssl_needs_record_splitting(ssl)) {
/* |do_seal_record| will notice if it clobbers |in[0]|, but not if it
* aliases the rest of |in|. */
if (in + 1 <= out && out < in + in_len) {


Write Preview
Loading…
Cancel
Save