kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
5267ef7b4a
boringssl/ssl/test/runner
History
David Benjamin 5267ef7b4a Reject unexpected application data in bidirectional shutdown. 
Update-Note: This tweaks the SSL_shutdown behavior. OpenSSL's original
SSL_shutdown behavior was an incoherent mix of discarding the record and
rejecting it (it would return SSL_ERROR_SYSCALL but retrying the
operation would discard it). SSLeay appears to have intended to discard
it, so we previously "fixed" it actually discard.

However, this behavior is somewhat bizarre and means we skip over
unbounded data, which we typically try to avoid. If you are trying to
cleanly shutdown the TLS portion of your protocol, surely it is at a
point where additional data is a syntax error. I suspect I originally
did not realize that, because the discarded record did not properly
continue the loop, SSL_shutdown would appear as if it rejected the data,
and so it's unlikely anyone was relying on that behavior.

Discussion in https://github.com/openssl/openssl/pull/6340 suggests
(some of) upstream also prefers rejecting.

Change-Id: Icde419049306ed17eb06ce1a7e1ff587901166f3
Reviewed-on: https://boringssl-review.googlesource.com/28864
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Steven Valdez <svaldez@google.com>
2018-06-04 21:39:58 +00:00
..
curve25519
ed25519
poly1305
alert.go Implement legacy OCSP APIs for libssl. 2018-05-11 22:21:26 +00:00
cert.pem
chacha20_poly1305_test.go
chacha20_poly1305.go
channel_id_key.pem
cipher_suites.go Remove RC4 remnants in runner. 2017-11-01 16:45:36 +00:00
common.go Preliminary support for compressed certificates. 2018-06-04 21:24:20 +00:00
conn.go Preliminary support for compressed certificates. 2018-06-04 21:24:20 +00:00
deterministic.go
dtls.go Test DTLS record/packet packing more aggressively. 2017-10-13 17:32:55 +00:00
ecdsa_p224_cert.pem
ecdsa_p224_key.pem
ecdsa_p256_cert.pem
ecdsa_p256_key.pem
ecdsa_p384_cert.pem
ecdsa_p384_key.pem
ecdsa_p521_cert.pem
ecdsa_p521_key.pem
ed25519_cert.pem
ed25519_key.pem
fuzzer_mode.json Fix fuzzer mode suppressions. 2018-01-31 22:57:51 +00:00
handshake_client.go Preliminary support for compressed certificates. 2018-06-04 21:24:20 +00:00
handshake_messages.go Preliminary support for compressed certificates. 2018-06-04 21:24:20 +00:00
handshake_server.go Preliminary support for compressed certificates. 2018-06-04 21:24:20 +00:00
hkdf_test.go
hkdf.go
key_agreement.go Test the high-order bit in X25519. 2018-04-19 00:56:35 +00:00
key.pem
packet_adapter.go
prf.go Remove draft22 and experiment2. 2018-01-31 18:07:53 +00:00
recordingconn.go Add DTLS fuzzers. 2017-09-07 22:26:50 +00:00
rsa_1024_cert.pem
rsa_1024_key.pem
rsa_chain_cert.pem
rsa_chain_key.pem
runner_test.go
runner.go Reject unexpected application data in bidirectional shutdown. 2018-06-04 21:39:58 +00:00
shim_ticket.go
sign.go
test_output.go
ticket.go
tls.go