boringssl

History

David Benjamin 9a41d1b946 Deprecate SSL_*_read_ahead and enforce DTLS packet boundaries. Now that WebRTC honors packet boundaries (https://crbug.com/447431), we can start enforcing them correctly. Configuring read-ahead now does nothing. Instead DTLS will always set "read-ahead" and also correctly enforce packet boundaries when reading records. Add tests to ensure that badly fragmented packets are ignored. Because such packets don't fail the handshake, the tests work by injecting an alert in the front of the handshake stream and ensuring the DTLS implementation ignores them. ssl3_read_n can be be considerably unraveled now, but leave that for future cleanup. For now, make it correct. BUG=468889 Change-Id: I800cfabe06615af31c2ccece436ca52aed9fe899 Reviewed-on: https://boringssl-review.googlesource.com/4820 Reviewed-by: Adam Langley <agl@google.com>	2015-05-21 18:29:34 +00:00
..
openssl	Deprecate SSL_*_read_ahead and enforce DTLS packet boundaries.	2015-05-21 18:29:34 +00:00

David Benjamin 9a41d1b946 Deprecate SSL_*_read_ahead and enforce DTLS packet boundaries.

Now that WebRTC honors packet boundaries (https://crbug.com/447431), we
can start enforcing them correctly. Configuring read-ahead now does
nothing. Instead DTLS will always set "read-ahead" and also correctly
enforce packet boundaries when reading records. Add tests to ensure that
badly fragmented packets are ignored. Because such packets don't fail
the handshake, the tests work by injecting an alert in the front of the
handshake stream and ensuring the DTLS implementation ignores them.

ssl3_read_n can be be considerably unraveled now, but leave that for
future cleanup. For now, make it correct.

BUG=468889

Change-Id: I800cfabe06615af31c2ccece436ca52aed9fe899
Reviewed-on: https://boringssl-review.googlesource.com/4820
Reviewed-by: Adam Langley <agl@google.com>

2015-05-21 18:29:34 +00:00

openssl

Deprecate SSL_*_read_ahead and enforce DTLS packet boundaries.

2015-05-21 18:29:34 +00:00