kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
ac8302a092
boringssl/ssl
History
David Benjamin ac8302a092 Don't set need_record_splitting until aead_write_ctx is set. 
setup_key_block is called when the first CCS resolves, but for resumptions this
is the incoming CCS (see ssl3_do_change_cipher_spec). Rather than set
need_record_splitting there, it should be set in the write case of
tls1_change_cipher_state.

This fixes a crash from the new record layer code in resumption when
record-splitting is enabled. Tweak the record-splitting tests to cover this
case.

This also fixes a bug where renego from a cipher which does require record
splitting to one which doesn't continues splitting. Since version switches are
not allowed, this can only happen after a renego from CBC to RC4.

Change-Id: Ie4e1b91282b10f13887b51d1199f76be4fbf09ad
Reviewed-on: https://boringssl-review.googlesource.com/5787
Reviewed-by: Adam Langley <agl@google.com>
2015-09-01 22:30:48 +00:00
..
pqueue Fix some malloc test crashs. 2015-05-21 18:00:10 +00:00
test Don't set need_record_splitting until aead_write_ctx is set. 2015-09-01 22:30:48 +00:00
CMakeLists.txt Factor out the buffering and low-level record code. 2015-08-28 22:01:02 +00:00
custom_extensions.c Fix NULL dereference in the case of an unexpected extension from a server. 2015-08-07 18:21:20 +00:00
d1_both.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00
d1_clnt.c Decouple the handshake buffer and digest. 2015-08-07 01:10:33 +00:00
d1_lib.c Decouple the handshake buffer and digest. 2015-08-07 01:10:33 +00:00
d1_meth.c Remove signature algorithm configuration hooks and SSL_ctrl. 2015-08-18 22:13:20 +00:00
d1_pkt.c Don't support bidirectional shutdown over DTLS. 2015-08-31 19:08:06 +00:00
d1_srtp.c Convert the SRTP extension to the new system 2015-07-21 21:44:22 +00:00
d1_srvr.c Tidy up the ssl3_send_server_key_exchange slightly. 2015-08-28 22:53:43 +00:00
dtls_record.c Reject empty records of unexpected type. 2015-08-28 22:03:00 +00:00
internal.h Remove the last of SESS_CERT. 2015-08-28 22:45:59 +00:00
s3_both.c Factor out the buffering and low-level record code. 2015-08-28 22:01:02 +00:00
s3_clnt.c Remove the last of SESS_CERT. 2015-08-28 22:45:59 +00:00
s3_enc.c Simplify handshake hash handling. 2015-08-07 01:47:21 +00:00
s3_lib.c Move peer_dh_tmp and peer_ecdh_tmp out of SESS_CERT. 2015-08-28 22:05:53 +00:00
s3_meth.c Remove signature algorithm configuration hooks and SSL_ctrl. 2015-08-18 22:13:20 +00:00
s3_pkt.c Don't confuse TLS bidirectional shutdown on record type zero. 2015-08-31 19:08:24 +00:00
s3_srvr.c Tidy up the ssl3_send_server_key_exchange slightly. 2015-08-28 22:53:43 +00:00
ssl_aead_ctx.c Fold away SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD. 2015-08-07 00:57:37 +00:00
ssl_algs.c Rename ssl_locl.h to internal.h 2015-04-10 22:14:09 +00:00
ssl_asn1.c Remove the last of SESS_CERT. 2015-08-28 22:45:59 +00:00
ssl_buffer.c Fix buffer size computation. 2015-09-01 20:18:21 +00:00
ssl_cert.c Remove the last of SESS_CERT. 2015-08-28 22:45:59 +00:00
ssl_cipher.c Factor out the buffering and low-level record code. 2015-08-28 22:01:02 +00:00
ssl_lib.c Forbid a server from negotiating both ALPN and NPN. 2015-09-01 20:46:42 +00:00
ssl_rsa.c Add server-side support for asynchronous signing. 2015-07-31 01:14:29 +00:00
ssl_sess.c Remove the last of SESS_CERT. 2015-08-28 22:45:59 +00:00
ssl_stat.c Factor out the buffering and low-level record code. 2015-08-28 22:01:02 +00:00
ssl_test.cc Remove the last of SESS_CERT. 2015-08-28 22:45:59 +00:00
ssl_txt.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00
t1_enc.c Don't set need_record_splitting until aead_write_ctx is set. 2015-09-01 22:30:48 +00:00
t1_lib.c Forbid a server from negotiating both ALPN and NPN. 2015-09-01 20:46:42 +00:00
tls_record.c Fix MSVC build. 2015-08-28 22:27:33 +00:00