b16346b0ad
This causes any unexpected handshake records to be met with a fatal no_renegotiation alert. In addition, restore the redundant version sanity-checks in the handshake state machines. Some code would zero the version field as a hacky way to break the handshake on renego. Those will be removed when switching to this API. The spec allows for a non-fatal no_renegotiation alert, but ssl3_read_bytes makes it difficult to find the end of a ClientHello and skip it entirely. Given that OpenSSL goes out of its way to map non-fatal no_renegotiation alerts to fatal ones, this seems probably fine. This avoids needing to account for another source of the library consuming an unbounded number of bytes without returning data up. Change-Id: Ie5050d9c9350c29cfe32d03a3c991bdc1da9e0e4 Reviewed-on: https://boringssl-review.googlesource.com/4300 Reviewed-by: Adam Langley <agl@google.com> |
||
---|---|---|
.. | ||
pqueue | ||
test | ||
CMakeLists.txt | ||
d1_both.c | ||
d1_clnt.c | ||
d1_lib.c | ||
d1_meth.c | ||
d1_pkt.c | ||
d1_srtp.c | ||
d1_srvr.c | ||
internal.h | ||
s3_both.c | ||
s3_clnt.c | ||
s3_enc.c | ||
s3_lib.c | ||
s3_meth.c | ||
s3_pkt.c | ||
s3_srvr.c | ||
ssl_algs.c | ||
ssl_asn1.c | ||
ssl_cert.c | ||
ssl_cipher.c | ||
ssl_lib.c | ||
ssl_rsa.c | ||
ssl_sess.c | ||
ssl_stat.c | ||
ssl_test.cc | ||
ssl_txt.c | ||
t1_enc.c | ||
t1_lib.c | ||
t1_reneg.c |