projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b8c4961) | patch
Check TLSv1.3 ServerHello, Finished and KeyUpdates are on record boundary
authorMatt Caswell <matt@openssl.org>
Tue, 7 Mar 2017 10:21:58 +0000 (10:21 +0000)
committerMatt Caswell <matt@openssl.org>
Tue, 7 Mar 2017 16:41:25 +0000 (16:41 +0000)
commit524420d8459fa07a8e4900bc9dfb558b215edbbd
tree6792e3cd7069ee3d658d6e1e3fd3fa16fc080454tree | snapshot
parentb8c49611bc26c8f9a980b814496a3069cd524b79commit | diff
Check TLSv1.3 ServerHello, Finished and KeyUpdates are on record boundary

In TLSv1.3 the above messages signal a key change. The spec requires that
the end of these messages must align with a record boundary. We can detect
this by checking for decrypted but as yet unread record data sitting in
OpenSSL buffers at the point where we process the messages.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2875)
include/openssl/ssl.h diff | blob | history
ssl/ssl_err.c diff | blob | history
ssl/statem/statem_clnt.c diff | blob | history
ssl/statem/statem_lib.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.