boringssl

953 Commits

61 Branches

23 Tags

511 MiB

Tag: Branch: Tree: b8e784e69f

Commit Graph

Author	SHA1	Message	Date
David Benjamin	ebd8b8965c	Track SSL_ERROR_ZERO_RETURN explicitly. Most SSL_ERROR_* values are tracked directly with rwstate. SSL_get_error is just reading the extra return value out from the previous call. However, SSL_ERROR_ZERO_RETURN infers close_notify from the SSL's shutdown state and a zero return value (EOF). This works, but if we implement SSL_read_ex and SSL_write_ex, a zero return value is no longer as carefully correlated with EOF. Moreover, it's already possible to get a non-EOF zero return post-close_notify if BIO_write returns an (arguably incorrect) return value. Instead, track SSL_ERROR_ZERO_RETURN in rwstate explicitly. Since rwstate is exposed as SSL_want and SSL_ERROR_ZERO_RETURN was previously never returned there, I've made it map SSL_ERROR_ZERO_RETURN back to SSL_ERROR_NONE. I've also added a test for BIO_write returning zero, though the real purpose is for a subsequent SSL_write_ex implementation to retain all the other tests we've added in here. Update-Note: This is intended to be safe, but if anything breaks around EOFs, this change is a likely culprit. Bug: 507 Change-Id: Ide0807665f2e02ee695c4976dc5e99fb10502cf0 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/53946 Auto-Submit: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com>	3 years ago
Adam Langley	fb0c05cac2	acvp: add CMAC-AES support. Change by Dan Janni. Change-Id: I3f059e7b1a822c6f97128ca92a693499a3f7fa8f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41984 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: David Benjamin <davidben@google.com>	5 years ago

Author

SHA1

Message

Date

David Benjamin

ebd8b8965c

Track SSL_ERROR_ZERO_RETURN explicitly.

Most SSL_ERROR_* values are tracked directly with rwstate. SSL_get_error
is just reading the extra return value out from the previous call.
However, SSL_ERROR_ZERO_RETURN infers close_notify from the SSL's
shutdown state and a zero return value (EOF).

This works, but if we implement SSL_read_ex and SSL_write_ex, a zero
return value is no longer as carefully correlated with EOF. Moreover,
it's already possible to get a non-EOF zero return post-close_notify if
BIO_write returns an (arguably incorrect) return value. Instead, track
SSL_ERROR_ZERO_RETURN in rwstate explicitly.

Since rwstate is exposed as SSL_want and SSL_ERROR_ZERO_RETURN was
previously never returned there, I've made it map SSL_ERROR_ZERO_RETURN
back to SSL_ERROR_NONE. I've also added a test for BIO_write returning
zero, though the real purpose is for a subsequent SSL_write_ex
implementation to retain all the other tests we've added in here.

Update-Note: This is intended to be safe, but if anything breaks around
EOFs, this change is a likely culprit.

Bug: 507
Change-Id: Ide0807665f2e02ee695c4976dc5e99fb10502cf0
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/53946
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>

3 years ago

Adam Langley

fb0c05cac2

acvp: add CMAC-AES support.

Change by Dan Janni.

Change-Id: I3f059e7b1a822c6f97128ca92a693499a3f7fa8f
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41984
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: David Benjamin <davidben@google.com>

5 years ago

2 Commits (b8e784e69f2af690fd2c5e9b8bd273512637d866)