boringssl

831 Commits

61 Branches

23 Tags

511 MiB

Tag: Branch: Tree: cf506f17d0

Commit Graph

Author	SHA1	Message	Date
David Benjamin	ddecaabdc8	Check hs->early_session, not ssl->session, for the early data limit. ServerHello/EncryptedExtensions/Finished is logically one atomic flight that exits the early data state, we have process each message sequentially. Until we've processed Finished, we are still in the early data state and must support writing data. Individual messages are processed atomically, so the interesting points are before ServerHello (already tested), after ServerHello, and after EncryptedExtensions. The TLS 1.3 handshake internally clears ssl->session when processing ServerHello, so getting the early data information from ssl->session does not work. Instead, use hs->early_session, which is what other codepaths use. I've tested this with runner rather than ssl_test, so we can test both post-SH and post-EE states. ssl_test would be more self-contained, since we can directly control the API calls, but it cannot test the post-EE state. To reduce record overhead, our production implementation packs EE and Finished into the same record, which means the handshake will process the two atomically. Instead, I've tested this in runner, with a flag to partially drive the handshake before reading early data. I've also tweaked the logic to hopefully be a little clearer. Bug: chromium:1208784 Change-Id: Ia4901042419c5324054f97743bd1aac59ebf8f24 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/47485 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>	4 years ago
Adam Langley	fb0c05cac2	acvp: add CMAC-AES support. Change by Dan Janni. Change-Id: I3f059e7b1a822c6f97128ca92a693499a3f7fa8f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41984 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: David Benjamin <davidben@google.com>	5 years ago

Author

SHA1

Message

Date

David Benjamin

ddecaabdc8

Check hs->early_session, not ssl->session, for the early data limit.

ServerHello/EncryptedExtensions/Finished is logically one atomic flight
that exits the early data state, we have process each message
sequentially. Until we've processed Finished, we are still in the early
data state and must support writing data. Individual messages *are*
processed atomically, so the interesting points are before ServerHello
(already tested), after ServerHello, and after EncryptedExtensions.

The TLS 1.3 handshake internally clears ssl->session when processing
ServerHello, so getting the early data information from ssl->session
does not work. Instead, use hs->early_session, which is what other
codepaths use.

I've tested this with runner rather than ssl_test, so we can test both
post-SH and post-EE states. ssl_test would be more self-contained, since
we can directly control the API calls, but it cannot test the post-EE
state. To reduce record overhead, our production implementation packs EE
and Finished into the same record, which means the handshake will
process the two atomically. Instead, I've tested this in runner, with a
flag to partially drive the handshake before reading early data.

I've also tweaked the logic to hopefully be a little clearer.

Bug: chromium:1208784
Change-Id: Ia4901042419c5324054f97743bd1aac59ebf8f24
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/47485
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>

4 years ago

Adam Langley

fb0c05cac2

acvp: add CMAC-AES support.

Change by Dan Janni.

Change-Id: I3f059e7b1a822c6f97128ca92a693499a3f7fa8f
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41984
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: David Benjamin <davidben@google.com>

5 years ago

2 Commits (cf506f17d0fe51a43abcc37aecb63601b70218ef)