diff options
| author | Matt Caswell <matt@openssl.org> | 2017-03-07 11:21:58 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2017-03-07 17:41:25 +0100 |
| commit | 524420d8459fa07a8e4900bc9dfb558b215edbbd (patch) | |
| tree | 6792e3cd7069ee3d658d6e1e3fd3fa16fc080454 /include | |
| parent | Provide a function to test whether we have unread records pending (diff) | |
| download | openssl-524420d8459fa07a8e4900bc9dfb558b215edbbd.tar.xz openssl-524420d8459fa07a8e4900bc9dfb558b215edbbd.zip | |
Check TLSv1.3 ServerHello, Finished and KeyUpdates are on record boundary
In TLSv1.3 the above messages signal a key change. The spec requires that
the end of these messages must align with a record boundary. We can detect
this by checking for decrypted but as yet unread record data sitting in
OpenSSL buffers at the point where we process the messages.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2875)
Diffstat (limited to 'include')
| -rw-r--r-- | include/openssl/ssl.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index c569407701..9fbf3d1b11 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -2575,6 +2575,7 @@ int ERR_load_SSL_strings(void); # define SSL_R_MISSING_SRP_PARAM 358 # define SSL_R_MISSING_TMP_DH_KEY 171 # define SSL_R_MISSING_TMP_ECDH_KEY 311 +# define SSL_R_NOT_ON_RECORD_BOUNDARY 182 # define SSL_R_NO_CERTIFICATES_RETURNED 176 # define SSL_R_NO_CERTIFICATE_ASSIGNED 177 # define SSL_R_NO_CERTIFICATE_SET 179 |