Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
12 个月 前同步成功

通知 8
Star 18
Fork 1
T
Third Party Openssl

体验新版 GitCode,发现更多精彩内容 >>

提交 7daf7156 编写于 作者: M Matt Caswell
浏览文件
操作

Don't attempt to write more early_data than we know the server will accept 

Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
上级 f6370040
隐藏空白更改
内联 并排
Showing with 15 addition and 7 deletion
ssl/record/rec_layer_s3.c
浏览文件 @ 7daf7156
...@@ -348,6 +348,10 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, ...@@ -348,6 +348,10 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
return -1; return -1;
} }
if (s->early_data_state == SSL_EARLY_DATA_WRITING
&& !early_data_count_ok(s, len, 0, NULL))
return -1;
s->rlayer.wnum = 0; s->rlayer.wnum = 0;
if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)) { if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)) {
......
ssl/record/ssl3_record.c
浏览文件 @ 7daf7156
...@@ -106,14 +106,17 @@ int early_data_count_ok(SSL *s, size_t length, size_t overhead, int *al) ...@@ -106,14 +106,17 @@ int early_data_count_ok(SSL *s, size_t length, size_t overhead, int *al)
uint32_t max_early_data = s->max_early_data; uint32_t max_early_data = s->max_early_data;
/* /*
* We go with the lowest out of the max early data set in the session * If we are a client then we always use the max_early_data from the
* and the configured max_early_data. * session. Otherwise we go with the lowest out of the max early data set in
* the session and the configured max_early_data.
*/ */
if (s->hit && s->session->ext.max_early_data < s->max_early_data) if (!s->server || (s->hit
&& s->session->ext.max_early_data < s->max_early_data))
max_early_data = s->session->ext.max_early_data; max_early_data = s->session->ext.max_early_data;
if (max_early_data == 0) { if (max_early_data == 0) {
*al = SSL_AD_UNEXPECTED_MESSAGE; if (al != NULL)
*al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_EARLY_DATA_COUNT_OK, SSL_R_TOO_MUCH_EARLY_DATA); SSLerr(SSL_F_EARLY_DATA_COUNT_OK, SSL_R_TOO_MUCH_EARLY_DATA);
return 0; return 0;
} }
...@@ -121,12 +124,13 @@ int early_data_count_ok(SSL *s, size_t length, size_t overhead, int *al) ...@@ -121,12 +124,13 @@ int early_data_count_ok(SSL *s, size_t length, size_t overhead, int *al)
/* If we are dealing with ciphertext we need to allow for the overhead */ /* If we are dealing with ciphertext we need to allow for the overhead */
max_early_data += overhead; max_early_data += overhead;
s->early_data_count += length; if (s->early_data_count + length > max_early_data) {
if (s->early_data_count > max_early_data) { if (al != NULL)
*al = SSL_AD_UNEXPECTED_MESSAGE; *al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_EARLY_DATA_COUNT_OK, SSL_R_TOO_MUCH_EARLY_DATA); SSLerr(SSL_F_EARLY_DATA_COUNT_OK, SSL_R_TOO_MUCH_EARLY_DATA);
return 0; return 0;
} }
s->early_data_count += length;
return 1; return 1;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册