commit 143e8b3fd9b96a4599d303e7800c4043904ff55f
author Steven Valdez <svaldez@google.com> Mon Jul 11 13:19:03 2016 -0400
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Mon Jul 18 09:54:46 2016 +0000
tree 2aab32a5d5d37f4c05caa9294658ec22669ca499
parent 4ee027fd0560ea3644ff13697a7a97bcd0c588d0

Add TLS 1.3 1-RTT.

This adds the machinery for doing TLS 1.3 1RTT.

Change-Id: I736921ffe9dc6f6e64a08a836df6bb166d20f504
Reviewed-on: https://boringssl-review.googlesource.com/8720
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/tls_method.c

diff --git a/ssl/tls_method.c b/ssl/tls_method.c
index ccf4f98..39daa5a 100644
--- a/ssl/tls_method.c
+++ b/ssl/tls_method.c
@@ -56,7 +56,6 @@
 
 #include <openssl/ssl.h>
 
-#include <assert.h>
 #include <string.h>
 
 #include <openssl/buf.h>
@@ -93,9 +92,13 @@
 }
 
 static int ssl3_set_read_state(SSL *ssl, SSL_AEAD_CTX *aead_ctx) {
-  /* TODO(davidben): In TLS 1.3, cipher changes are not always preceeded by a
-   * ChangeCipherSpec, so this must become a runtime check. */
-  assert(ssl->s3->rrec.length == 0);
+  if (ssl->s3->rrec.length != 0) {
+    /* There may not be unprocessed record data at a cipher change. */
+    OPENSSL_PUT_ERROR(SSL, SSL_R_BUFFERED_MESSAGES_ON_CIPHER_CHANGE);
+    ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+    SSL_AEAD_CTX_free(aead_ctx);
+    return 0;
+  }
 
   memset(ssl->s3->read_sequence, 0, sizeof(ssl->s3->read_sequence));