Google Git
Sign in
boringssl / boringssl.git / 86271ee9f866cd83d9e37ab1ba1218ebefb336aa^! / . / include / openssl / ssl3.h
commit86271ee9f866cd83d9e37ab1ba1218ebefb336aa[log] [tgz]
authorDavid Benjamin <davidben@chromium.org>Mon Jul 21 16:14:03 2014 -0400
committerAdam Langley <agl@google.com>Fri Jul 25 17:58:58 2014 +0000
tree99c36d2f90a7c908639d4c210bcd6aef8d6ee36e
parentcb5abad717d9ef77209071813376fd06b2ede294 [diff] [blame]
Change CCS_OK to EXPECT_CCS.

Now that the flag is set accurately, use it to enforce that the handshake and
CCS synchronization. If EXPECT_CCS is set, enforce that:

(a) No handshake records may be received before ChangeCipherSpec.

(b) There is no pending handshake data at the point EXPECT_CCS is set.

Change-Id: I04b228fe6a7a771cf6600b7d38aa762b2d553f08
Reviewed-on: https://boringssl-review.googlesource.com/1299
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h
index db9c381..4edb6df 100644
--- a/include/openssl/ssl3.h
+++ b/include/openssl/ssl3.h

@@ -343,7 +343,9 @@
 #define TLS1_FLAGS_TLS_PADDING_BUG		0x0008
 #define TLS1_FLAGS_SKIP_CERT_VERIFY		0x0010
 #define TLS1_FLAGS_KEEP_HANDSHAKE		0x0020
-#define SSL3_FLAGS_CCS_OK			0x0080
+/* TODO(davidben): This flag can probably be merged into s3->change_cipher_spec
+ * to something tri-state. (Normal / Expect CCS / Between CCS and Finished). */
+#define SSL3_FLAGS_EXPECT_CCS			0x0080
  
 /* SSL3_FLAGS_SGC_RESTART_DONE is set when we
  * restart a handshake because of MS SGC and so prevents us