Google Git
Sign in
boringssl/boringssl.git/d493d5289dd834b65232899c2cd8fe83baddfd44^!/./ssl/ssl3.h
commit
d493d5289dd834b65232899c2cd8fe83baddfd44
[log]
author
Adam Langley <agl@chromium.org>
Fri Jun 20 12:00:00 2014 -0700
committer
Adam Langley <agl@chromium.org>
Fri Jun 20 13:17:35 2014 -0700
tree
8d58745d31a798a6acd861bd548e11587125f8cd
parent
509e5ed20146121177fe3649fe4f51dbc91e60c3 [diff] [blame]
CBC record splitting.

This patch removes support for empty records (which is almost
universally disabled via SSL_OP_ALL) and adds optional support for 1/n-1
record splitting.

The latter is not enabled by default, since it's not typically used on
servers, but it should be enabled in web browsers since there are known
attacks in that case (see BEAST).

diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index 43fc22d..77e7c5d 100644
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h

@@ -430,8 +430,8 @@
 	unsigned char client_random[SSL3_RANDOM_SIZE];
 
 	/* flags for countermeasure against known-IV weakness */
-	int need_empty_fragments;
-	int empty_fragment_done;
+	int need_record_splitting;
+	int record_split_done;
 
 	/* The value of 'extra' when the buffers were initialized */
 	int init_extra;