commit de254b4c4ef7ec8838562d534f8a9b2ce27b1353
author Alessandro Ghedini <alessandro@ghedini.me> Mon Apr 17 19:12:33 2017 +0100
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Wed Apr 19 17:21:01 2017 +0000
tree 54a65e95d8fabc0f30b3c4ad55c47a83dd808f31
parent 5b6151df1d6f3f09ed36ed8b306e2831a319708e

Enforce max_early_data_size on the server.

BUG=76

Change-Id: I8b754ba17b3e0beee425929e4b53785b2e95f0ae
Reviewed-on: https://boringssl-review.googlesource.com/15164
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/internal.h

diff --git a/ssl/internal.h b/ssl/internal.h
index 4d148c6..1ed7e15 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -1121,6 +1121,10 @@
 
   /* client_version is the value sent or received in the ClientHello version. */
   uint16_t client_version;
+
+  /* early_data_read is the amount of early data that has been read by the
+   * record layer. */
+  uint16_t early_data_read;
 } /* SSL_HANDSHAKE */;
 
 SSL_HANDSHAKE *ssl_handshake_new(SSL *ssl);
@@ -1964,6 +1968,11 @@
 #define SSL_KEY_UPDATE_NOT_REQUESTED 0
 #define SSL_KEY_UPDATE_REQUESTED 1
 
+/* kMaxEarlyDataAccepted is the advertised number of plaintext bytes of early
+ * data that will be accepted. This value should be slightly below
+ * kMaxEarlyDataSkipped in tls_record.c, which is measured in ciphertext. */
+static const size_t kMaxEarlyDataAccepted = 14336;
+
 CERT *ssl_cert_new(const SSL_X509_METHOD *x509_method);
 CERT *ssl_cert_dup(CERT *cert);
 void ssl_cert_clear_certs(CERT *c);