diff options
author | Martin Thomson <martin.thomson@gmail.com> | 2018-09-10 11:47:55 +1000 |
---|---|---|
committer | Martin Thomson <martin.thomson@gmail.com> | 2018-09-10 11:47:55 +1000 |
commit | 131361374c35220093d54ddb9b61bd310686864b (patch) | |
tree | 97d5ed37593360568198d4329419e5690bd65d2e /nss.gyp | |
parent | fcfbafba859b439493c422f3a4a98dd131874be4 (diff) | |
download | nss-hg-131361374c35220093d54ddb9b61bd310686864b.tar.gz |
Bug 1487597 - Improve 0-RTT data delivery, r=ekr
Summary:
This improves the code that delivers 0-RTT. When the caller provided a read
buffer to small to hold an entire record, the previous code reported errors.
Those errors might cause the connection to be dropped by the caller, but the
socket was still usable. If the socket was used again, there would be a gap in
the stream.
This fixes that bug and adds a bunch of tests around 0-RTT delivery. More tests
check the order of operations.
For instance, in TLS, we strictly maintain ordering between 0-RTT data delivery
and handshake completion. That is not the case for DTLS, where this allows
0-RTT records that arrive before the handshake completes to be read afterwards.
We do drop keys as soon as we see EndOfEarlyData (this is going away for DTLS,
so I assume Certificate/Finished will be the trigger eventually). The tests
added here confirm that late arrival causes 0-RTT to be dropped. Another test
confirms that any early arrival that is only read late will be delivered.
Reviewers: ekr
Subscribers: mt, ekr
Tags: #secure-revision, PHID-PROJ-ffhf7tdvqze7zrdn6dh3
Bug #: 1487597
Differential Revision: https://phabricator.services.mozilla.com/D4736
Diffstat (limited to 'nss.gyp')
0 files changed, 0 insertions, 0 deletions