Clean up do_ssl3_write fragment handling.

Separate actually writing the fragment to the network from assembling it so
there is no need for is_fragment. record_split_done also needn't be a global;
as of 7fdeaf11017b82368e0a97547fc491b90ad40f67, it is always reset to 0 whether
or not SSL3_WANT_WRITE occurred, despite the comment.

I believe this is sound, but the pre-7fdeaf1 logic wasn't quiiite right;
ssl3_write_pending allows a retry to supply *additional* data, so not all
plaintext had been commited to before the IV was randomized. We could fix this
by tracking how many bytes were committed to the last time we fragmented, but
this is purely an optimization and doesn't seem worth the complexity.

This also fixes the alignment computation in the record-splitting case. The
extra byte was wrong, as demonstrated by the assert.

Change-Id: Ia087a45a6622f4faad32e501942cc910eca1237b
Reviewed-on: https://boringssl-review.googlesource.com/4234
Reviewed-by: Adam Langley <agl@google.com>

1 files changed, 2 insertions, 0 deletions

diff --git a/crypto/err/ssl.errordata b/crypto/err/ssl.errordata
index 1fd7e2cb..2c34dc66 100644
--- a/crypto/err/ssl.errordata
+++ b/crypto/err/ssl.errordata
@@ -100,6 +100,7 @@ SSL,function,195,ssl3_handshake_mac
 SSL,function,196,ssl3_prf
 SSL,function,197,ssl3_read_bytes
 SSL,function,198,ssl3_read_n
+SSL,function,266,ssl3_seal_record
 SSL,function,199,ssl3_send_cert_verify
 SSL,function,200,ssl3_send_certificate_request
 SSL,function,201,ssl3_send_channel_id
@@ -186,6 +187,7 @@ SSL,reason,118,BAD_SSL_FILETYPE
 SSL,reason,119,BAD_WRITE_RETRY
 SSL,reason,120,BIO_NOT_SET
 SSL,reason,121,BN_LIB
+SSL,reason,272,BUFFER_TOO_SMALL
 SSL,reason,122,CANNOT_SERIALIZE_PUBLIC_KEY
 SSL,reason,123,CA_DN_LENGTH_MISMATCH
 SSL,reason,124,CA_DN_TOO_LONG