Add some extra comments following alert changes

Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3436)
author: Matt Caswell <matt@openssl.org> 2017-05-11 12:45:16 +0100
committer: Matt Caswell <matt@openssl.org> 2017-05-11 13:13:04 +0100
commit: 9010b7bc6ec7ffc6713ad5710d846b197c0ca697 (patch)
tree: c2e0efc633854515472917b7993eda1de7fede2f /ssl
parent: 26b9172a50f1ad22ed94f9d11834ca75d380fe73 (diff)
download: openssl-9010b7bc6ec7ffc6713ad5710d846b197c0ca697.tar.gz
2 files changed, 8 insertions, 0 deletions
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index aea52fd7fa..bafc976cde 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -644,6 +644,10 @@ int ssl3_get_record(SSL *s)
                                 &thisrr->data[end], 1, s, s->msg_callback_arg);
         }
 
+        /*
+         * TLSv1.3 alert and handshake records are required to be non-zero in
+         * length.
+         */
         if (SSL_IS_TLS13(s)
                 && (thisrr->type == SSL3_RT_HANDSHAKE
                     || thisrr->type == SSL3_RT_ALERT)
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 34871114b9..d37cbc399e 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -589,6 +589,10 @@ MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt)
         goto err;
     }
 
+    /*
+     * There are only two defined key update types. Fail if we get a value we
+     * didn't recognise.
+     */
     if (updatetype != SSL_KEY_UPDATE_NOT_REQUESTED
             && updatetype != SSL_KEY_UPDATE_REQUESTED) {
         al = SSL_AD_ILLEGAL_PARAMETER;
author	Matt Caswell <matt@openssl.org>	2017-05-11 12:45:16 +0100
committer	Matt Caswell <matt@openssl.org>	2017-05-11 13:13:04 +0100
commit	9010b7bc6ec7ffc6713ad5710d846b197c0ca697 (patch)
tree	c2e0efc633854515472917b7993eda1de7fede2f /ssl
parent	26b9172a50f1ad22ed94f9d11834ca75d380fe73 (diff)
download	openssl-9010b7bc6ec7ffc6713ad5710d846b197c0ca697.tar.gz