diff options
| author | Matt Caswell <matt@openssl.org> | 2017-02-14 11:20:44 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2017-02-17 10:28:01 +0000 |
| commit | f14afcaa4227df12bc11a426a60f41005a71e95f (patch) | |
| tree | 1fa794e157cd8a53665c8eb5252d8133cec5c83f /ssl | |
| parent | 82f992cbe0db628879aae4bf3ddd95cfcb1098a5 (diff) | |
| download | openssl-f14afcaa4227df12bc11a426a60f41005a71e95f.tar.gz | |
Updates following review feedback
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2609)
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/ssl_lib.c | 7 | ||||
| -rw-r--r-- | ssl/ssl_locl.h | 2 | ||||
| -rw-r--r-- | ssl/statem/statem_lib.c | 4 | ||||
| -rw-r--r-- | ssl/statem/statem_locl.h | 3 |
4 files changed, 9 insertions, 7 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 927d70a6a6..cb5e0cfbc9 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1720,6 +1720,11 @@ int SSL_shutdown(SSL *s) int SSL_key_update(SSL *s, SSL_KEY_UPDATE updatetype) { + /* + * TODO(TLS1.3): How will applications know whether TLSv1.3+ has been + * negotiated, and that it is appropriate to call SSL_key_update() instead + * of SSL_renegotiate(). + */ if (!SSL_IS_TLS13(s)) { SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_WRONG_SSL_VERSION); return 0; @@ -1737,9 +1742,7 @@ int SSL_key_update(SSL *s, SSL_KEY_UPDATE updatetype) } ossl_statem_set_in_init(s, 1); - s->key_update = updatetype; - return 1; } diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 31afe10f10..cd948bd567 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -996,10 +996,8 @@ struct ssl_st { EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ unsigned char write_iv[EVP_MAX_IV_LENGTH]; /* TLSv1.3 static write IV */ EVP_MD_CTX *write_hash; /* used for mac generation */ - /* Count of how many KeyUpdate messages we have received */ unsigned int key_update_count; - /* session info */ /* client cert? */ /* This is used to hold the server certificate used */ diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 5e194e886a..c871c00c0c 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -503,15 +503,13 @@ int tls_construct_key_update(SSL *s, WPACKET *pkt) } s->key_update = SSL_KEY_UPDATE_NONE; - return 1; + err: ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); return 0; } -#define MAX_KEY_UPDATE_MESSAGES 32 - MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt) { int al; diff --git a/ssl/statem/statem_locl.h b/ssl/statem/statem_locl.h index 6713dad2e2..595a803f30 100644 --- a/ssl/statem/statem_locl.h +++ b/ssl/statem/statem_locl.h @@ -28,6 +28,9 @@ /* Max should actually be 36 but we are generous */ #define FINISHED_MAX_LENGTH 64 +/* The maximum number of incoming KeyUpdate messages we will accept */ +#define MAX_KEY_UPDATE_MESSAGES 32 + /* Extension context codes */ /* This extension is only allowed in TLS */ #define EXT_TLS_ONLY 0x0001 |