Don't restrict the number of KeyUpdate messages we can process
authorMatt Caswell <matt@openssl.org>
Thu, 21 Feb 2019 16:02:24 +0000 (16:02 +0000)
committerMatt Caswell <matt@openssl.org>
Fri, 22 Feb 2019 18:30:05 +0000 (18:30 +0000)
commitf6d64b5142ab59be47c1f10512ce6d58fb399131
tree812995d8a3c161046387a6c4738db3de8779981e
parent4a81b8b6e8b908ff70d675c7173ad4923f3dc659
Don't restrict the number of KeyUpdate messages we can process

Prior to this commit we were keeping a count of how many KeyUpdates we
have processed and failing if we had had too many. This simplistic approach
is not sufficient for long running connections. Since many KeyUpdates
would not be a particular good DoS route anyway, the simplest solution is
to simply remove the key update count.

Fixes #8068

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/8299)

(cherry picked from commit 3409a5ff8a44ddaf043d83ed22e657ae871be289)
ssl/ssl_locl.h
ssl/statem/statem_lib.c
ssl/statem/statem_locl.h
test/sslapitest.c