Add some extra comments following alert changes

author Matt Caswell <matt@openssl.org>

Thu, 11 May 2017 11:45:16 +0000 (12:45 +0100)

committer Matt Caswell <matt@openssl.org>

Thu, 11 May 2017 12:13:04 +0000 (13:13 +0100)
author Matt Caswell <matt@openssl.org>
Thu, 11 May 2017 11:45:16 +0000 (12:45 +0100)
committer Matt Caswell <matt@openssl.org>
Thu, 11 May 2017 12:13:04 +0000 (13:13 +0100)
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c

index aea52fd7fae9f31a096e7347d9c6da3138adbc44..bafc976cde405d9175739ee017d1a9fd4f99b01c 100644 (file)
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -644,6 +644,10 @@ int ssl3_get_record(SSL *s)
                                  &thisrr->data[end], 1, s, s->msg_callback_arg);
          }
  
+        /*
+         * TLSv1.3 alert and handshake records are required to be non-zero in
+         * length.
+         */
          if (SSL_IS_TLS13(s)
                  && (thisrr->type == SSL3_RT_HANDSHAKE
                      || thisrr->type == SSL3_RT_ALERT)
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c

index 34871114b9167d833f3505bd1017b61e9818390f..d37cbc399ed7dff80731f50ef06a37f74699f132 100644 (file)
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -589,6 +589,10 @@ MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt)
          goto err;
      }
  
+    /*
+     * There are only two defined key update types. Fail if we get a value we
+     * didn't recognise.
+     */
      if (updatetype != SSL_KEY_UPDATE_NOT_REQUESTED
              && updatetype != SSL_KEY_UPDATE_REQUESTED) {
          al = SSL_AD_ILLEGAL_PARAMETER;
author	Matt Caswell <matt@openssl.org>
	Thu, 11 May 2017 11:45:16 +0000 (12:45 +0100)
committer	Matt Caswell <matt@openssl.org>
	Thu, 11 May 2017 12:13:04 +0000 (13:13 +0100)
ssl/record/ssl3_record.c		patch \| blob \| history
ssl/statem/statem_lib.c		patch \| blob \| history