From: Matt Caswell Date: Fri, 24 Feb 2017 09:34:32 +0000 (+0000) Subject: Remove some TLSv1.3 TODOs that are no longer relevant X-Git-Tag: OpenSSL_1_1_1-pre1~2153 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=329114f91f1a560bcf25ff2ebf5d608079e82272;p=oweals%2Fopenssl.git Remove some TLSv1.3 TODOs that are no longer relevant Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2737) --- diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 49b43543bc..1267844b04 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1603,11 +1603,6 @@ int SSL_read_early(SSL *s, void *buf, size_t num, size_t *readbytes) return SSL_READ_EARLY_ERROR; } - /* - * TODO(TLS1.3): Somehow we need to check that we're not receiving too much - * data - */ - switch (s->early_data_state) { case SSL_EARLY_DATA_NONE: if (!SSL_in_before(s)) { @@ -1804,11 +1799,6 @@ int SSL_write_early(SSL *s, const void *buf, size_t num, size_t *written) return 0; } - /* - * TODO(TLS1.3): Somehow we need to check that we're not sending too much - * data - */ - switch (s->early_data_state) { case SSL_EARLY_DATA_NONE: if (!SSL_in_before(s)) { diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 4f4409300e..2df41ceb0a 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -123,11 +123,6 @@ static int ossl_statem_client13_read_transition(SSL *s, int mt) { OSSL_STATEM *st = &s->statem; - /* - * TODO(TLS1.3): This is still based on the TLSv1.2 state machine. Over time - * we will update this to look more like real TLSv1.3 - */ - /* * Note: There is no case for TLS_ST_CW_CLNT_HELLO, because we haven't * yet negotiated TLSv1.3 at that point so that is handled by diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 4158548568..2969b88c80 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -483,13 +483,7 @@ size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen, int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, size_t len, size_t *secret_size) { - /* - * TODO(TLS1.3): We haven't implemented TLS1.3 key derivation yet. For now - * we will just force no use of EMS (which adds complications around the - * handshake hash). This will need to be removed later - */ - if ((s->session->flags & SSL_SESS_FLAG_EXTMS) - && !SSL_IS_TLS13(s)) { + if (s->session->flags & SSL_SESS_FLAG_EXTMS) { unsigned char hash[EVP_MAX_MD_SIZE * 2]; size_t hashlen; /*