Don't restrict the number of KeyUpdate messages we can process
authorMatt Caswell <matt@openssl.org>
Thu, 21 Feb 2019 16:02:24 +0000 (16:02 +0000)
committerMatt Caswell <matt@openssl.org>
Fri, 22 Feb 2019 18:29:41 +0000 (18:29 +0000)
commit3409a5ff8a44ddaf043d83ed22e657ae871be289
treedfbc0fed648af8912495fcc8ee9cb0dbd388c39f
parenta4a0a1eb43cfccd128d085932a567e0482fbfe47
Don't restrict the number of KeyUpdate messages we can process

Prior to this commit we were keeping a count of how many KeyUpdates we
have processed and failing if we had had too many. This simplistic approach
is not sufficient for long running connections. Since many KeyUpdates
would not be a particular good DoS route anyway, the simplest solution is
to simply remove the key update count.

Fixes #8068

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/8299)
ssl/ssl_locl.h
ssl/statem/statem_lib.c
ssl/statem/statem_locl.h
test/sslapitest.c