diff options
author | Matt Caswell <matt@openssl.org> | 2017-02-24 09:34:32 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-03-02 17:44:15 +0000 |
commit | 329114f91f1a560bcf25ff2ebf5d608079e82272 (patch) | |
tree | e184773ba009049a010fca38c0401f4c20ab898b | |
parent | 2c604cb9af4a879ea43fd7fd84883a5e97ab0fe0 (diff) |
Remove some TLSv1.3 TODOs that are no longer relevant
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
-rw-r--r-- | ssl/ssl_lib.c | 10 | ||||
-rw-r--r-- | ssl/statem/statem_clnt.c | 5 | ||||
-rw-r--r-- | ssl/t1_enc.c | 8 |
3 files changed, 1 insertions, 22 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 49b43543bc..1267844b04 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1603,11 +1603,6 @@ int SSL_read_early(SSL *s, void *buf, size_t num, size_t *readbytes) return SSL_READ_EARLY_ERROR; } - /* - * TODO(TLS1.3): Somehow we need to check that we're not receiving too much - * data - */ - switch (s->early_data_state) { case SSL_EARLY_DATA_NONE: if (!SSL_in_before(s)) { @@ -1804,11 +1799,6 @@ int SSL_write_early(SSL *s, const void *buf, size_t num, size_t *written) return 0; } - /* - * TODO(TLS1.3): Somehow we need to check that we're not sending too much - * data - */ - switch (s->early_data_state) { case SSL_EARLY_DATA_NONE: if (!SSL_in_before(s)) { diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 4f4409300e..2df41ceb0a 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -124,11 +124,6 @@ static int ossl_statem_client13_read_transition(SSL *s, int mt) OSSL_STATEM *st = &s->statem; /* - * TODO(TLS1.3): This is still based on the TLSv1.2 state machine. Over time - * we will update this to look more like real TLSv1.3 - */ - - /* * Note: There is no case for TLS_ST_CW_CLNT_HELLO, because we haven't * yet negotiated TLSv1.3 at that point so that is handled by * ossl_statem_client_read_transition() diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 4158548568..2969b88c80 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -483,13 +483,7 @@ size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen, int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, size_t len, size_t *secret_size) { - /* - * TODO(TLS1.3): We haven't implemented TLS1.3 key derivation yet. For now - * we will just force no use of EMS (which adds complications around the - * handshake hash). This will need to be removed later - */ - if ((s->session->flags & SSL_SESS_FLAG_EXTMS) - && !SSL_IS_TLS13(s)) { + if (s->session->flags & SSL_SESS_FLAG_EXTMS) { unsigned char hash[EVP_MAX_MD_SIZE * 2]; size_t hashlen; /* |