diff options
author | Matt Caswell <matt@openssl.org> | 2017-02-13 11:55:38 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-02-17 10:28:00 +0000 |
commit | 82f992cbe0db628879aae4bf3ddd95cfcb1098a5 (patch) | |
tree | d2d18ff28dbe453e55ac3378e059cb53a1d7090c /include | |
parent | 57389a3261075cc1266218742434aa749cf3733e (diff) |
Limit the number of KeyUpdate messages we can process
Too many KeyUpdate message could be inicative of a problem (e.g. an
infinite KeyUpdate loop if the peer always responds to a KeyUpdate message
with an "update_requested" KeyUpdate response), or (conceivably) an attack.
Either way we limit the number of KeyUpdate messages we are prepared to
handle.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2609)
Diffstat (limited to 'include')
-rw-r--r-- | include/openssl/ssl.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 72f835460a..da5d1d09d2 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -2622,6 +2622,7 @@ int ERR_load_SSL_strings(void); # define SSL_R_TLS_HEARTBEAT_PENDING 366 # define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367 # define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 +# define SSL_R_TOO_MANY_KEY_UPDATES 132 # define SSL_R_TOO_MANY_WARN_ALERTS 409 # define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314 # define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 |