diff options
author | Pauli <pauli@openssl.org> | 2021-05-31 14:27:48 +1000 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2021-06-02 16:30:15 +1000 |
commit | 407820c0e311efaafff7fdc8eafdff6e70f89eb2 (patch) | |
tree | 965081d1627a52f6c77863d41ddbf697a9f78b56 /ssl/statem | |
parent | fd009d763a931c4cd01f5181a2b0801d205f782a (diff) |
tls: remove TODOs
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
Diffstat (limited to 'ssl/statem')
-rw-r--r-- | ssl/statem/extensions.c | 2 | ||||
-rw-r--r-- | ssl/statem/extensions_clnt.c | 8 | ||||
-rw-r--r-- | ssl/statem/extensions_srvr.c | 9 | ||||
-rw-r--r-- | ssl/statem/statem_clnt.c | 9 | ||||
-rw-r--r-- | ssl/statem/statem_srvr.c | 2 |
5 files changed, 7 insertions, 23 deletions
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index d12e940704..f58111c95c 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -115,8 +115,6 @@ typedef struct extensions_definition_st { * messages the extension is relevant to. These flags also specify whether the * extension is relevant to a particular protocol or protocol version. * - * TODO(TLS1.3): Make sure we have a test to check the consistency of these - * * NOTE: WebSphere Application Server 7+ cannot handle empty extensions at * the end, keep these extensions before signature_algorithm. */ diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 545b2d034f..78cc226064 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -629,7 +629,7 @@ static int add_key_share(SSL *s, WPACKET *pkt, unsigned int curve_id) } /* - * TODO(TLS1.3): When changing to send more than one key_share we're + * When changing to send more than one key_share we're * going to need to be able to save more than one EVP_PKEY. For now * we reuse the existing tmp.pkey */ @@ -668,8 +668,8 @@ EXT_RETURN tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, tls1_get_supported_groups(s, &pgroups, &num_groups); /* - * TODO(TLS1.3): Make the number of key_shares sent configurable. For - * now, just send one + * Make the number of key_shares sent configurable. For + * now, we just send one */ if (s->s3.group_id != 0) { curve_id = s->s3.group_id; @@ -1387,7 +1387,6 @@ int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, unsigned int context, { if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST) { /* We ignore this if the server sends a CertificateRequest */ - /* TODO(TLS1.3): Add support for this */ return 1; } @@ -1429,7 +1428,6 @@ int tls_parse_stoc_sct(SSL *s, PACKET *pkt, unsigned int context, X509 *x, { if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST) { /* We ignore this if the server sends it in a CertificateRequest */ - /* TODO(TLS1.3): Add support for this */ return 1; } diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 51c3251635..e8e57cd5d9 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -155,10 +155,6 @@ int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context, * the initial handshake and the resumption. In TLSv1.3 SNI is not * associated with the session. */ - /* - * TODO(openssl-team): if the SNI doesn't match, we MUST - * fall back to a full handshake. - */ s->servername_done = (s->session->ext.hostname != NULL) && PACKET_equal(&hostname, s->session->ext.hostname, strlen(s->session->ext.hostname)); @@ -215,10 +211,6 @@ int tls_parse_ctos_srp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, return 0; } - /* - * TODO(openssl-team): currently, we re-authenticate the user - * upon resumption. Instead, we MUST ignore the login. - */ if (!PACKET_strndup(&srp_I, &s->srp_ctx.login)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; @@ -364,7 +356,6 @@ int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, unsigned int context, } id_data = PACKET_data(&responder_id); - /* TODO(size_t): Convert d2i_* to size_t */ id = d2i_OCSP_RESPID(NULL, &id_data, (int)PACKET_remaining(&responder_id)); if (id == NULL) { diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 88b34c6ad1..e8e9f94651 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -168,7 +168,8 @@ static int ossl_statem_client13_read_transition(SSL *s, int mt) } if (mt == SSL3_MT_CERTIFICATE_REQUEST) { #if DTLS_MAX_VERSION_INTERNAL != DTLS1_2_VERSION -# error TODO(DTLS1.3): Restore digest for PHA before adding message. + /* Restore digest for PHA before adding message.*/ +# error Internal DTLS version error #endif if (!SSL_IS_DTLS(s) && s->post_handshake_auth == SSL_PHA_EXT_SENT) { s->post_handshake_auth = SSL_PHA_REQUESTED; @@ -1985,7 +1986,6 @@ static int tls_process_ske_srp(SSL *s, PACKET *pkt, EVP_PKEY **pkey) return 0; } - /* TODO(size_t): Convert BN_bin2bn() calls */ if ((s->srp_ctx.N = BN_bin2bn(PACKET_data(&prime), (int)PACKET_remaining(&prime), NULL)) == NULL @@ -2035,7 +2035,6 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey) return 0; } - /* TODO(size_t): Convert these calls */ p = BN_bin2bn(PACKET_data(&prime), (int)PACKET_remaining(&prime), NULL); g = BN_bin2bn(PACKET_data(&generator), (int)PACKET_remaining(&generator), NULL); @@ -2573,7 +2572,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) goto err; } /* - * TODO(size_t): we use sess_len here because EVP_Digest expects an int + * We use sess_len here because EVP_Digest expects an int * but s->session->session_id_length is a size_t */ if (!EVP_Digest(s->session->ext.tick, ticklen, @@ -2853,7 +2852,6 @@ static int tls_construct_cke_rsa(SSL *s, WPACKET *pkt) pms[0] = s->client_version >> 8; pms[1] = s->client_version & 0xff; - /* TODO(size_t): Convert this function */ if (RAND_bytes_ex(s->ctx->libctx, pms + 2, pmslen - 2, 0) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); goto err; @@ -3059,7 +3057,6 @@ static int tls_construct_cke_gost(SSL *s, WPACKET *pkt) if (EVP_PKEY_encrypt_init(pkey_ctx) <= 0 /* Generate session key - * TODO(size_t): Convert this function */ || RAND_bytes_ex(s->ctx->libctx, pms, pmslen, 0) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index a954097a39..c1c0d455e1 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1765,7 +1765,7 @@ static int tls_early_post_process_client_hello(SSL *s) /* * We don't allow resumption in a backwards compatible ClientHello. - * TODO(openssl-team): in TLS1.1+, session_id MUST be empty. + * In TLS1.1+, session_id MUST be empty. * * Versions before 0.9.7 always allow clients to resume sessions in * renegotiation. 0.9.7 and later allow this by default, but optionally |