diff options
| -rw-r--r-- | ssl/ssl_lib.c | 10 | ||||
| -rw-r--r-- | ssl/statem/statem_clnt.c | 5 | ||||
| -rw-r--r-- | ssl/t1_enc.c | 8 |
3 files changed, 1 insertions, 22 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 49b43543bc..1267844b04 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1603,11 +1603,6 @@ int SSL_read_early(SSL *s, void *buf, size_t num, size_t *readbytes) return SSL_READ_EARLY_ERROR; } - /* - * TODO(TLS1.3): Somehow we need to check that we're not receiving too much - * data - */ - switch (s->early_data_state) { case SSL_EARLY_DATA_NONE: if (!SSL_in_before(s)) { @@ -1804,11 +1799,6 @@ int SSL_write_early(SSL *s, const void *buf, size_t num, size_t *written) return 0; } - /* - * TODO(TLS1.3): Somehow we need to check that we're not sending too much - * data - */ - switch (s->early_data_state) { case SSL_EARLY_DATA_NONE: if (!SSL_in_before(s)) { diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 4f4409300e..2df41ceb0a 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -124,11 +124,6 @@ static int ossl_statem_client13_read_transition(SSL *s, int mt) OSSL_STATEM *st = &s->statem; /* - * TODO(TLS1.3): This is still based on the TLSv1.2 state machine. Over time - * we will update this to look more like real TLSv1.3 - */ - - /* * Note: There is no case for TLS_ST_CW_CLNT_HELLO, because we haven't * yet negotiated TLSv1.3 at that point so that is handled by * ossl_statem_client_read_transition() diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 4158548568..2969b88c80 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -483,13 +483,7 @@ size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen, int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, size_t len, size_t *secret_size) { - /* - * TODO(TLS1.3): We haven't implemented TLS1.3 key derivation yet. For now - * we will just force no use of EMS (which adds complications around the - * handshake hash). This will need to be removed later - */ - if ((s->session->flags & SSL_SESS_FLAG_EXTMS) - && !SSL_IS_TLS13(s)) { + if (s->session->flags & SSL_SESS_FLAG_EXTMS) { unsigned char hash[EVP_MAX_MD_SIZE * 2]; size_t hashlen; /* |