diff options
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl_locl.h | 2 | ||||
-rw-r--r-- | ssl/statem/statem_lib.c | 7 | ||||
-rw-r--r-- | ssl/statem/statem_locl.h | 3 |
3 files changed, 0 insertions, 12 deletions
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 307131de93..6559012f30 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1170,8 +1170,6 @@ struct ssl_st { EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ unsigned char write_iv[EVP_MAX_IV_LENGTH]; /* TLSv1.3 static write IV */ EVP_MD_CTX *write_hash; /* used for mac generation */ - /* Count of how many KeyUpdate messages we have received */ - unsigned int key_update_count; /* session info */ /* client cert? */ /* This is used to hold the server certificate used */ diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 15d0148c66..7e32e75cb0 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -614,13 +614,6 @@ MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt) { unsigned int updatetype; - s->key_update_count++; - if (s->key_update_count > MAX_KEY_UPDATE_MESSAGES) { - SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_KEY_UPDATE, - SSL_R_TOO_MANY_KEY_UPDATES); - return MSG_PROCESS_ERROR; - } - /* * A KeyUpdate message signals a key change so the end of the message must * be on a record boundary. diff --git a/ssl/statem/statem_locl.h b/ssl/statem/statem_locl.h index 6b8cf37faa..f936c61bc8 100644 --- a/ssl/statem/statem_locl.h +++ b/ssl/statem/statem_locl.h @@ -29,9 +29,6 @@ /* Max should actually be 36 but we are generous */ #define FINISHED_MAX_LENGTH 64 -/* The maximum number of incoming KeyUpdate messages we will accept */ -#define MAX_KEY_UPDATE_MESSAGES 32 - /* Dummy message type */ #define SSL3_MT_DUMMY -1 |