Add some extra comments following alert changes

Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3436)
2017-05-11 12:45:16 +01:00 · 2017-05-11 12:45:16 +01:00 · 9010b7bc6e
parent 26b9172a50
commit 9010b7bc6e
2 changed files with 8 additions and 0 deletions
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@ -644,6 +644,10 @@ int ssl3_get_record(SSL *s)
                                &thisrr->data[end], 1, s, s->msg_callback_arg);
        }

+        /*
+         * TLSv1.3 alert and handshake records are required to be non-zero in
+         * length.
+         */
        if (SSL_IS_TLS13(s)
                && (thisrr->type == SSL3_RT_HANDSHAKE
                    || thisrr->type == SSL3_RT_ALERT)
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@ -589,6 +589,10 @@ MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt)
        goto err;
    }

+    /*
+     * There are only two defined key update types. Fail if we get a value we
+     * didn't recognise.
+     */
    if (updatetype != SSL_KEY_UPDATE_NOT_REQUESTED
            && updatetype != SSL_KEY_UPDATE_REQUESTED) {
        al = SSL_AD_ILLEGAL_PARAMETER;