Add limit for consecutive KeyUpdate messages. Change-Id: I2e1ee319bb9852b9c686f2f297c470db54f72279 Reviewed-on: https://boringssl-review.googlesource.com/10370 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

commit: 32635b828fff10a92441db25ef2341768c22a103 [log] [tgz]
author: Steven Valdez <svaldez@google.com> Tue Aug 16 11:25:03 2016 -0400
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Thu Aug 18 23:43:12 2016 +0000
tree: 2406ce09f556d1797f15e00f8b91dd2ce89cf5b2
parent: dd634ebebd77e0822b26b4273c33e7a08f0b5e1e [diff] [blame]
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 246c017..ee0adee 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -4290,6 +4290,9 @@
    * received. */
   uint8_t warning_alert_count;
 
+  /* key_update_count is the number of consecutive KeyUpdates received. */
+  uint8_t key_update_count;
+
   /* aead_read_ctx is the current read cipher state. */
   SSL_AEAD_CTX *aead_read_ctx;
 
@@ -4807,6 +4810,7 @@
 #define SSL_R_DUPLICATE_EXTENSION 257
 #define SSL_R_MISSING_KEY_SHARE 258
 #define SSL_R_INVALID_ALPN_PROTOCOL 259
+#define SSL_R_TOO_MANY_KEY_UPDATES 260
 #define SSL_R_SSLV3_ALERT_CLOSE_NOTIFY 1000
 #define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
 #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
commit	32635b828fff10a92441db25ef2341768c22a103	[log] [tgz]
author	Steven Valdez <svaldez@google.com>	Tue Aug 16 11:25:03 2016 -0400
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	Thu Aug 18 23:43:12 2016 +0000
tree	2406ce09f556d1797f15e00f8b91dd2ce89cf5b2
parent	dd634ebebd77e0822b26b4273c33e7a08f0b5e1e [diff] [blame]