Don't restrict the number of KeyUpdate messages we can process

    EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */

    unsigned char write_iv[EVP_MAX_IV_LENGTH]; /* TLSv1.3 static write IV */

    EVP_MD_CTX *write_hash;     /* used for mac generation */

    /* Count of how many KeyUpdate messages we have received */

    unsigned int key_update_count;

    /* session info */

    /* client cert? */

    /* This is used to hold the server certificate used */

{

    unsigned int updatetype;

    s->key_update_count++;

    if (s->key_update_count > MAX_KEY_UPDATE_MESSAGES) {

        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_KEY_UPDATE,

                 SSL_R_TOO_MANY_KEY_UPDATES);

        return MSG_PROCESS_ERROR;

    }

    /*

     * A KeyUpdate message signals a key change so the end of the message must

     * be on a record boundary.

/* Max should actually be 36 but we are generous */

#define FINISHED_MAX_LENGTH             64

/* The maximum number of incoming KeyUpdate messages we will accept */

#define MAX_KEY_UPDATE_MESSAGES     32

/* Dummy message type */

#define SSL3_MT_DUMMY   -1

    return testresult;

}

#define NUM_KEY_UPDATE_MESSAGES 40

/*

 * Test KeyUpdate.

 */

static int test_key_update(void)

{

    SSL_CTX *cctx = NULL, *sctx = NULL;

    SSL *clientssl = NULL, *serverssl = NULL;

    int testresult = 0, i, j;

    char buf[20];

    static char *mess = "A test message";

    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),

                                       TLS_client_method(),

                                       TLS1_3_VERSION,

                                       0,

                                       &sctx, &cctx, cert, privkey))

            || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,

                                             NULL, NULL))

            || !TEST_true(create_ssl_connection(serverssl, clientssl,

                                                SSL_ERROR_NONE)))

        goto end;

    for (j = 0; j < 2; j++) {

        /* Send lots of KeyUpdate messages */

        for (i = 0; i < NUM_KEY_UPDATE_MESSAGES; i++) {

            if (!TEST_true(SSL_key_update(clientssl,

                                          (j == 0)

                                          ? SSL_KEY_UPDATE_NOT_REQUESTED

                                          : SSL_KEY_UPDATE_REQUESTED))

                    || !TEST_true(SSL_do_handshake(clientssl)))

                goto end;

        }

        /* Check that sending and receiving app data is ok */

        if (!TEST_int_eq(SSL_write(clientssl, mess, strlen(mess)), strlen(mess))

                || !TEST_int_eq(SSL_read(serverssl, buf, sizeof(buf)),

                                         strlen(mess)))

            goto end;

    }

    testresult = 1;

 end:

    SSL_free(serverssl);

    SSL_free(clientssl);

    SSL_CTX_free(sctx);

    SSL_CTX_free(cctx);

    return testresult;

}

#endif /* OPENSSL_NO_TLS1_3 */

static int test_ssl_clear(int idx)

    ADD_ALL_TESTS(test_export_key_mat, 6);

#ifndef OPENSSL_NO_TLS1_3

    ADD_ALL_TESTS(test_export_key_mat_early, 3);

    ADD_TEST(test_key_update);

#endif

    ADD_ALL_TESTS(test_ssl_clear, 2);

    ADD_ALL_TESTS(test_max_fragment_len_ext, OSSL_NELEM(max_fragment_len_test));