Actually update the keys when a KeyUpdate message is sent or received (57389a32) · Commits · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

include/openssl/ssl.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -2096,6 +2096,7 @@ int ERR_load_SSL_strings(void);
		# define SSL_F_DANE_CTX_ENABLE 347
		# define SSL_F_DANE_MTYPE_SET 393
		# define SSL_F_DANE_TLSA_ADD 394
		# define SSL_F_DERIVE_SECRET_KEY_AND_IV 514
		# define SSL_F_DO_DTLS1_WRITE 245
		# define SSL_F_DO_SSL3_WRITE 104
		# define SSL_F_DTLS1_BUFFER_RECORD 247

+1 −0

Original line number	Diff line number	Diff line
		@@ -28,6 +28,7 @@ static ERR_STRING_DATA SSL_str_functs[] = {
		{ERR_FUNC(SSL_F_DANE_CTX_ENABLE), "dane_ctx_enable"},
		{ERR_FUNC(SSL_F_DANE_MTYPE_SET), "dane_mtype_set"},
		{ERR_FUNC(SSL_F_DANE_TLSA_ADD), "dane_tlsa_add"},
		{ERR_FUNC(SSL_F_DERIVE_SECRET_KEY_AND_IV), "derive_secret_key_and_iv"},
		{ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "do_dtls1_write"},
		{ERR_FUNC(SSL_F_DO_SSL3_WRITE), "do_ssl3_write"},
		{ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "dtls1_buffer_record"},

+3 −0

Original line number	Diff line number	Diff line
		@@ -986,6 +986,8 @@ struct ssl_st {
		unsigned char client_finished_secret[EVP_MAX_MD_SIZE];
		unsigned char server_finished_secret[EVP_MAX_MD_SIZE];
		unsigned char server_finished_hash[EVP_MAX_MD_SIZE];
		unsigned char client_app_traffic_secret[EVP_MAX_MD_SIZE];
		unsigned char server_app_traffic_secret[EVP_MAX_MD_SIZE];
		EVP_CIPHER_CTX enc_read_ctx; / cryptographic state */
		unsigned char read_iv[EVP_MAX_IV_LENGTH]; /* TLSv1.3 static read IV */
		EVP_MD_CTX read_hash; / used for mac generation */
		@@ -2163,6 +2165,7 @@ __owur int tls13_setup_key_block(SSL *s);
		__owur size_t tls13_final_finish_mac(SSL s, const char str, size_t slen,
		unsigned char *p);
		__owur int tls13_change_cipher_state(SSL *s, int which);
		__owur int tls13_update_key(SSL *s, int write);
		__owur int tls13_hkdf_expand(SSL s, const EVP_MD md,
		const unsigned char *secret,
		const unsigned char *label, size_t labellen,

+3 −0

Original line number	Diff line number	Diff line
		@@ -735,6 +735,9 @@ WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst)
		case TLS_ST_CW_KEY_UPDATE:
		if (statem_flush(s) != 1)
		return WORK_MORE_A;

		if (!tls13_update_key(s, 1))
		return WORK_ERROR;
		break;
		}

+13 −3

Original line number	Diff line number	Diff line
		@@ -513,16 +513,16 @@ int tls_construct_key_update(SSL s, WPACKET pkt)

		MSG_PROCESS_RETURN tls_process_key_update(SSL s, PACKET pkt)
		{
		int al;
		unsigned int updatetype;

		if (!PACKET_get_1(pkt, &updatetype)
		\|\| PACKET_remaining(pkt) != 0
		\|\| (updatetype != SSL_KEY_UPDATE_NOT_REQUESTED
		&& updatetype != SSL_KEY_UPDATE_REQUESTED)) {
		ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
		al = SSL_AD_DECODE_ERROR;
		SSLerr(SSL_F_TLS_PROCESS_KEY_UPDATE, SSL_R_BAD_KEY_UPDATE);
		ossl_statem_set_error(s);
		return MSG_PROCESS_ERROR;
		goto err;
		}

		/*
		@@ -533,7 +533,17 @@ MSG_PROCESS_RETURN tls_process_key_update(SSL s, PACKET pkt)
		if (updatetype == SSL_KEY_UPDATE_REQUESTED)
		s->key_update = SSL_KEY_UPDATE_NOT_REQUESTED;

		if (!tls13_update_key(s, 0)) {
		al = SSL_AD_INTERNAL_ERROR;
		SSLerr(SSL_F_TLS_PROCESS_KEY_UPDATE, ERR_R_INTERNAL_ERROR);
		goto err;
		}

		return MSG_PROCESS_FINISHED_READING;
		err:
		ssl3_send_alert(s, SSL3_AL_FATAL, al);
		ossl_statem_set_error(s);
		return MSG_PROCESS_ERROR;
		}

		#ifndef OPENSSL_NO_NEXTPROTONEG