Commit 5bf47933 authored Feb 09, 2017 by Matt Caswell

If we receive an "update_requested" KeyUpdate then respond with a KeyUpdate



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2609)

parent 8cdc8c51

ssl/statem/statem_clnt.c

+6 −0

Original line number	Diff line number	Diff line
		@@ -439,6 +439,12 @@ static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s)
		return WRITE_TRAN_CONTINUE;

		case TLS_ST_CR_KEY_UPDATE:
		if (s->key_update != SSL_KEY_UPDATE_NONE) {
		st->hand_state = TLS_ST_CW_KEY_UPDATE;
		return WRITE_TRAN_CONTINUE;
		}
		/* Fall through */

		case TLS_ST_CW_KEY_UPDATE:
		case TLS_ST_CR_SESSION_TICKET:
		case TLS_ST_CW_FINISHED:

ssl/statem/statem_lib.c

+8 −0

Original line number	Diff line number	Diff line
		@@ -525,6 +525,14 @@ MSG_PROCESS_RETURN tls_process_key_update(SSL s, PACKET pkt)
		return MSG_PROCESS_ERROR;
		}

		/*
		* If we get a request for us to update our sending keys too then, we need
		* to additionally send a KeyUpdate message. However that message should
		* not also request an update (otherwise we get into an infinite loop).
		*/
		if (updatetype == SSL_KEY_UPDATE_REQUESTED)
		s->key_update = SSL_KEY_UPDATE_NOT_REQUESTED;

		return MSG_PROCESS_FINISHED_READING;
		}

ssl/statem/statem_srvr.c

+6 −0

Original line number	Diff line number	Diff line
		@@ -470,6 +470,12 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s)
		return WRITE_TRAN_CONTINUE;

		case TLS_ST_SR_KEY_UPDATE:
		if (s->key_update != SSL_KEY_UPDATE_NONE) {
		st->hand_state = TLS_ST_SW_KEY_UPDATE;
		return WRITE_TRAN_CONTINUE;
		}
		/* Fall through */

		case TLS_ST_SW_KEY_UPDATE:
		case TLS_ST_SW_SESSION_TICKET:
		st->hand_state = TLS_ST_OK;