Commit e1c3de44 authored by Matt Caswell's avatar Matt Caswell
Browse files

Add the ability for a client to receive a KeyUpdate message 



This just receives the message. It doesn't actually update any keys yet.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2609)
parent 7d8c2dfa

include/openssl/ssl.h

+5 −1
Original line number Diff line number Diff line
@@ -892,7 +892,9 @@ typedef enum { 
    TLS_ST_SW_HELLO_RETRY_REQUEST,

    TLS_ST_CR_HELLO_RETRY_REQUEST,

    TLS_ST_SW_KEY_UPDATE,

    TLS_ST_CW_KEY_UPDATE

    TLS_ST_CW_KEY_UPDATE,

    TLS_ST_SR_KEY_UPDATE,

    TLS_ST_CR_KEY_UPDATE

} OSSL_HANDSHAKE_STATE;



/*
@@ -2375,6 +2377,7 @@ int ERR_load_SSL_strings(void); 
# define SSL_F_TLS_PROCESS_HELLO_RETRY_REQUEST            511

# define SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT          442

# define SSL_F_TLS_PROCESS_KEY_EXCHANGE                   365

# define SSL_F_TLS_PROCESS_KEY_UPDATE                     513

# define SSL_F_TLS_PROCESS_NEW_SESSION_TICKET             366

# define SSL_F_TLS_PROCESS_NEXT_PROTO                     383

# define SSL_F_TLS_PROCESS_SERVER_CERTIFICATE             367
@@ -2406,6 +2409,7 @@ int ERR_load_SSL_strings(void); 
# define SSL_R_BAD_HANDSHAKE_LENGTH                       332

# define SSL_R_BAD_HELLO_REQUEST                          105

# define SSL_R_BAD_KEY_SHARE                              108

# define SSL_R_BAD_KEY_UPDATE                             122

# define SSL_R_BAD_LENGTH                                 271

# define SSL_R_BAD_PACKET_LENGTH                          115

# define SSL_R_BAD_PROTOCOL_VERSION_NUMBER                116

ssl/ssl_err.c

+2 −0
Original line number Diff line number Diff line
@@ -422,6 +422,7 @@ static ERR_STRING_DATA SSL_str_functs[] = { 
    {ERR_FUNC(SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT),

     "tls_process_initial_server_flight"},

    {ERR_FUNC(SSL_F_TLS_PROCESS_KEY_EXCHANGE), "tls_process_key_exchange"},

    {ERR_FUNC(SSL_F_TLS_PROCESS_KEY_UPDATE), "tls_process_key_update"},

    {ERR_FUNC(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET),

     "tls_process_new_session_ticket"},

    {ERR_FUNC(SSL_F_TLS_PROCESS_NEXT_PROTO), "tls_process_next_proto"},
@@ -464,6 +465,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = { 
    {ERR_REASON(SSL_R_BAD_HANDSHAKE_LENGTH), "bad handshake length"},

    {ERR_REASON(SSL_R_BAD_HELLO_REQUEST), "bad hello request"},

    {ERR_REASON(SSL_R_BAD_KEY_SHARE), "bad key share"},

    {ERR_REASON(SSL_R_BAD_KEY_UPDATE), "bad key update"},

    {ERR_REASON(SSL_R_BAD_LENGTH), "bad length"},

    {ERR_REASON(SSL_R_BAD_PACKET_LENGTH), "bad packet length"},

    {ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER),

ssl/statem/statem_clnt.c

+11 −0
Original line number Diff line number Diff line
@@ -200,6 +200,10 @@ static int ossl_statem_client13_read_transition(SSL *s, int mt) 
            st->hand_state = TLS_ST_CR_SESSION_TICKET;

            return 1;

        }

        if (mt == SSL3_MT_KEY_UPDATE) {

            st->hand_state = TLS_ST_CR_KEY_UPDATE;

            return 1;

        }

        break;

    }
@@ -439,6 +443,7 @@ static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s) 
        st->hand_state = TLS_ST_CW_FINISHED;

        return WRITE_TRAN_CONTINUE;



    case TLS_ST_CR_KEY_UPDATE:

    case TLS_ST_CR_SESSION_TICKET:

    case TLS_ST_CW_FINISHED:

        st->hand_state = TLS_ST_OK;
@@ -843,6 +848,9 @@ size_t ossl_statem_client_max_message_size(SSL *s) 


    case TLS_ST_CR_ENCRYPTED_EXTENSIONS:

        return ENCRYPTED_EXTENSIONS_MAX_LENGTH;



    case TLS_ST_CR_KEY_UPDATE:

        return KEY_UPDATE_MAX_LENGTH;

    }

}
@@ -899,6 +907,9 @@ MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt) 


    case TLS_ST_CR_ENCRYPTED_EXTENSIONS:

        return tls_process_encrypted_extensions(s, pkt);



    case TLS_ST_CR_KEY_UPDATE:

        return tls_process_key_update(s, pkt);

    }

}

ssl/statem/statem_lib.c

+18 −0
Original line number Diff line number Diff line
@@ -508,6 +508,24 @@ int tls_construct_key_update(SSL *s, WPACKET *pkt) 
    return 0;

}





MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt)

{

    unsigned int updatetype;



    if (!PACKET_get_1(pkt, &updatetype)

            || PACKET_remaining(pkt) != 0

            || (updatetype != SSL_KEY_UPDATE_NOT_REQUESTED

                && updatetype != SSL_KEY_UPDATE_REQUESTED)) {

        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);

        SSLerr(SSL_F_TLS_PROCESS_KEY_UPDATE, SSL_R_BAD_KEY_UPDATE);

        ossl_statem_set_error(s);

        return MSG_PROCESS_ERROR;

    }



    return MSG_PROCESS_FINISHED_READING;

}



#ifndef OPENSSL_NO_NEXTPROTONEG

/*

 * ssl3_take_mac calculates the Finished MAC for the handshakes messages seen

ssl/statem/statem_locl.h

+2 −0
Original line number Diff line number Diff line
@@ -23,6 +23,7 @@ 
#define ENCRYPTED_EXTENSIONS_MAX_LENGTH 20000

#define SERVER_KEY_EXCH_MAX_LENGTH      102400

#define SERVER_HELLO_DONE_MAX_LENGTH    0

#define KEY_UPDATE_MAX_LENGTH           1

#define CCS_MAX_LENGTH                  1

/* Max should actually be 36 but we are generous */

#define FINISHED_MAX_LENGTH             64
@@ -112,6 +113,7 @@ __owur int dtls_construct_change_cipher_spec(SSL *s, WPACKET *pkt); 


__owur int tls_construct_finished(SSL *s, WPACKET *pkt);

__owur int tls_construct_key_update(SSL *s, WPACKET *pkt);

__owur MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt);

__owur WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs);

__owur WORK_STATE dtls_wait_for_dry(SSL *s);