If we receive an "update_requested" KeyUpdate then respond with a KeyUpdate

author Matt Caswell <matt@openssl.org>

Thu, 9 Feb 2017 16:00:12 +0000 (16:00 +0000)

committer Matt Caswell <matt@openssl.org>

Fri, 17 Feb 2017 10:28:00 +0000 (10:28 +0000)
author Matt Caswell <matt@openssl.org>
Thu, 9 Feb 2017 16:00:12 +0000 (16:00 +0000)
committer Matt Caswell <matt@openssl.org>
Fri, 17 Feb 2017 10:28:00 +0000 (10:28 +0000)
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c

index ced331758d11d397195c3968b7bc8db578d0998e..909b2f095391f1f78534a37dcabc46f27bcea20c 100644 (file)
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -439,6 +439,12 @@ static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s)
          return WRITE_TRAN_CONTINUE;
  
      case TLS_ST_CR_KEY_UPDATE:
+        if (s->key_update != SSL_KEY_UPDATE_NONE) {
+            st->hand_state = TLS_ST_CW_KEY_UPDATE;
+            return WRITE_TRAN_CONTINUE;
+        }
+        /* Fall through */
+
      case TLS_ST_CW_KEY_UPDATE:
      case TLS_ST_CR_SESSION_TICKET:
      case TLS_ST_CW_FINISHED:
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c

index 6261804129f822c3c4bbb1d33f9eec0aac32335c..d65feba2e2be9105a295448b95723e80149632e6 100644 (file)
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -525,6 +525,14 @@ MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt)
          return MSG_PROCESS_ERROR;
      }
  
+    /*
+     * If we get a request for us to update our sending keys too then, we need
+     * to additionally send a KeyUpdate message. However that message should
+     * not also request an update (otherwise we get into an infinite loop).
+     */
+    if (updatetype == SSL_KEY_UPDATE_REQUESTED)
+        s->key_update = SSL_KEY_UPDATE_NOT_REQUESTED;
+
      return MSG_PROCESS_FINISHED_READING;
  }
  
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c

index 2a210010862e6a188a383c43c1d119d437ecd0f3..3007088b9bf6091d5c6534df29103acb36a771d4 100644 (file)
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -470,6 +470,12 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s)
          return WRITE_TRAN_CONTINUE;
  
      case TLS_ST_SR_KEY_UPDATE:
+        if (s->key_update != SSL_KEY_UPDATE_NONE) {
+            st->hand_state = TLS_ST_SW_KEY_UPDATE;
+            return WRITE_TRAN_CONTINUE;
+        }
+        /* Fall through */
+
      case TLS_ST_SW_KEY_UPDATE:
      case TLS_ST_SW_SESSION_TICKET:
          st->hand_state = TLS_ST_OK;
author	Matt Caswell <matt@openssl.org>
	Thu, 9 Feb 2017 16:00:12 +0000 (16:00 +0000)
committer	Matt Caswell <matt@openssl.org>
	Fri, 17 Feb 2017 10:28:00 +0000 (10:28 +0000)
ssl/statem/statem_clnt.c		patch \| blob \| history
ssl/statem/statem_lib.c		patch \| blob \| history
ssl/statem/statem_srvr.c		patch \| blob \| history