cbuf_len = 0;
}
- if ((!c_ign_eof) && ((cbuf[0] == 'K' || cbuf[0] == 'k' )
- && cmdletters)) {
+ if (!c_ign_eof && (cbuf[0] == 'K' || cbuf[0] == 'k' )
+ && cmdletters) {
BIO_printf(bio_err, "KEYUPDATE\n");
SSL_key_update(con,
cbuf[0] == 'K' ? SSL_KEY_UPDATE_REQUESTED
int SSL_key_update(SSL *s, SSL_KEY_UPDATE updatetype)
{
+ /*
+ * TODO(TLS1.3): How will applications know whether TLSv1.3+ has been
+ * negotiated, and that it is appropriate to call SSL_key_update() instead
+ * of SSL_renegotiate().
+ */
if (!SSL_IS_TLS13(s)) {
SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_WRONG_SSL_VERSION);
return 0;
}
ossl_statem_set_in_init(s, 1);
-
s->key_update = updatetype;
-
return 1;
}
EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
unsigned char write_iv[EVP_MAX_IV_LENGTH]; /* TLSv1.3 static write IV */
EVP_MD_CTX *write_hash; /* used for mac generation */
-
/* Count of how many KeyUpdate messages we have received */
unsigned int key_update_count;
-
/* session info */
/* client cert? */
/* This is used to hold the server certificate used */
}
s->key_update = SSL_KEY_UPDATE_NONE;
-
return 1;
+
err:
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return 0;
}
-#define MAX_KEY_UPDATE_MESSAGES 32
-
MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt)
{
int al;
/* Max should actually be 36 but we are generous */
#define FINISHED_MAX_LENGTH 64
+/* The maximum number of incoming KeyUpdate messages we will accept */
+#define MAX_KEY_UPDATE_MESSAGES 32
+
/* Extension context codes */
/* This extension is only allowed in TLS */
#define EXT_TLS_ONLY 0x0001
projects / oweals / openssl.git / commitdiff